Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan issues.


  • This topic is locked This topic is locked
9 replies to this topic

#1 Bleed Through

Bleed Through

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 02 May 2009 - 07:03 PM

I've been having an issue with avast detecting these three trojans quite a bit Win32:Tiny-II [Trj], Win32:Falder [Trj], and Win32:Trojan-gen {Other}, right before the warning pop up a window pops up saying something has stopped working and needs to be closed, though it does not give a program name, it just comes up blank. I am running Vista 32 by the way if that helps, any advice would be helpful.

Attached File  attach.txt   13.63KB   9 downloads Here is a log.

Merged posts. ~ OB

Edited by Orange Blossom, 02 May 2009 - 08:00 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 03 May 2009 - 08:59 AM

Hi Bleed Through,

I'm m0le and I will be helping you with your log.

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker and then double click dds.scr to run the tool.

When done, DDS will open two logs:
  • DDS.txt
  • Attach.txt
Save both reports to your desktop first and then copy & paste them into your next reply.

Thanks. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Bleed Through

Bleed Through
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 03 May 2009 - 01:55 PM

I am copying and pasting these reports per your request. Also, as a sidenote, I re-enabled my router's firewall, I had it disabled for a short time. The issue hasn't come up again yet since re-enabling it earlier today.

DDS Report


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jeffrey at 14:49:12.30 on Sun 05/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1886 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Zune\Zune.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jeffrey\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6]
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CHotkey] zHotkey.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\02D73.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\06236.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\0AAE6.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\0E781.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\19E90.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\1AF11.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\1B04C.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\222F6.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\23D71.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\269E4.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\28C56.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\28ED7.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\30587.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\30F87.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\31814.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\32157.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\34E1A.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\3C768.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\46912.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\475A6.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\4C9EE.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\515C8.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\51DFA.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\5567A.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\57994.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\59805.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\604F7.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\6142E.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\63279.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\632BC.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\6754C.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\687A1.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\6CE76.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\6EC1F.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\6F407.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\722E6.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\757BE.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\8565B.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\86D46.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\8F7BD.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\931B9.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\93492.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\940A2.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\96506.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\9726A.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\986D6.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\9AE13.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\9F950.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\A0BD7.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\A0DD7.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\A1693.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\A7EEC.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\AF1C1.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\B1E12.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\B93CE.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\BBF0B.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\BBFF1.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\BCFFD.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\BDC9F.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\C0857.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\C15CF.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\C8C68.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\C8ECE.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\CC8B8.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\D3C44.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\D7110.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\D758A.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\D8D58.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\DB298.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\E16B9.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\E1938.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\E58D3.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\E6DF5.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\E7DA7.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\E85A5.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\ECE26.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\ED1C9.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\EE43F.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\EF791.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\F395C.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\F44CE.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\F5BD5.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\FA5EE.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\FA9D3.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\FAF8E.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\FD25E.exe.exe
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat025003 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat033901 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat033902 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat053105 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat053106 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat054001 AM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat070107 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat070108 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat100003 AM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat102223 AM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat104953 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat110348 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat110349 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat122527 AM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat125251 AM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat135918 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat144715 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat145812 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat193210 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat193211 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat233824 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat233928 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat235626 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat262525 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat262526 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat310632 AM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat410344 AM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat434441 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat434442 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat435843 AM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat485742 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat485743 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat533855 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat553556 AM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat561851 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat561852 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\mel.bat561854 PM.bat
StartupFolder: c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\jeffrey\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-7 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-7 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-7 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-3-15 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-4 24652]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2008-7-28 12288]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2008-5-26 33792]
R3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2009-1-26 95232]
S2 gupdate1c9c548e22671bd;Google Update Service (gupdate1c9c548e22671bd);c:\program files\google\update\GoogleUpdate.exe [2009-4-24 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-2-6 84832]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-05-02 19:16 <DIR> --d----- c:\program files\CCleaner
2009-05-02 19:02 <DIR> --d----- c:\program files\Microsoft
2009-05-02 18:52 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-02 18:36 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-05-02 18:36 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-05-02 18:34 <DIR> --d----- c:\users\jeffrey\appdata\roaming\SUPERAntiSpyware.com
2009-05-02 18:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-02 11:48 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-01 19:24 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-05-01 19:24 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-01 19:24 <DIR> --d----- c:\program files\iPod
2009-05-01 19:24 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 19:24 <DIR> --d----- c:\program files\iTunes
2009-05-01 19:24 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 19:23 <DIR> --d----- c:\program files\Bonjour
2009-04-29 23:43 <DIR> -cd-h--- c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-04-29 23:43 <DIR> -cd-h--- c:\progra~2\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-04-28 00:25 118,784 ---sh--- c:\users\jeffrey\appdata\roaming\pic88.exe
2009-04-28 00:25 118,784 ---sh--- c:\users\jeffrey\appdata\roaming\pic08.exe
2009-04-28 00:24 106,496 ---sh--- c:\users\jeffrey\appdata\roaming\pic16.exe
2009-04-17 18:50 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-17 18:50 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-17 18:50 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-17 18:50 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-17 18:50 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-17 18:50 11,264 a------- c:\windows\system32\icardres.dll
2009-04-17 18:50 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-17 18:49 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-17 18:44 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-17 18:44 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-17 18:44 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-17 18:44 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-17 18:44 83,968 a------- c:\windows\system32\mscories.dll
2009-04-13 23:09 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-04-13 23:09 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-04-13 23:09 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-04-13 23:09 <DIR> --d----- c:\users\jeffrey\appdata\roaming\DAEMON Tools Lite
2009-04-13 23:04 <DIR> --d----- c:\programdata\DAEMON Tools Pro
2009-04-13 23:04 <DIR> --d----- c:\progra~2\DAEMON Tools Pro
2009-04-13 23:04 <DIR> --d----- c:\program files\DAEMON Tools Pro
2009-04-13 16:59 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-04-13 16:58 <DIR> --d----- c:\users\jeffrey\appdata\roaming\DAEMON Tools Pro
2009-04-12 01:59 943,400 a------- c:\users\jeffrey\guitar_tuner.zip

