Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Help HAVE SRE LOG - No anitvirus/Spyware wil Run


  • This topic is locked This topic is locked
2 replies to this topic

#1 cyerg

cyerg

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 04 September 2009 - 07:55 PM

I have the same issue as this thread.
http://www.bleepingcomputer.com/forums/t/255068/your-system-is-infected-desktop-and-fake-antiviruses/

Anitvirus 2010 popups all over. Have to run is safe mode. Also see note of chin09.exe infection
Nothing will run..meaning antivirus or loggers. I did get this logged from SRE:

2009-09-04,21:38:16

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<DAEMON Tools Lite><"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun>  [(Verified)DAEMON Tools Code Signing Services]
	<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe">  [(Verified)Nero AG]
	<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Component Publisher]
	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
	<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
	<Google Update><"C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c>  [(Verified)Google Inc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
	<Ad-Aware><C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe>  [(Verified)Lavasoft AB]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<vmware-tray><E:\Program Files\VMware\VMware Workstation\vmware-tray.exe>  [(Verified)"VMware, Inc."]
	<VMware hqtray><"E:\Program Files\VMware\VMware Workstation\hqtray.exe">  [(Verified)"VMware, Inc."]
	<fwenc.exe><"C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe">  [Check Point]
	<TLogonPath><"C:\Program Files\Timbuktu Pro\\minitb2.exe">  [Netopia, Inc.]
	<IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Persistence><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<C:\WINDOWS\system32\WLTRAY.exe>  [Dell Inc.]
	<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
	<SigmatelSysTrayApp><%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NeroFilterCheck><C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe>  [(Verified)Nero AG]
	<NBKeyScan><"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe">  [(Verified)Nero AG]
	<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)ALWIL Software]
	<hpqSRMon><C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe>  [Hewlett-Packard]
	<AntiLogger><"C:\Program Files\AntiLogger\AntiLogger.exe" /minimized>  [(Verified)Zemana Information Technologies Industry Limited]
	<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
	<iTunesHelper><"E:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<winupdate.exe><C:\WINDOWS\system32\winupdate.exe>  []
	<MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Component Publisher]
	<sovowivefo><Rundll32.exe "C:\WINDOWS\system32\jibugana.dll",s>  []
	<fotadoyog><Rundll32.exe "c:\windows\system32\zatolifa.dll",a>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><C:\WINDOWS\system32\bolizabi.dll c:\windows\system32\zatolifa.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<GinaDLL><C:\WINDOWS\system32\BCMLogon.dll>  [Dell Inc.]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
	<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
	<dawobidel><c:\windows\system32\zatolifa.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
	<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
	<WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Timbuktu Pro]
	<WinlogonNotify: Timbuktu Pro><C:\Program Files\Timbuktu Pro\Hook32.dll>  [Netopia, Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{eb9f614b-ea44-40d0-8829-542e4f254739}><C:\WINDOWS\system32\rkaxfza.dll>  [File is missing]
	<{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}><C:\WINDOWS\system32\tajf83ikdmf.dll>  []
	<{e17d2190-c160-4e28-a44b-53f70c0212b9}><c:\windows\system32\zatolifa.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
	<RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
	<SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<AdobeUpdater><; "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe">  [(Verified)Adobe Systems Incorporated]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Antivirus Pro 2010><; "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide>  [File is missing]
	<; C:\WINDOWS\system32\braviax.exe>  []
	<fotadoyog><; Rundll32.exe "c:\windows\system32\zatolifa.dll",a>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Monopod><; C:\DOCUME~1\owner\LOCALS~1\Temp\b.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<sovowivefo><; Rundll32.exe "C:\WINDOWS\system32\jibugana.dll",s>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<STYLEXP><; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<VirusHeat 4.3><; "C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe" /h>  [File is missing]

==================================
Startup Folders
[Adobe Gamma Loader.exe]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Microsoft Broadband Networking]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk --> C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [N/A]><N>
[Microtek Scanner Finder]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk --> C:\PROGRA~1\Microtek\SCANWI~1\SCANNE~1.EXE []><N>
[ZyXEL G-202 Wireless Adapter Utility]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-202 Wireless Adapter Utility.lnk --> C:\PROGRA~1\ZyXEL\ZYXELG~1\ZYXELG~1.EXE [N/A]><N>

