Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Root Repeal Report


  • This topic is locked This topic is locked
18 replies to this topic

#1 __VDB__

__VDB__

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 21 September 2009 - 08:37 PM

Hi , Here Is My Root Repeal Log.

Im not sure what this virus/worm is but here are some of the issues (advanced virus remover / antivirus pro 2010 / protect system / jadelamo.dll / 13396254.exe / 15938124.exe / 19004374.exe /PAVRM /paweharo.dll / braviax / psystem/. please help me to get rid of the problem before i get fired :( Thanks.

Attached Files


Edited by __VDB__, 22 September 2009 - 02:47 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 08 October 2009 - 07:24 AM

Hello __VDB__

Welcome to Welcome to BleepingComputer :(
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 __VDB__

__VDB__
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 08 October 2009 - 10:59 AM

OTL Scanner Results. ( and [thank you] so much for your help )



[OTL]

OTL logfile created on: 10/8/2009 10:48:02 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Fle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 72.62% Memory free
3.35 Gb Paging File | 2.96 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 117.50 Gb Free Space | 78.83% Space Free | Partition Type: NTFS
Drive D: | 650.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FLESCRAZYMACHIN
Current User Name: Fle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\PnkBstrA.exe ()
PRC - C:\WINDOWS\System32\PnkBstrB.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Documents and Settings\All Users\Application Data\75138327\75138327.exe ()
PRC - C:\Documents and Settings\Fle\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AresChatServer [On_Demand | Stopped]) -- C:\Program Files\Ares\chatServer.exe (Ares Development Group)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Disabled | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrA.exe ()
SRV - (PnkBstrB [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrB.exe ()
SRV - (Uniblue DiskRescue [Disabled | Stopped]) -- C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe (Uniblue)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ATITool [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ATITool.sys ()
DRV - (BCMModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (BootScreen [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\vidstub.sys ()
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (LCcfltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LCcFltr.Sys (Logitech, Inc.)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCREAMINGBDRIVER [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SoC PC-Camera Service [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pfc027.sys ()
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (VCSVADHWSer [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vcsvad.sys (Avnex)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bmhq.net/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {FE0B2851-96AA-463A-A091-71AE0FCB9B5E}:1.0
FF - prefs.js..extensions.enabledItems: {FC5AC480-EB0E-49C6-921F-0A06BA69003F}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost"

FF - HKLM\software\mozilla\Firefox\extensions\\{FC5AC480-EB0E-49C6-921F-0A06BA69003F}: C:\Documents and Settings\Fle\Local Settings\Application Data\{FC5AC480-EB0E-49C6-921F-0A06BA69003F} [2009/03/26 03:35:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:00:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/06 18:37:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/21 00:43:44 | 00,000,000 | ---D | M]