==================== Find3M ====================

2009-05-01 19:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-01 19:20 86,016 a------- c:\windows\inf\infstor.dat
2009-05-01 19:20 51,200 a------- c:\windows\inf\infpub.dat
2009-03-27 08:14 453,152 a------- c:\windows\system32\nvuninst.exe
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-08 07:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 07:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 07:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 07:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 07:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 07:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 07:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 07:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 07:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 07:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 07:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 07:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 07:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 07:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 07:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
2009-02-13 04:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 04:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-09 21:20 286,720 a------- c:\windows\iun506.exe
2009-02-08 23:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-08 04:36 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-02-08 04:36 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-01-31 01:47 56 a---h--- c:\programdata\ezsidmv.dat
2009-01-31 01:47 56 a---h--- c:\progra~2\ezsidmv.dat
2008-12-26 01:25 232,075 a------- c:\users\jeffrey\500m33_4.zip
2008-12-20 17:16 318,669 a------- c:\users\jeffrey\ChaoticViperV1.zip
2008-12-13 22:49 7,730,747 a------- c:\users\jeffrey\mariopaintcomposerpc.zip
2008-10-10 21:42 585,933 a------- c:\users\jeffrey\cpuz_147.zip
2008-10-06 03:11 22,328 a------- c:\users\jeffrey\appdata\roaming\PnkBstrK.sys
2008-08-17 05:30 1,012,854 a------- c:\users\jeffrey\CrysisBenchmarkTool1.05.zip
2008-06-10 18:14 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-04 04:37 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-28 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-12-28 14:24 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-12-28 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 14:49:28.74 ===============


Attach Report


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/23/2007 6:55:52 PM
System Uptime: 5/3/2009 3:31:00 AM (11 hours ago)