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[avast! iAVS4 Control Service / aswUpdSv][Stopped/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Stopped/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Stopped/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Bonjour Service / Bonjour Service][Stopped/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod Service / iPod Service][Stopped/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Lavasoft Ad-Aware Service / Lavasoft Ad-Aware Service][Stopped/Auto Start]
  <"C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"><N/A>
[MySQL / MySQL][Stopped/Auto Start]
  <"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL><(File is missing)>
[Nero BackItUp Scheduler 3 / Nero BackItUp Scheduler 3][Stopped/Auto Start]
  <C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe><Nero AG>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"><Nero AG>
[StyleXPService / StyleXPService][Stopped/Auto Start]
  <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[Tb2 Launch / Tb2Launch][Stopped/Auto Start]
  <"C:\Program Files\Timbuktu Pro\tb2launch.exe"><Netopia, Inc.>
[Apache Tomcat / Tomcat5][Stopped/Manual Start]
  <C:\Tomcat5.5\bin\tomcat5.exe //RS//Tomcat5><Apache Software Foundation>
[VMware Agent Service / ufad-ws60][Stopped/Manual Start]
  <"E:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "E:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml><VMware, Inc.>
[VMware Authorization Service / VMAuthdService][Stopped/Auto Start]
  <"E:\Program Files\VMware\VMware Workstation\vmware-authd.exe"><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP][Stopped/Auto Start]
  <C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware Virtual Mount Manager Extended / vmount2][Stopped/Auto Start]
  <"C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"><VMware, Inc.>
[VMware NAT Service / VMware NAT Service][Stopped/Auto Start]
  <C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>
[Dell Wireless WLAN Tray Service / wltrysvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe><N/A>

==================================
Drivers
[AntiLog32 / AntiLog32][Stopped/System Start]
  <\??\C:\Program Files\AntiLogger\AntiLog32.sys><Zemana Ltd.>
[aswFsBlk / aswFsBlk][Stopped/Auto Start]
  <system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[Dell Wireless WLAN Card Driver / BCM43XX][Stopped/Manual Start]
  <system32\DRIVERS\bcmwl5.sys>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Stopped/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys>
[Broadcom Netgroup Packet Filter / BCMWLNPF][Stopped/Auto Start]
  <system32\drivers\bcmwlnpf.sys><CACE Technologies>
[SecuRemote Miniport / FW1][Stopped/Manual Start]
  <system32\DRIVERS\fw.sys><N/A>
[VMware hcmon / hcmon][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\hcmon.sys><VMware, Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Lbd / Lbd][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\Lbd.sys><Lavasoft AB>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SigmaTel High Definition Audio CODEC / STHDA][Stopped/Manual Start]
  <system32\drivers\sthda.sys><SigmaTel, Inc.>
[StyleXPHelper / StyleXPHelper][Stopped/System Start]
  <\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe><Windows (R) 2000 DDK provider>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TB2 Remote Control Driver / Tb2Device][Stopped/System Start]
  <NetopiaRC\Tb2Device.sys><N/A>
[TB2 Remote Control Mirror Driver / Tb2MirrorSys][Stopped/System Start]
  <NetopiaRC\Tb2MirrorSys.sys><Netopia, Inc.>
[VMware kbd / vmkbd][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\VMkbd.sys><VMware, Inc.>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Stopped/Manual Start]
  <system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>
[VMware Bridge Protocol / VMnetBridge][Stopped/Auto Start]
  <system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys><VMware, Inc.>
[VMware vmx86 / vmx86][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\vmx86.sys><VMware, Inc.>
[Vstor2 Virtual Storage Driver / vstor2][Stopped/Auto Start]
  <\??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys><VMware, Inc.>
[Vstor2 WS60 Virtual Storage Driver / vstor2-ws60][Stopped/Auto Start]
  <\??\E:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys><VMware, Inc.>