[2009/03/17 01:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\mozilla\Extensions
[2009/03/17 01:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/07 00:47:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\mozilla\Firefox\Profiles\kxgp07mu.default\extensions
[2009/09/07 00:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\mozilla\Firefox\Profiles\kxgp07mu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/07 00:47:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/21 00:43:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/19 00:28:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/02 22:49:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/19 18:00:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/03/26 03:08:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{FE0B2851-96AA-463A-A091-71AE0FCB9B5E}
[2009/09/21 00:43:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/21 00:43:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 16:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 13:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/09/21 00:43:34 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/05/01 16:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/09/21 00:43:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/21 00:43:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/21 00:43:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/21 00:43:38 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/21 00:43:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/21 00:43:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/21 00:43:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (331220 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11344 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [75138327] C:\Documents and Settings\All Users\Application Data\75138327\75138327.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [betijiyot] C:\WINDOWS\System32\lopuheso.DLL ()
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} http://pbells.broadjump.com/wizlet/Standar...aller_4-2-0.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (gojobeju.dll) - File not found
O20 - AppInit_DLLs: (dewulale.dll) - C:\WINDOWS\System32\dewulale.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\lopuheso.dll) - C:\WINDOWS\System32\lopuheso.dll ()
O20 - AppInit_DLLs: (sulejere.dll) - C:\WINDOWS\System32\sulejere.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: gitayisab - {86154e6f-a962-4d0b-8463-3a02051755fe} - C:\WINDOWS\System32\lopuheso.dll ()
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {86154e6f-a962-4d0b-8463-3a02051755fe} - gahurihor - C:\WINDOWS\System32\lopuheso.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/13 01:06:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/20 14:55:08 | 00,950,328 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/09/20 14:55:08 | 00,950,328 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/11/26 11:21:36 | 00,000,049 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c020d3d7-2bc3-11de-936e-000cf17d6af9}\Shell - "" = AutoRun
O33 - MountPoints2\{c020d3d7-2bc3-11de-936e-000cf17d6af9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c020d3d7-2bc3-11de-936e-000cf17d6af9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/08 10:36:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\75138327
[2009/10/03 02:11:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Application Data\DNA
[2009/09/19 13:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Application Data\SUPERAntiSpyware.com
[2009/10/03 02:11:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Local Settings\Application Data\DNA
[2009/09/24 16:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\Axife Mouse Recorder DEMO
[2009/09/24 16:26:20 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2009/10/03 02:11:37 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/09/25 14:42:01 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2009/10/02 16:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/09/28 22:30:28 | 00,000,000 | ---D | C] -- C:\Program Files\MUSICMATCH
[2009/09/19 13:39:01 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/18 14:41:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/18 02:47:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/09/18 04:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety CenterRebootActions
[2009/09/11 18:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\YahELite
[2009/10/08 10:46:28 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fle\Desktop\OTL.exe
[2009/10/03 13:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Desktop\Ars-poe
[2009/09/24 16:26:22 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2009/09/20 17:53:14 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Fle\Desktop\tatertot.scr.exe
[2009/09/19 18:00:38 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/19 18:00:38 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/19 18:00:38 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/19 17:39:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Desktop\Programs
[2009/09/19 17:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Desktop\log-reports
[2009/09/18 17:27:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/09/18 12:02:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/09/18 00:27:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\My Documents\cod4 config
[2009/09/18 00:26:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\My Documents\notepad
[2009/09/10 12:28:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\My Documents\Stuff
[2009/09/10 12:21:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\My Documents\Wordpad + Notes
[2009/09/09 18:37:42 | 00,000,000 | ---D | C] -- C:\Games
[2009/09/08 17:30:59 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/08 10:46:29 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fle\Desktop\OTL.exe
[2009/10/08 10:45:31 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\gusitibi
[2009/10/08 10:35:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/08 10:35:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/08 10:35:34 | 16,096,17408 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/07 18:16:44 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Fle\Desktop\Internet.lnk
[2009/10/07 16:53:45 | 00,138,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/07 16:53:36 | 00,190,144 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/10/07 16:53:36 | 00,190,144 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/10/05 03:30:57 | 00,002,098 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Battlefield Vietnam ARSENAL.lnk
[2009/10/04 20:53:39 | 00,000,642 | ---- | M] () -- C:\Documents and Settings\Fle\Desktop\Ventrilo.lnk
[2009/10/04 02:39:15 | 00,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2009/10/04 02:37:48 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/03 15:45:05 | 00,000,245 | ---- | M] () -- C:\Delme.bat
[2009/09/29 08:31:19 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/29 08:31:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/29 08:31:19 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/09/28 22:58:02 | 00,001,893 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/09/28 22:57:57 | 00,081,920 | R--- | M] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2009/09/28 21:52:01 | 00,009,052 | ---- | M] () -- C:\WINDOWS\YAHELITE.INI
[2009/09/28 21:48:47 | 00,000,012 | ---- | M] () -- C:\WINDOWS\YAHVOX_ignore.ini
[2009/09/28 21:36:12 | 00,000,030 | ---- | M] () -- C:\WINDOWS\YAHELITE_BUDDY.INI
[2009/09/28 21:22:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\YAHELITE_cookie.INI
[2009/09/28 14:18:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/25 17:20:28 | 00,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/09/25 14:54:07 | 00,000,933 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2009/09/25 02:47:14 | 04,834,578 | -H-- | M] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\IconCache.db
[2009/09/24 14:05:18 | 01,440,421 | ---- | M] () -- C:\Documents and Settings\Fle\My Documents\Surprise!!!!.zip
[2009/09/23 05:57:27 | 00,331,220 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/23 02:30:25 | 01,081,380 | -HS- | M] () -- C:\WINDOWS\System32\latabaye.exe
[2009/09/21 20:16:19 | 00,180,224 | -HS- | M] () -- C:\WINDOWS\System32\repozuyi.exe
[2009/09/20 19:09:46 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/20 17:53:16 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Fle\Desktop\tatertot.scr.exe
[2009/09/20 17:18:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/09/19 15:28:50 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090923-055727.backup
[2009/09/19 00:52:10 | 00,000,254 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/09/18 16:31:58 | 00,305,742 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090919-010331.backup
[2009/09/18 14:33:32 | 00,007,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/18 01:11:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/09/18 00:58:06 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/18 00:33:35 | 00,019,940 | ---- | M] () -- C:\WINDOWS\qolagoxoro.dat
[2009/09/18 00:33:35 | 00,019,794 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\aradiw.vbs
[2009/09/18 00:33:35 | 00,019,467 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\irituveqod._dl
[2009/09/18 00:33:35 | 00,019,397 | ---- | M] () -- C:\Program Files\Common Files\olagicevy.ban
[2009/09/18 00:33:35 | 00,019,112 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\tyraxy.lib
[2009/09/18 00:33:35 | 00,019,007 | ---- | M] () -- C:\WINDOWS\ilequdyq.pif
[2009/09/18 00:33:35 | 00,018,076 | ---- | M] () -- C:\WINDOWS\wupofodypu._sy
[2009/09/18 00:33:35 | 00,017,829 | ---- | M] () -- C:\WINDOWS\System32\qypizadum.dat
[2009/09/18 00:33:35 | 00,017,795 | ---- | M] () -- C:\Documents and Settings\Fle\Application Data\ovokeho.pif
[2009/09/18 00:33:35 | 00,017,206 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\sacega.vbs
[2009/09/18 00:33:35 | 00,017,137 | ---- | M] () -- C:\Program Files\Common Files\ryqogimak.ban
[2009/09/18 00:33:35 | 00,015,946 | ---- | M] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\besud.bin
[2009/09/18 00:33:35 | 00,015,675 | ---- | M] () -- C:\Program Files\Common Files\sixi._dl
[2009/09/18 00:33:35 | 00,015,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jahifarafe.lib
[2009/09/18 00:33:35 | 00,015,307 | ---- | M] () -- C:\Program Files\Common Files\exyc.dl
[2009/09/18 00:33:35 | 00,015,091 | ---- | M] () -- C:\Program Files\Common Files\ygyvoxi.bin
[2009/09/18 00:33:35 | 00,014,254 | ---- | M] () -- C:\Program Files\Common Files\cakopi.scr
[2009/09/18 00:33:35 | 00,014,250 | ---- | M] () -- C:\WINDOWS\wibevoduci.bat
[2009/09/18 00:33:35 | 00,014,230 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\wozu.com
[2009/09/18 00:33:35 | 00,012,700 | ---- | M] () -- C:\Documents and Settings\Fle\Application Data\sikixagojy.sys
[2009/09/18 00:33:35 | 00,012,185 | ---- | M] () -- C:\Documents and Settings\Fle\Application Data\upupedoruz.ban
[2009/09/18 00:33:35 | 00,011,372 | ---- | M] () -- C:\WINDOWS\System32\monavavir.com