Motherboard: ECS | | MCP61PM-GM
Processor: AMD Phenom™ 9500 Quad-Core Processor | Socket AM2 | 2200/235mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 455 GiB total, 167.693 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 4.487 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP569: 4/11/2009 2:52:04 PM - Scheduled Checkpoint
RP570: 4/12/2009 1:48:53 PM - Scheduled Checkpoint
RP572: 4/13/2009 4:58:40 PM - SPTD setup V1.58
RP573: 4/15/2009 6:38:42 PM - Windows Update
RP574: 4/17/2009 6:01:40 PM - Scheduled Checkpoint
RP575: 4/17/2009 6:42:56 PM - Windows Update
RP576: 4/20/2009 3:09:42 PM - Windows Update
RP577: 4/20/2009 6:20:53 PM - Device Driver Package Install: NVIDIA Display adapters
RP578: 4/22/2009 11:32:26 PM - Scheduled Checkpoint
RP579: 4/23/2009 4:00:23 PM - Windows Update
RP580: 4/25/2009 4:37:47 AM - Scheduled Checkpoint
RP581: 4/26/2009 3:00:31 AM - Scheduled Checkpoint
RP582: 4/27/2009 6:27:02 PM - Windows Update
RP583: 4/28/2009 12:14:18 AM - Restore Operation
RP584: 4/28/2009 6:30:46 PM - Scheduled Checkpoint
RP585: 4/29/2009 1:12:20 AM - Windows Update
RP586: 4/29/2009 5:15:49 PM - Scheduled Checkpoint
RP587: 5/1/2009 1:17:40 AM - Scheduled Checkpoint
RP588: 5/1/2009 5:54:03 AM - Windows Update
RP589: 5/1/2009 7:19:11 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP590: 5/1/2009 7:23:53 PM - Installed iTunes
RP591: 5/2/2009 6:34:08 PM - Installed SUPERAntiSpyware Free Edition
RP592: 5/2/2009 6:51:58 PM - Windows Update
RP593: 5/3/2009 12:24:56 AM - Windows Update

==== Installed Programs ======================

µTorrent
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AIM 6
AMD CPUInfo
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AvaCam v2.3.3
avast! Antivirus
Azureus Vuze
BioShock
Bonjour
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Crysis ModSDK
Crysis WARHEAD®
Crysis Wars®
Crysis Wars® Patch
Crysis®
Crysis® Tournament Map Pack
Curse Client
CustomerResearchQFolder
D1400
D1400_Help
Day of Defeat: Source
Dedicated Server
DeviceDiscovery
DeviceManagementQFolder
Digital Media Reader
DivX Converter
DivX Player
DivX Web Player
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Doom 3
EA Download Manager
eSupportQFolder
EVEREST Ultimate Edition v4.50
Fable - The Lost Chapters
FMOD Designer
Framebuffer Crysis WARHEAD Benchmark Tool
Free Mp3/Wma/Ogg Converter 4.0.1
GameShadow
GameSpy Arcade
GameSpy Comrade
Gateway Games
Gateway Recovery Center Installer
Google Earth Plugin
Google Update Helper
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life: Blue Shift
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
ImgBurn
Insurgency
iTunes
Java Media Framework 2.1.1e
Java™ SE Runtime Environment 6 Update 1
LabelPrint
Left 4 Dead
Left 4 Dead Dedicated Server
LimeWire 4.18.5
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Halo
Microsoft Halo Custom Edition
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Motorola Driver Installation 3.5.0
Mozilla Firefox (3.0.5)
Mp3 File Editor 5.11 (standard)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muveeNow 2.1
MySpaceIM
NVIDIA Drivers
NVIDIA nTune
NVIDIA PhysX
NVIDIA PhysX Unreal Tournament 3 Mods
OpenAL
Opposing Force
PanoStandAlone
Portal
Power2Go 5.0
PS2 Multimedia Keyboard Driver
PSSWCORE
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3 Platinum
Sierra Utilities
Skype™ 3.8
Soft Data Fax Modem with SmartCP
SolutionCenter
Source Dedicated Server
Source SDK
Source SDK Base
Source SDK Base - Orange Box
Spare Backup
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
Steam
SUPERAntiSpyware Free Edition
System Requirements Lab
Team Fortress 2
Tomb Raider: Anniversary 1.0
Toolbox
Total Uninstall 5.0.2
TrayApp
Ultimate Doom
UnloadSupport
Unreal Tournament 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VDOTool 5.9
Veo Connect
VideoToolkit01
Viewpoint Media Player
WebReg
Winamp
Winamp Remote
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
WinMount V3.0.0 RC2
WinRAR archiver
WinZip 12.0
World of Warcraft
Xilisoft DVD to WMV Converter
Yahoo! Messenger
Zombie Panic! Source
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