==================================
Browser Add-ons
[C:\WINDOWS\system32\tajf83ikdmf.dll]
  {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} <C:\WINDOWS\system32\tajf83ikdmf.dll, N/A>
[]
  {d8501e2f-511d-4da0-8977-b87d878bedc2} <C:\WINDOWS\system32\paguzumo.dll, N/A>
[Java Plug-in 1.5.0_15]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[Support.com Configuration Class]
  {01113300-3E00-11D2-8470-0060089874ED} <C:\WINDOWS\Downloaded Program Files\tgctlcm.dll, (Signed) SupportSoft, Inc.>
[Java Plug-in 1.6.0_07]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Java Plug-in 1.5.0_15]
  {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {00000000-0000-0000-0000-000000000000} <, >
[Microsoft Outlook 8.0 Object Library]
  {0006F033-0000-0000-C000-000000000046} <, >
[Microsoft Office Outlook]
  {0006F03A-0000-0000-C000-000000000046} <, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[Support.com Configuration Class]
  {01113300-3E00-11D2-8470-0060089874ED} <C:\WINDOWS\Downloaded Program Files\tgctlcm.dll, (Signed) SupportSoft, Inc.>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, (Signed) N/A>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[]
  {233C1507-6A77-46A4-9443-F871F945D258} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XSL Template]
  {2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[QuickTime Object]
  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[isInstalled Class]
  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre1.6.0_07\bin\wsdetect.dll, Sun Microsystems, Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {7C109800-A5D5-438F-9640-18D17E168B88} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
  {88D969C1-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XSL Template 4.0]
  {88D969C3-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 5.0]
  {88D969E6-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XSL Template 5.0]
  {88D969E8-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML HTTP 5.0]
  {88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_07]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[Google Update Plugin]
  {B79267AC-3725-42EB-890A-6CF077567C47} <C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll, (Signed) Google Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[C:\WINDOWS\system32\tajf83ikdmf.dll]
  {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} <C:\WINDOWS\system32\tajf83ikdmf.dll, N/A>
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[Java Plug-in 1.5.0_15]
  {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[AUDIO__AIFF Moniker Class]
  {CD3AFA72-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <, >
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Msxml]
  {CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[iTunesDetector Class]
  {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <E:\Program Files\iTunes\ITDetector.ocx, (Signed) Apple Inc.>
[]
  {D8501E2F-511D-4DA0-8977-B87D878BEDC2} <C:\WINDOWS\system32\paguzumo.dll, N/A>
[QuickTimeCheck Class]
  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, (Signed) Apple Inc.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML Document 3.0]
  {F5078F40-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document]
  {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 184][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 232][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 256][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[c:\windows\system32\zatolifa.dll]  [N/A, ]
	[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[\\?\globalroot\Device\__max++>\D114766E.x86.dll]  [N/A, ]
	[C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 8, 1335, 0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
[PID: 308][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[c:\windows\system32\zatolifa.dll]  [N/A, ]
[PID: 320][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
[PID: 484][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\D114766E.x86.dll]  [N/A, ]
	[C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 8, 1335, 0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 588][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[\\?\globalroot\systemroot\system32\UACjfotagkxlt.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\D114766E.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 676][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[\\?\globalroot\systemroot\system32\UACjfotagkxlt.dll]  [N/A, ]
[PID: 872][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[\\?\globalroot\systemroot\system32\UACdrfendodcu.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\D114766E.x86.dll]  [N/A, ]
	[C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 8, 1335, 0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1396][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\D114766E.x86.dll]  [N/A, ]
	[C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 8, 1335, 0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[c:\windows\system32\zatolifa.dll]  [N/A, ]
	[C:\WINDOWS\system32\tajf83ikdmf.dll]  [N/A, ]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll]  [Nero AG, 3, 0, 3, 0]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll]  [, 1.0.0.1]
	[C:\Program Files\Alwil Software\Avast4\ashShell.dll]  [ALWIL Software, 4, 8, 1335, 0]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
	[C:\Program Files\TextPad 5\System\shellext32.dll]  [Helios Software Solutions, 1.51]
	[C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll]  [Nero AG, 3, 0, 1, 0]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll]  [Nero AG, 0,4,0, 101]
[PID: 1464][C:\Program Files\Internet Explorer\Iexplore.exe]  [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[\\?\globalroot\systemroot\system32\UACdrfendodcu.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\D114766E.x86.dll]  [N/A, ]
	[C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 8, 1335, 0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[c:\windows\system32\zatolifa.dll]  [N/A, ]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
[PID: 1576][C:\Program Files\Internet Explorer\Iexplore.exe]  [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[\\?\globalroot\systemroot\system32\UACdrfendodcu.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\D114766E.x86.dll]  [N/A, ]
	[C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 8, 1335, 0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[c:\windows\system32\zatolifa.dll]  [N/A, ]
	[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
[PID: 1656][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
	[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[c:\windows\system32\zatolifa.dll]  [N/A, ]
[PID: 1332][C:\Documents and Settings\owner\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[c:\windows\system32\zatolifa.dll]  [N/A, ]
[PID: 1352][C:\Documents and Settings\owner\Desktop\SREa0d76134.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[c:\windows\system32\zatolifa.dll]  [N/A, ]
	[C:\WINDOWS\system32\bolizabi.dll]  [N/A, ]
	[C:\Documents and Settings\owner\Desktop\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\Documents and Settings\owner\Desktop\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[\\?\globalroot\Device\__max++>\D114766E.x86.dll]  [N/A, ]
	[C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 8, 1335, 0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
VSockets Library over [MSAFD Tcpip [TCP/IP]]
	C:\WINDOWS\system32\winhelper.dll(, N/A)
VSockets Library
	C:\WINDOWS\system32\winhelper.dll(, N/A)

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost
::1 localhost
94.232.248.66 browser-security.microsoft.com
94.232.248.66 antivaresys.com
94.232.248.66 www.antivaresys.com

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1332, C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] {BB65B0FB-5712-401b-B616-E69AC55E2757}.job
		C:\DOCUME~1\owner\LOCALS~1\Temp\b.exe 
[Enabled] GoogleUpdateTaskUserS-1-5-21-57989841-1425521274-725345543-1003UA.job
		C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe 
[Enabled] GoogleUpdateTaskUserS-1-5-21-57989841-1425521274-725345543-1003Core.job
		C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe 
[Enabled] AppleSoftwareUpdate.job
		C:\Program Files\Apple Software Update\SoftwareUpdate.exe 
[Enabled] Ad-Aware Update (Weekly).job
		C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe 

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


YOUR HELP is appreciated!

Edited by cyerg, 04 September 2009 - 09:50 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:29 AM

Posted 21 September 2009 - 07:28 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:29 AM

Posted 27 September 2009 - 06:26 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users