[2009/09/18 00:33:35 | 00,011,172 | ---- | M] () -- C:\WINDOWS\dijaz.com
[2009/09/18 00:33:35 | 00,011,102 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fyvomo.dl
[2009/09/18 00:33:35 | 00,010,924 | ---- | M] () -- C:\WINDOWS\System32\mumexufab.bat
[2009/09/18 00:33:35 | 00,010,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ywabobiho.bat
[2009/09/18 00:33:35 | 00,010,012 | ---- | M] () -- C:\WINDOWS\putizyqery.bin
[2009/09/17 23:22:50 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 01:07:56 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files - No Company Name ==========
[2009/10/07 18:16:44 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Fle\Desktop\Internet.lnk
[2009/10/05 03:30:57 | 00,002,098 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Battlefield Vietnam ARSENAL.lnk
[2009/10/04 20:53:39 | 00,000,642 | ---- | C] () -- C:\Documents and Settings\Fle\Desktop\Ventrilo.lnk
[2009/10/04 20:53:20 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Fle\Desktop\Xfire.lnk
[2009/10/03 15:44:34 | 00,000,245 | ---- | C] () -- C:\Delme.bat
[2009/09/28 22:58:02 | 00,001,893 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/09/28 22:57:57 | 00,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2009/09/28 21:36:12 | 00,000,030 | ---- | C] () -- C:\WINDOWS\YAHELITE_BUDDY.INI
[2009/09/25 17:20:28 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/09/24 16:26:22 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/09/24 14:04:40 | 01,440,421 | ---- | C] () -- C:\Documents and Settings\Fle\My Documents\Surprise!!!!.zip
[2009/09/24 14:01:15 | 16,096,17408 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/19 00:52:39 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\gusitibi
[2009/09/18 14:33:32 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/18 00:57:42 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/18 00:33:35 | 00,019,940 | ---- | C] () -- C:\WINDOWS\qolagoxoro.dat
[2009/09/18 00:33:35 | 00,019,794 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\aradiw.vbs
[2009/09/18 00:33:35 | 00,019,467 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\irituveqod._dl
[2009/09/18 00:33:35 | 00,019,397 | ---- | C] () -- C:\Program Files\Common Files\olagicevy.ban
[2009/09/18 00:33:35 | 00,019,112 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\tyraxy.lib
[2009/09/18 00:33:35 | 00,019,007 | ---- | C] () -- C:\WINDOWS\ilequdyq.pif
[2009/09/18 00:33:35 | 00,018,076 | ---- | C] () -- C:\WINDOWS\wupofodypu._sy
[2009/09/18 00:33:35 | 00,017,829 | ---- | C] () -- C:\WINDOWS\System32\qypizadum.dat
[2009/09/18 00:33:35 | 00,017,795 | ---- | C] () -- C:\Documents and Settings\Fle\Application Data\ovokeho.pif
[2009/09/18 00:33:35 | 00,017,206 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\sacega.vbs
[2009/09/18 00:33:35 | 00,017,137 | ---- | C] () -- C:\Program Files\Common Files\ryqogimak.ban
[2009/09/18 00:33:35 | 00,015,946 | ---- | C] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\besud.bin
[2009/09/18 00:33:35 | 00,015,675 | ---- | C] () -- C:\Program Files\Common Files\sixi._dl
[2009/09/18 00:33:35 | 00,015,416 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jahifarafe.lib
[2009/09/18 00:33:35 | 00,015,307 | ---- | C] () -- C:\Program Files\Common Files\exyc.dl
[2009/09/18 00:33:35 | 00,015,091 | ---- | C] () -- C:\Program Files\Common Files\ygyvoxi.bin
[2009/09/18 00:33:35 | 00,014,254 | ---- | C] () -- C:\Program Files\Common Files\cakopi.scr
[2009/09/18 00:33:35 | 00,014,250 | ---- | C] () -- C:\WINDOWS\wibevoduci.bat
[2009/09/18 00:33:35 | 00,014,230 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wozu.com
[2009/09/18 00:33:35 | 00,012,700 | ---- | C] () -- C:\Documents and Settings\Fle\Application Data\sikixagojy.sys
[2009/09/18 00:33:35 | 00,012,185 | ---- | C] () -- C:\Documents and Settings\Fle\Application Data\upupedoruz.ban
[2009/09/18 00:33:35 | 00,011,372 | ---- | C] () -- C:\WINDOWS\System32\monavavir.com
[2009/09/18 00:33:35 | 00,011,172 | ---- | C] () -- C:\WINDOWS\dijaz.com
[2009/09/18 00:33:35 | 00,011,102 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fyvomo.dl
[2009/09/18 00:33:35 | 00,010,924 | ---- | C] () -- C:\WINDOWS\System32\mumexufab.bat
[2009/09/18 00:33:35 | 00,010,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywabobiho.bat
[2009/09/18 00:33:35 | 00,010,012 | ---- | C] () -- C:\WINDOWS\putizyqery.bin
[2009/09/17 23:25:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/09/17 23:22:50 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2009/09/11 18:31:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\YAHELITE_cookie.INI
[2009/07/08 10:36:58 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\zumidiba.dll
[2009/07/08 10:36:58 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\sulejere.dll
[2009/07/08 10:36:58 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\mebozihi.dll
[2009/07/08 10:36:25 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\pogewaso.dll
[2009/07/08 10:36:23 | 00,088,576 | -HS- | C] () -- C:\WINDOWS\System32\lopuheso.dll
[2009/07/08 10:36:23 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\damorume.dll
[2009/07/07 13:02:52 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\dewulale.dll
[2009/07/07 13:02:51 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\zugowuva.dll
[2009/07/07 13:02:51 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\junefare.dll
[2009/07/07 13:02:17 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\ligijowe.dll
[2009/07/07 13:02:17 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\vijohato.dll
[2009/07/07 13:02:17 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\tuhuguhi.dll
[2009/07/07 13:02:17 | 00,026,624 | -HS- | C] () -- C:\WINDOWS\System32\hulawira.dll
[2009/06/20 01:12:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/06/18 23:23:09 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\lakiyati.dll_old
[2009/06/05 02:57:44 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/21 22:55:01 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/11 01:25:03 | 00,127,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2009/04/11 01:25:03 | 00,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2009/03/26 18:16:49 | 00,000,254 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/19 15:39:07 | 00,000,044 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2009/03/16 02:24:55 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2009/03/16 01:16:42 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/06/15 16:59:49 | 00,000,012 | ---- | C] () -- C:\WINDOWS\YAHVOX_ignore.ini
[2008/06/08 19:40:19 | 00,009,052 | ---- | C] () -- C:\WINDOWS\YAHELITE.INI
[2008/06/08 19:11:50 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/03 15:40:39 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/06/03 15:40:39 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6221C94788.sys
[2008/06/02 13:23:27 | 00,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008/05/29 03:09:00 | 00,019,592 | ---- | C] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/05/21 15:36:22 | 00,138,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/05/21 15:36:06 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Fle\Application Data\PnkBstrK.sys
[2008/05/21 15:35:18 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/05/21 12:00:17 | 04,834,578 | -H-- | C] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\IconCache.db
[2008/05/13 03:57:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Fle\Application Data\desktop.ini
[2008/05/12 20:53:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/12 20:50:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/12 20:50:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/12 20:50:08 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/05/12 20:49:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/12 19:50:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/11/10 08:08:50 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/02/28 06:00:00 | 00,000,558 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/08 10:36:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/28 19:58:44 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{203DB912-4B39-4636-930F-102CFD1E9177}
[2009/04/27 18:10:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
[2009/04/27 17:29:17 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/04/27 17:03:35 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2009/10/08 10:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\75138327
[2009/05/25 21:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/06/03 15:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/05/21 23:07:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/25 21:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/06/03 15:18:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/04/28 01:32:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/04/02 02:32:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
[2009/04/14 01:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/04/27 16:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/04/24 23:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2009/09/18 16:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/04 20:01:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/06/03 15:27:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/27 18:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2009/10/03 02:11:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Fle\Application Data
[2009/05/02 01:23:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\ArcSoft
[2008/05/29 03:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\ATI
[2009/04/08 20:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\Corel
[2009/05/21 23:54:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\DAEMON Tools Lite
[2009/10/08 10:46:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\DNA
[2009/05/27 13:33:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\GetRightToGo
[2009/09/15 23:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\gtk-2.0
[2009/04/02 02:36:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\OpenOffice.org2
[2009/04/23 13:42:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\Screaming Bee
[2008/06/07 23:36:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\teamspeak2
[2009/10/02 11:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\U3
[2008/06/03 15:27:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\Ulead Systems
[2009/04/27 18:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\Uniblue
[2009/04/24 23:07:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\Ventrilo
[2009/10/07 21:43:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\Xfire
[2009/09/28 14:18:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/02/28 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/08 10:35:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/04/27 18:10:44 | 00,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue DiskRescue 2009.job
[2009/04/27 18:18:24 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEFF768F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >




[EXTRAS]


OTL Extras logfile created on: 10/8/2009 10:48:02 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Fle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 72.62% Memory free
3.35 Gb Paging File | 2.96 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 117.50 Gb Free Space | 78.83% Space Free | Partition Type: NTFS
Drive D: | 650.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FLESCRAZYMACHIN
Current User Name: Fle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480 -- ()
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\Documents and Settings\Fle\Desktop\YaheliteVox\YahVox_Domination_v1.1.exe" = C:\Documents and Settings\Fle\Desktop\YaheliteVox\YahVox_Domination_v1.1.exe:*:Enabled:Yahoo Voice Domination -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam -- ()
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\YahELite\YahVoxhex.exe" = C:\Program Files\YahELite\YahVoxhex.exe:*:Enabled:Yahoo! voice chat for YahELite -- File not found
"C:\Program Files\YahELite\YahVox.exe" = C:\Program Files\YahELite\YahVox.exe:*:Enabled:Yahoo! voice chat for YahELite -- (David J. Binette)
"C:\WINDOWS\system32\logonui.exe" = C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui -- (Microsoft Corporation)
"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" = C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv -- (ALWIL Software)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\lsass.exe" = C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Motive\McciCMService.exe" = C:\Program Files\Common Files\Motive\McciCMService.exe:*:Enabled:McciCMService -- (Motive Communications, Inc.)
"C:\WINDOWS\system32\services.exe" = C:\WINDOWS\system32\services.exe:*:Enabled:services -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Documents and Settings\Fle\Local Settings\Temp\n.exn" = C:\Documents and Settings\Fle\Local Settings\Temp\n.exn:*:Enabled:n -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0C35EAE4-A535-46B7-B4BF-68952BD94E68}" = Uniblue DiskRescue 2009
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64A3CFFC-C4CC-41C4-91EC-402002D93FDC}" = ArcSoft PhotoImpression 5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Trial
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Ares" = Ares 2.0.9
"ATI Display Driver" = ATI Display Driver
"ATITool" = ATITool Overclocking Utility
"ATT-PRT22" = ATT-PRT22
"avast!" = avast! Antivirus
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BootSkin" = BootSkin
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"CIF USB CAMERA" = CIF USB CAMERA
"CoD RconTool 10" = CoD RconTool 10
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Driver" = Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"PoE" = PoE v1.0.0.0
"Pool Sharks" = Pool Sharks 2.1
"PROSet" = Intel® PRO Network Connections Drivers
"RocketDock_is1" = RocketDock 1.3.5
"SpeedFan" = SpeedFan (remove only)
"SpyEraser_is1" = Uniblue SpyEraser
"SystemRequirementsLab" = System Requirements Lab
"Uniblue DiskRescue 2009" = Uniblue DiskRescue 2009
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YahELite" = YahELite 330.1
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/20/2009 10:15:53 PM | Computer Name = FLESCRAZYMACHIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\setup\rsrc\CoD4.exe failed, 0000001E.

Error - 9/23/2009 4:08:50 PM | Computer Name = FLESCRAZYMACHIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\FLE\MY DOCUMENTS\MY PICTURES\BEBO SKINS\BEBO-SKIN-SS\THUMBS.DB
failed, 00000005.

Error - 9/23/2009 4:08:50 PM | Computer Name = FLESCRAZYMACHIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\FLE\MY DOCUMENTS\MY PICTURES\BEBO SKINS\POKER-1\THUMBS.DB
failed, 00000005.

[ Application Events ]
Error - 5/22/2009 1:22:13 AM | Computer Name = FLESCRAZYMACHIN | Source = Application Error | ID = 1000
Description = Faulting application primalprey.exe, version 1.0.0.1, faulting module
primalprey.exe, version 1.0.0.1, fault address 0x001bb474.

Error - 5/22/2009 1:23:36 AM | Computer Name = FLESCRAZYMACHIN | Source = Application Error | ID = 1000
Description = Faulting application primalprey.exe, version 1.0.0.1, faulting module
primalprey.exe, version 1.0.0.1, fault address 0x001bb474.

Error - 5/22/2009 1:26:30 AM | Computer Name = FLESCRAZYMACHIN | Source = Application Error | ID = 1000
Description = Faulting application primalprey.exe, version 1.0.0.1, faulting module
primalprey.exe, version 1.0.0.1, fault address 0x001bb474.

Error - 5/22/2009 1:48:31 AM | Computer Name = FLESCRAZYMACHIN | Source = Application Error | ID = 1000
Description = Faulting application primalprey.exe, version 1.0.0.1, faulting module
primalprey.exe, version 1.0.0.1, fault address 0x001bb474.

Error - 5/22/2009 4:27:06 AM | Computer Name = FLESCRAZYMACHIN | Source = Application Error | ID = 1000
Description = Faulting application primalprey.exe, version 1.0.0.1, faulting module
primalprey.exe, version 1.0.0.1, fault address 0x001bb477.