5/2/2009 7:03:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Office Live Add-in.
5/2/2009 7:03:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: PowerPoint® Viewer 2007 Service Pack 2 (SP2).
5/2/2009 7:03:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Microsoft® Office Compatibility Pack Service Pack 2 (SP2).
5/2/2009 6:52:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Live Essentials.
5/1/2009 8:34:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jeffrey-PC\Jeffrey SID (S-1-5-21-3010283643-4083402107-944152190-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/1/2009 7:13:15 PM, Error: EventLog [6008] - The previous system shutdown at 7:12:00 PM on 5/1/2009 was unexpected.
4/29/2009 1:13:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/29/2009 1:13:34 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/29/2009 1:13:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/28/2009 12:30:08 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/28/2009 12:26:12 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.57.181.0 Loading engine version: 1.1.4502.0
4/27/2009 7:18:17 PM, Error: EventLog [6008] - The previous system shutdown at 7:15:16 PM on 4/27/2009 was unexpected.
4/26/2009 1:06:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool

==== End Of File ===========================

Edited by Bleed Through, 03 May 2009 - 01:59 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 05 May 2009 - 01:08 PM

Hi Bleed Through,

Firstly,

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent and Limewire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Next,

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Finally

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 Bleed Through

Bleed Through
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 06 May 2009 - 01:19 AM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-05 21:28:43
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

INT 0x51 ? 861FFBF8
INT 0x52 ? 87D55F00
INT 0x62 ? 87D55F00
INT 0x82 ? 861FEBF8
INT 0x92 ? 861FFBF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spkp.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 831F146F 5 Bytes JMP 87D554E0
.text aaaw69ad.SYS 8F2BA000 22 Bytes [26, 12, 41, 82, 10, 11, 41, ...]
.text aaaw69ad.SYS 8F2BA017 126 Bytes [00, 32, A7, B1, 82, 3D, A5, ...]
.text aaaw69ad.SYS 8F2BA096 18 Bytes [49, 82, 44, 13, 49, 82, 9C, ...]
.text aaaw69ad.SYS 8F2BA0A9 35 Bytes [00, 49, 82, A0, F7, 48, 82, ...]
.text aaaw69ad.SYS 8F2BA0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A106D6] \SystemRoot\System32\Drivers\spkp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A10042] \SystemRoot\System32\Drivers\spkp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A10800] \SystemRoot\System32\Drivers\spkp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A100C0] \SystemRoot\System32\Drivers\spkp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A1013E] \SystemRoot\System32\Drivers\spkp.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82A1FE9C] \SystemRoot\System32\Drivers\spkp.sys
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\aaaw69ad.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74C87BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74CC98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74C8D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74C7F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74C87599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74C7E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74CBB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74C8D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74C8012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74C80095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74C771F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74D0D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74CA75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74C7DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74C7668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74C766BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74C81E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[640] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[640] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[4828] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [0275E070] c:\program files\aim6\services\imApp\ver6_8_15_1\imAppService.dll (imAppService EE Application Service/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[6832] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[8088] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 862061F8
Device \FileSystem\udfs \UdfsCdRom 899B21F8
Device \FileSystem\udfs \UdfsDisk 899B21F8
Device \Driver\volmgr \Device\VolMgrControl 862011F8
Device \Driver\usbohci \Device\USBPDO-0 87D0C1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{193FD7B8-6ED3-43A3-9D42-499D673FB086} 88F791F8
Device \Driver\usbehci \Device\USBPDO-1 87D131F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\PCI_PNP0502 \Device\00000057 spkp.sys
Device \Driver\USBSTOR \Device\00000070 891091F8
Device \Driver\nvstor32 \Device\00000063 862051F8
Device \Driver\volmgr \Device\HarddiskVolume1 862011F8
Device \Driver\USBSTOR \Device\00000071 891091F8
Device \Driver\volmgr \Device\HarddiskVolume2 862011F8
Device \Driver\cdrom \Device\CdRom0 880A31F8
Device \Driver\volmgr \Device\HarddiskVolume3 862011F8
Device \Driver\cdrom \Device\CdRom1 880A31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 862031F8
Device \Driver\atapi \Device\Ide\IdePort0 862031F8
Device \Driver\atapi \Device\Ide\IdePort1 862031F8
Device \Driver\volmgr \Device\HarddiskVolume4 862011F8
Device \Driver\volmgr \Device\HarddiskVolume5 862011F8
Device \Driver\volmgr \Device\HarddiskVolume6 862011F8
Device \Driver\netbt \Device\NetBt_Wins_Export 88F791F8
Device \Driver\Smb \Device\NetbiosSmb 88F3F1F8
Device \Driver\nvstor32 \Device\RaidPort0 862051F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\nvstor32 \Device\RaidPort1 862051F8
Device \Driver\iScsiPrt \Device\RaidPort2 87E751F8
Device \Driver\usbohci \Device\USBFDO-0 87D0C1F8
Device \Driver\usbehci \Device\USBFDO-1 87D131F8
Device \Driver\USBSTOR \Device\0000006d 891091F8
Device \Driver\USBSTOR \Device\0000006e 891091F8
Device \Driver\USBSTOR \Device\0000006f 891091F8
Device \Driver\sptd \Device\167426508 spkp.sys
Device \Driver\aaaw69ad \Device\Scsi\aaaw69ad1Port5Path0Target0Lun0 87E771F8
Device \Driver\aaaw69ad \Device\Scsi\aaaw69ad1 87E771F8
Device \FileSystem\cdfs \Cdfs 87D39500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC2 0x6B 0x76 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0x30 0x01 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBC 0x9D 0xAB 0xAE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC2 0x6B 0x76 0x8C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0x30 0x01 0xF0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBC 0x9D 0xAB 0xAE ...

---- EOF - GMER 1.0.15 ----


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, May 6, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 06, 2009 03:25:17
Records in database: 2135816
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 240114
Threat name: 4
Infected objects: 90
Suspicious objects: 0
Duration of the scan: 04:03:46


File name / Threat name / Threats count
C:\Program Files\Alwil Software\Avast4\DATA\moved\pifccpdnab[1].htm Infected: Trojan.Win32.Agent2.hoc 1
C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FD58JPI\ouqenbopzz[1].txt Infected: Trojan-Downloader.Win32.Murlo.aoe 1
C:\Users\Jeffrey\AppData\Local\Temp\khfgHYoo.dll Infected: Trojan.Win32.Monderb.apnx 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\02D73.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\06236.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0AAE6.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0E781.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\19E90.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1AF11.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1B04C.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\222F6.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23D71.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\269E4.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\28C56.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\28ED7.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\30587.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\30F87.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\31814.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\32157.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\34E1A.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3C768.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\46912.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\475A6.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4C9EE.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\515C8.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\51DFA.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5567A.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\57994.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\59805.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\604F7.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6142E.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\63279.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\632BC.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6754C.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\687A1.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6CE76.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6EC1F.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6F407.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\722E6.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\757BE.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8565B.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\86D46.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8F7BD.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\931B9.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\93492.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\940A2.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96506.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9726A.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\986D6.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9AE13.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9F950.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A0BD7.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A0DD7.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A1693.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A7EEC.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AF1C1.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B1E12.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B93CE.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBF0B.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBFF1.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BCFFD.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BDC9F.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C0857.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C15CF.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C8C68.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C8ECE.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CC8B8.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\D3C44.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\D7110.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\D758A.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\D8D58.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DB298.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E16B9.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E1938.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E58D3.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E6DF5.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E7DA7.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E85A5.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ECE26.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ED1C9.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EE43F.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EF791.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F395C.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F44CE.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F5BD5.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FA5EE.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FA9D3.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAF8E.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FD25E.exe.exe Infected: Trojan.Win32.VB.nen 1
C:\Windows\pss\11DD8.exe.exe.Startup Infected: Trojan.Win32.VB.nen 1