Error - 5/22/2009 6:35:20 AM | Computer Name = FLESCRAZYMACHIN | Source = Application Error | ID = 1000
Description = Faulting application primalprey.exe, version 1.0.0.1, faulting module
primalprey.exe, version 1.0.0.1, fault address 0x001bba10.

Error - 5/22/2009 6:36:03 AM | Computer Name = FLESCRAZYMACHIN | Source = Application Error | ID = 1000
Description = Faulting application primalprey.exe, version 1.0.0.1, faulting module
primalprey.exe, version 1.0.0.1, fault address 0x001bb474.

Error - 5/22/2009 7:41:15 PM | Computer Name = FLESCRAZYMACHIN | Source = Application Error | ID = 1000
Description = Faulting application primalprey.exe, version 1.0.0.1, faulting module
primalprey.exe, version 1.0.0.1, fault address 0x001bb474.

Error - 5/22/2009 7:57:06 PM | Computer Name = FLESCRAZYMACHIN | Source = Application Error | ID = 1000
Description = Faulting application primalprey.exe, version 1.0.0.1, faulting module
primalprey.exe, version 1.0.0.1, fault address 0x001bb474.

Error - 5/23/2009 7:14:45 PM | Computer Name = FLESCRAZYMACHIN | Source = MsiInstaller | ID = 11719
Description = Product: Adobe Setup -- Error 1719.The Windows Installer Service could
not be accessed. This can occur if you are running Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

[ System Events ]
Error - 10/6/2009 11:47:27 PM | Computer Name = FLESCRAZYMACHIN | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058

Error - 10/6/2009 11:47:36 PM | Computer Name = FLESCRAZYMACHIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Imapi

Error - 10/7/2009 12:23:10 PM | Computer Name = FLESCRAZYMACHIN | Source = Service Control Manager | ID = 7000
Description = The BootScreen service failed to start due to the following error:
%%2001

Error - 10/7/2009 12:23:10 PM | Computer Name = FLESCRAZYMACHIN | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058

Error - 10/7/2009 12:23:16 PM | Computer Name = FLESCRAZYMACHIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Imapi

Error - 10/7/2009 2:22:52 PM | Computer Name = FLESCRAZYMACHIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/7/2009 9:44:37 PM | Computer Name = FLESCRAZYMACHIN | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/8/2009 11:36:14 AM | Computer Name = FLESCRAZYMACHIN | Source = Service Control Manager | ID = 7000
Description = The BootScreen service failed to start due to the following error:
%%2001

Error - 10/8/2009 11:36:14 AM | Computer Name = FLESCRAZYMACHIN | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058

Error - 10/8/2009 11:36:17 AM | Computer Name = FLESCRAZYMACHIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Imapi


< End of report >


[END]

#4 __VDB__

__VDB__
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 08 October 2009 - 11:37 AM

Results Log from [GMER]


GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-08 11:32:18
Windows 5.1.2600 Service Pack 3
Running: vrkcwt45.exe; Driver: C:\DOCUME~1\Fle\LOCALS~1\Temp\pgxorpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB07F16B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB07F1574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB07F1A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB07F114C]
SSDT spfg.sys ZwEnumerateKey [0xF74F4CA4]
SSDT spfg.sys ZwEnumerateValueKey [0xF74F5032]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB07F164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB07F108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB07F10F0]
SSDT spfg.sys ZwQueryKey [0xF74F510A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB07F176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB07F172E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB07F18AE]

INT 0x62 ? 8A3AABF8
INT 0x73 ? 8A214BF8
INT 0x73 ? 8A214BF8
INT 0x82 ? 8A3AABF8
INT 0x83 ? 8A214BF8
INT 0xA4 ? 8A214BF8
INT 0xB4 ? 8A214BF8

---- Kernel code sections - GMER 1.0.15 ----

? spfg.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B933C8AC 5 Bytes JMP 8A2141D8
.text aabqk76r.SYS B9069386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aabqk76r.SYS B90693AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aabqk76r.SYS B90693C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aabqk76r.SYS B90693C9 1 Byte [30]
.text aabqk76r.SYS B90693C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A3AC2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spfg.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spfg.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spfg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spfg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spfg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spfg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spfg.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A2142D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E6E9C] spfg.sys
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aabqk76r.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00700002
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00700000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A3A91F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\sptd \Device\3997946156 spfg.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A14E1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A14E1F8
Device \Driver\usbuhci \Device\USBPDO-2 8A14E1F8
Device \Driver\usbuhci \Device\USBPDO-3 8A14E1F8
Device \Driver\PCI_PNP7406 \Device\00000047 spfg.sys
Device \Driver\PCI_PNP7406 \Device\00000047 spfg.sys
Device \Driver\usbehci \Device\USBPDO-4 8A1371F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4181F8
Device \Driver\Cdrom \Device\CdRom0 8A10B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7849B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort0 [F7849B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort1 [F7849B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7849B40] atapi.sys[unknown section]
Device \Driver\NetBT \Device\NetBt_Wins_Export 89C68500
Device \Driver\NetBT \Device\NetbiosSmb 89C68500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 8A14E1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A14E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89C58500
Device \Driver\usbuhci \Device\USBFDO-2 8A14E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89C58500
Device \Driver\usbuhci \Device\USBFDO-3 8A14E1F8
Device \Driver\usbehci \Device\USBFDO-4 8A1371F8
Device \Driver\Ftdisk \Device\FtControl 8A4181F8
Device \Driver\aabqk76r \Device\Scsi\aabqk76r1 89ED0500
Device \FileSystem\Cdfs \Cdfs 89B13500
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\RocketDock\RocketDock.exe [120] 0x00B60000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [216] 0x003A0000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [376] 0x00B70000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\BCMSMMSG.exe [460] 0x009B0000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [468] 0x00B10000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\Core\smax4pnp.exe [496] 0x00C40000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [516] 0x00B30000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [608] 0x008E0000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [660] 0x00590000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [712] 0x00680000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [724] 0x00390000
Library C:\WINDOWS\system32\pubufuhu.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [724] 0x00DB0000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\Messenger\msmsgs.exe [808] 0x00880000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [896] 0x00390000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [924] 0x009F0000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [980] 0x00390000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\DNA\btdna.exe [1028] 0x00C00000
Library C:\WINDOWS\System32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1084] 0x00390000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1124] 0x00390000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1164] 0x00390000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1368] 0x00390000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\Common Files\Motive\McciCMService.exe [1384] 0x008B0000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1588] 0x009E0000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashServ.exe [1636] 0x00B40000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1872] 0x00390000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1980] 0x00390000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [1992] 0x00B70000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\PnkBstrA.exe [2108] 0x00770000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\PnkBstrB.exe [2160] 0x00780000
Library C:\WINDOWS\system32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2248] 0x00390000
Library C:\WINDOWS\System32\sonumiwo.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3048] 0x00600000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0xE0 0x24 0xBC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDE 0xFE 0xE0 0x6C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0xC3 0x87 0x18 ...
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACopujejtxmq.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACopujejtxmq.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChrhovbrnrn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACdkyrqqtmtn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACsbikhuwkpp.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACoyuwlouliy.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACaidqjgepad.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0xE0 0x24 0xBC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDE 0xFE 0xE0 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0xC3 0x87 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0xE0 0x24 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDE 0xFE 0xE0 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0xC3 0x87 0x18 ...
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3317438223\Groups@\xa4-<3-My True Love-<3-\xa4 0
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3317438223\Groups@\x00a4friends-&-Family\xa4 0
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3317438223\Groups@\x00a4Bm\xa4 0