The selected area was scanned.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 06 May 2009 - 01:18 PM

Okay, Bleed Through. The scan has come up with quite a lot of infected files.

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.

C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\02D73.exe.exe
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\06236.exe.exe
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0AAE6.exe.exe
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0E781.exe.exe
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\19E90.exe.exe
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1AF11.exe.exe



Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to samples.

Click Here to upload the files please.

Now...

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#7 Bleed Through

Bleed Through
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 06 May 2009 - 05:38 PM

Submitted the file, and here is the log.

Malwarebytes' Anti-Malware 1.36
Database version: 2085
Windows 6.0.6001 Service Pack 1

5/6/2009 6:37:56 PM
mbam-log-2009-05-06 (18-37-56).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 318877
Time elapsed: 1 hour(s), 35 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 127

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{0d3fa94b-7570-4ffe-9ec7-7dd7e0cdc29d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2a925a79-7dec-45c7-966f-e359ee9c0284} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5b6d42aa-adb4-4dd7-ab97-83fc64643e90} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76f30661-76c7-48cd-b18e-64f388ae030b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Alwil Software\Avast4\DATA\moved\pifccpdnab[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FD58JPI\ouqenbopzz[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
C:\Windows\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025003 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033901 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033902 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat053105 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat053106 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat054001 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat070107 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat070108 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat100003 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102223 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat104953 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat110348 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat110349 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat122527 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125251 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat135918 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat144715 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat145812 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat193210 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat193211 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat233824 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat233928 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat235626 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262525 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262526 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat310632 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat410344 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat434441 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat434442 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat435843 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat485742 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat485743 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533855 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat553556 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat561851 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat561852 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat561854 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\02D73.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\06236.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0AAE6.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0E781.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\19E90.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1AF11.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1B04C.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\222F6.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23D71.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\269E4.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\28C56.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\28ED7.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\30587.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\30F87.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\31814.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\32157.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\34E1A.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3C768.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\46912.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\475A6.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4C9EE.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\515C8.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\51DFA.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5567A.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\57994.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\59805.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\604F7.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6142E.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\63279.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\632BC.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6754C.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\687A1.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6CE76.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6EC1F.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6F407.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\722E6.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\757BE.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8565B.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\86D46.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8F7BD.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\931B9.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\93492.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\940A2.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96506.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9726A.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\986D6.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9AE13.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9F950.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A0BD7.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A0DD7.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A1693.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A7EEC.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AF1C1.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B1E12.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B93CE.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBF0B.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBFF1.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BCFFD.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BDC9F.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C0857.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C15CF.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C8C68.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C8ECE.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CC8B8.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\D3C44.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\D7110.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\D758A.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\D8D58.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DB298.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E16B9.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E1938.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E58D3.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E6DF5.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E7DA7.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E85A5.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ECE26.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ED1C9.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EE43F.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EF791.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F395C.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F44CE.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F5BD5.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FA5EE.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FA9D3.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAF8E.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FD25E.exe.exe (Trojan.Agent.M1) -> Quarantined and deleted successfully.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 09 May 2009 - 04:58 AM

Hi Bleed Through,

MBAM has done a great job. We need to run DrWeb Cureit to clean up.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 11 May 2009 - 09:50 AM

Hi Bleed Through,

I have not had a reply from you for 2 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:53 PM

Posted 13 May 2009 - 12:35 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users