---- EOF - GMER 1.0.15 ----

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 09 October 2009 - 06:55 AM

You are welcome :(

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKLM..\Run: [75138327] C:\Documents and Settings\All Users\Application Data\75138327\75138327.exe ()
    O4 - HKLM..\Run: [betijiyot] C:\WINDOWS\System32\lopuheso.DLL ()
    O20 - AppInit_DLLs: (gojobeju.dll) - File not found
    O20 - AppInit_DLLs: (dewulale.dll) - C:\WINDOWS\System32\dewulale.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\lopuheso.dll) - C:\WINDOWS\System32\lopuheso.dll ()
    O20 - AppInit_DLLs: (sulejere.dll) - C:\WINDOWS\System32\sulejere.dll ()
    O21 - SSODL: gitayisab - {86154e6f-a962-4d0b-8463-3a02051755fe} - C:\WINDOWS\System32\lopuheso.dll ()
    [2009/10/08 10:36:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\75138327
    [2009/10/08 10:45:31 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\gusitibi
    [2009/09/23 02:30:25 | 01,081,380 | -HS- | M] () -- C:\WINDOWS\System32\latabaye.exe
    [2009/09/21 20:16:19 | 00,180,224 | -HS- | M] () -- C:\WINDOWS\System32\repozuyi.exe
    [2009/09/18 01:11:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
    [2009/09/18 00:33:35 | 00,019,940 | ---- | M] () -- C:\WINDOWS\qolagoxoro.dat
    [2009/09/18 00:33:35 | 00,019,794 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\aradiw.vbs
    [2009/09/18 00:33:35 | 00,019,467 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\irituveqod._dl
    [2009/09/18 00:33:35 | 00,019,397 | ---- | M] () -- C:\Program Files\Common Files\olagicevy.ban
    [2009/09/18 00:33:35 | 00,019,112 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\tyraxy.lib
    [2009/09/18 00:33:35 | 00,019,007 | ---- | M] () -- C:\WINDOWS\ilequdyq.pif
    [2009/09/18 00:33:35 | 00,018,076 | ---- | M] () -- C:\WINDOWS\wupofodypu._sy
    [2009/09/18 00:33:35 | 00,017,829 | ---- | M] () -- C:\WINDOWS\System32\qypizadum.dat
    [2009/09/18 00:33:35 | 00,017,795 | ---- | M] () -- C:\Documents and Settings\Fle\Application Data\ovokeho.pif
    [2009/09/18 00:33:35 | 00,017,206 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\sacega.vbs
    [2009/09/18 00:33:35 | 00,017,137 | ---- | M] () -- C:\Program Files\Common Files\ryqogimak.ban
    [2009/09/18 00:33:35 | 00,015,946 | ---- | M] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\besud.bin
    [2009/09/18 00:33:35 | 00,015,675 | ---- | M] () -- C:\Program Files\Common Files\sixi._dl
    [2009/09/18 00:33:35 | 00,015,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jahifarafe.lib
    [2009/09/18 00:33:35 | 00,015,307 | ---- | M] () -- C:\Program Files\Common Files\exyc.dl
    [2009/09/18 00:33:35 | 00,015,091 | ---- | M] () -- C:\Program Files\Common Files\ygyvoxi.bin
    [2009/09/18 00:33:35 | 00,014,254 | ---- | M] () -- C:\Program Files\Common Files\cakopi.scr
    [2009/09/18 00:33:35 | 00,014,250 | ---- | M] () -- C:\WINDOWS\wibevoduci.bat
    [2009/09/18 00:33:35 | 00,014,230 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\wozu.com
    [2009/09/18 00:33:35 | 00,012,700 | ---- | M] () -- C:\Documents and Settings\Fle\Application Data\sikixagojy.sys
    [2009/09/18 00:33:35 | 00,012,185 | ---- | M] () -- C:\Documents and Settings\Fle\Application Data\upupedoruz.ban
    [2009/09/18 00:33:35 | 00,011,372 | ---- | M] () -- C:\WINDOWS\System32\monavavir.com
    [2009/09/18 00:33:35 | 00,011,172 | ---- | M] () -- C:\WINDOWS\dijaz.com
    [2009/09/18 00:33:35 | 00,011,102 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fyvomo.dl
    [2009/09/18 00:33:35 | 00,010,924 | ---- | M] () -- C:\WINDOWS\System32\mumexufab.bat
    [2009/09/18 00:33:35 | 00,010,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ywabobiho.bat
    [2009/09/18 00:33:35 | 00,010,012 | ---- | M] () -- C:\WINDOWS\putizyqery.bin
    [2009/09/17 23:22:50 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
    
    :files
    C:\WINDOWS\system32\sonumiwo.dll
    
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Combofix=================================
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 __VDB__

__VDB__
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 09 October 2009 - 07:56 AM

Log Report From [OTL] ; it didnt sav to desktop so i looked under C: OTL and found (2) logs. [ 10092009_072752.log ] & [ 10092009_072807.log ] but one is empty. and the other one is not. so ill post that one , if its not the right one im sorry.

[OTL] Log


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\75138327 not found.
C:\Documents and Settings\All Users\Application Data\75138327\75138327.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\betijiyot deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\lopuheso.DLL
C:\WINDOWS\System32\lopuheso.DLL NOT unregistered.
C:\WINDOWS\System32\lopuheso.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gojobeju.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:dewulale.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\dewulale.dll
C:\WINDOWS\System32\dewulale.dll NOT unregistered.
C:\WINDOWS\System32\dewulale.dll moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\lopuheso.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\lopuheso.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:sulejere.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\sulejere.dll
C:\WINDOWS\System32\sulejere.dll NOT unregistered.
C:\WINDOWS\System32\sulejere.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gitayisab not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86154e6f-a962-4d0b-8463-3a02051755fe}\ not found.
File C:\WINDOWS\System32\lopuheso.dll not found.
C:\Documents and Settings\All Users\Application Data\75138327 moved successfully.
C:\WINDOWS\System32\gusitibi moved successfully.
C:\WINDOWS\System32\latabaye.exe moved successfully.
File C:\WINDOWS\System32\repozuyi.exe not found.
C:\WINDOWS\System32\41.exe moved successfully.
C:\WINDOWS\qolagoxoro.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\aradiw.vbs moved successfully.
C:\Documents and Settings\All Users\Documents\irituveqod._dl moved successfully.
C:\Program Files\Common Files\olagicevy.ban moved successfully.
C:\Documents and Settings\All Users\Documents\tyraxy.lib moved successfully.
C:\WINDOWS\ilequdyq.pif moved successfully.
C:\WINDOWS\wupofodypu._sy moved successfully.
C:\WINDOWS\System32\qypizadum.dat moved successfully.
C:\Documents and Settings\Fle\Application Data\ovokeho.pif moved successfully.
C:\Documents and Settings\All Users\Documents\sacega.vbs moved successfully.
C:\Program Files\Common Files\ryqogimak.ban moved successfully.
C:\Documents and Settings\Fle\Local Settings\Application Data\besud.bin moved successfully.
C:\Program Files\Common Files\sixi._dl moved successfully.
C:\Documents and Settings\All Users\Application Data\jahifarafe.lib moved successfully.
C:\Program Files\Common Files\exyc.dl moved successfully.
C:\Program Files\Common Files\ygyvoxi.bin moved successfully.
C:\Program Files\Common Files\cakopi.scr moved successfully.
C:\WINDOWS\wibevoduci.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\wozu.com moved successfully.
C:\Documents and Settings\Fle\Application Data\sikixagojy.sys moved successfully.
C:\Documents and Settings\Fle\Application Data\upupedoruz.ban moved successfully.
C:\WINDOWS\System32\monavavir.com moved successfully.
C:\WINDOWS\dijaz.com moved successfully.
C:\Documents and Settings\All Users\Application Data\fyvomo.dl moved successfully.
C:\WINDOWS\System32\mumexufab.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\ywabobiho.bat moved successfully.
C:\WINDOWS\putizyqery.bin moved successfully.
C:\p2hhr.bat moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\sonumiwo.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 2905912 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Fle
File delete failed. C:\Documents and Settings\Fle\Local Settings\Temp\etilqs_lobRWaWogOMcTuhyop10 scheduled to be deleted on reboot.
->Temp folder emptied: 74520963 bytes
File delete failed. C:\Documents and Settings\Fle\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 23717156 bytes
->Java cache emptied: 35214672 bytes
File delete failed. C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 108877788 bytes
->Google Chrome cache emptied: 80621202 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 466775 bytes
->FireFox cache emptied: 2905912 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_688.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 1425629 bytes
RecycleBin emptied: 87615 bytes

Total Files Cleaned = 317.52 mb


OTL by OldTimer - Version 3.0.18.4 log created on 10092009_072807

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Fle\Local Settings\Temp\etilqs_lobRWaWogOMcTuhyop10 not found!
C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Fle\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_688.dat not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\lopuheso.dll scheduled to be deleted on reboot.




Here is the [combo fix] log.



ComboFix 09-10-08.04 - Fle 10/09/2009 7:42.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1111 [GMT -5:00]
Running from: c:\documents and settings\Fle\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091008-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\95132727
c:\documents and settings\All Users\Application Data\95132727\95132727.exe
c:\program files\Mozilla Firefox\extensions\{FE0B2851-96AA-463A-A091-71AE0FCB9B5E}
c:\program files\Mozilla Firefox\extensions\{FE0B2851-96AA-463A-A091-71AE0FCB9B5E}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{FE0B2851-96AA-463A-A091-71AE0FCB9B5E}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{FE0B2851-96AA-463A-A091-71AE0FCB9B5E}\install.rdf
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
c:\windows\run.log
c:\windows\system32\fanenoto.dll
c:\windows\system32\hulawira.dll
c:\windows\system32\mebozihi.dll
c:\windows\system32\pogewaso.dll
c:\windows\system32\tuhuguhi.dll
c:\windows\system32\zelayira.dll
c:\windows\system32\zodetego.dll
c:\windows\system32\zugowuva.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SENEKA
-------\Legacy_UACD.SYS


((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.

2009-10-09 12:46 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-09 12:46 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-09 12:28 . 2009-10-09 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\05823422
2009-10-09 12:27 . 2009-10-09 12:27 -------- d-----w- C:\_OTL
2009-10-08 20:33 . 2009-10-08 20:33 -------- d-----w- c:\documents and settings\Fle\Application Data\dvdcss
2009-10-08 15:58 . 2009-10-08 15:58 290816 ----a-w- C:\vrkcwt45.exe
2009-10-03 20:44 . 2009-10-03 20:45 245 ----a-w- C:\Delme.bat
2009-10-02 21:12 . 2009-10-02 21:12 -------- d-----w- c:\program files\Microsoft
2009-09-29 03:57 . 2009-09-29 03:57 81920 ------r- c:\windows\bwUnin-6.1.4.61-8876480L.exe
2009-09-29 03:30 . 2009-09-29 03:30 -------- d-----w- c:\program files\MUSICMATCH
2009-09-25 22:20 . 2009-09-25 22:20 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-25 19:42 . 2009-09-25 19:42 -------- d-----w- c:\program files\EA GAMES
2009-09-24 21:26 . 2007-12-26 22:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-09-24 21:26 . 2007-12-26 22:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-09-24 21:26 . 2009-09-24 21:28 -------- d-----w- c:\program files\Cheat Engine
2009-09-24 21:26 . 2009-09-24 21:26 -------- d-----w- c:\program files\Axife Mouse Recorder DEMO
2009-09-20 22:53 . 2009-09-20 22:53 0 ----a-w- c:\documents and settings\Fle\settings.dat
2009-09-19 20:27 . 2009-09-19 20:28 -------- d-----w- c:\documents and settings\Fle\DoctorWeb
2009-09-19 18:39 . 2009-09-19 18:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-19 18:39 . 2009-09-19 18:39 -------- d-----w- c:\documents and settings\Fle\Application Data\SUPERAntiSpyware.com
2009-09-18 22:27 . 2009-09-18 22:27 -------- d-----w- c:\windows\system32\NtmsData
2009-09-18 21:29 . 2009-09-18 21:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla
2009-09-18 19:59 . 2009-09-18 19:59 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-09-18 19:41 . 2009-09-18 19:41 -------- d-----w- c:\program files\Trend Micro
2009-09-18 19:14 . 2009-09-18 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-18 09:12 . 2009-09-18 09:12 -------- d-----w- c:\program files\Windows Live Safety CenterRebootActions
2009-09-18 07:47 . 2009-09-18 07:52 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-18 06:28 . 2009-09-18 06:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ventrilo
2009-09-18 05:57 . 2009-09-18 05:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-18 05:35 . 2009-09-18 05:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-18 04:32 . 2009-09-18 04:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-18 04:29 . 2009-09-18 04:29 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-18 04:29 . 2009-09-18 04:29 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-18 04:22 . 2009-09-18 04:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-11 23:28 . 2009-09-11 23:29 -------- d-----w- c:\program files\YahELite
2009-09-09 23:37 . 2009-09-09 23:37 -------- d-----w- C:\Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 01:50 . 2009-04-25 04:29 -------- d-----w- c:\documents and settings\Fle\Application Data\Xfire
2009-10-09 01:25 . 2008-05-21 20:36 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-09 01:25 . 2008-05-21 20:35 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-08 18:28 . 2009-04-25 04:29 -------- d-----w- c:\program files\Xfire
2009-10-07 18:02 . 2009-03-27 00:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 21:12 . 2009-03-19 02:56 -------- d-----w- c:\program files\Windows Live
2009-10-02 16:38 . 2009-04-25 04:10 -------- d-----w- c:\documents and settings\Fle\Application Data\U3
2009-09-29 14:09 . 2008-06-08 00:46 -------- d-----w- c:\program files\Logitech
2009-09-29 03:57 . 2008-05-21 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 19:54 . 2009-03-16 08:43 933 -c--a-w- c:\windows\eReg.dat
2009-09-19 23:00 . 2008-06-02 18:28 -------- d-----w- c:\program files\Java
2009-09-19 18:38 . 2009-03-16 06:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-19 04:42 . 2009-03-26 21:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-18 21:41 . 2009-03-20 04:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-18 19:33 . 2009-09-18 19:33 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-16 04:30 . 2009-03-20 05:19 -------- d-----w- c:\documents and settings\Fle\Application Data\gtk-2.0
2009-09-14 12:37 . 2009-03-20 05:16 -------- d-----w- c:\program files\GIMP-2.0
2009-09-10 19:54 . 2009-03-27 00:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-03-27 00:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 23:18 . 2009-04-14 07:16 -------- d-----w- c:\program files\SpeedFan
2009-08-17 16:10 . 2009-03-26 17:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-03-26 17:41 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-03-26 17:41 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-03-26 17:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-03-26 17:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-03-26 17:41 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-03-26 17:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-03-26 17:41 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-03-26 17:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-07 00:24 . 2008-05-13 06:04 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2008-05-13 06:04 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2008-05-13 06:04 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2007-07-31 00:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2008-05-13 06:04 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2006-02-28 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2008-05-13 06:04 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-03-19 14:03 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2009-03-19 14:03 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2008-05-13 06:04 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-02-28 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-01-25 23:32 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-01-25 23:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 10:23 . 2009-03-19 05:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-02-28 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2008-01-25 22:17 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-06-03 20:57 . 2008-06-03 20:40 88 --sh--r- c:\windows\system32\6221C94788.sys
2009-07-08 15:36 . 2009-07-08 15:36 51712 --sha-w- c:\windows\system32\damorume.dll
2009-07-08 15:36 . 2009-07-08 15:36 1011246 --sha-w- c:\windows\system32\davagadu.exe
2009-07-07 18:02 . 2009-07-07 18:02 51712 --sha-w- c:\windows\system32\junefare.dll
2009-07-09 12:21 . 2009-07-09 12:21 1011153 --sha-w- c:\windows\system32\kapekabo.exe
2009-04-09 01:11 . 2008-06-03 20:40 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-09 12:21 . 2009-07-09 12:21 89088 --sha-w- c:\windows\system32\rujudagu.dll
2009-07-07 18:02 . 2009-07-07 18:02 51712 --sha-w- c:\windows\system32\vijohato.dll
2009-07-09 12:28 . 2009-07-09 12:28 1011153 --sha-w- c:\windows\system32\wivagoge.exe
2009-07-08 15:36 . 2009-07-08 15:36 51712 --sha-w- c:\windows\system32\zumidiba.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7a3c9af9-1828-486a-befb-243612cc1393}]
2009-07-08 15:36 51712 --sha-w- c:\windows\system32\zumidiba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BootSkin Startup Jobs"="c:\program files\Stardock\BootSkin\BootSkin.exe" [2004-04-26 270336]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"betijiyot"=Rundll32.exe "c:\windows\system32\lakiyati.dll",a

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\YahELite\\YahVox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciCMService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/26/2009 12:41 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/26/2009 12:41 PM 20560]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4/23/2009 1:30 PM 17792]
S1 mvfdyjhh;mvfdyjhh;\??\c:\windows\system32\drivers\mvfdyjhh.sys --> c:\windows\system32\drivers\mvfdyjhh.sys [?]
S2 BootScreen;BootScreen;c:\windows\system32\drivers\vidstub.sys [6/2/2008 1:23 PM 163712]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [6/19/2009 11:20 AM 14092]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [11/22/2008 12:53 PM 23064]
S4 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [9/10/2008 10:22 AM 229648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-04-27 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]

2009-04-27 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-04-27 20:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = localhost
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
FF - ProfilePath - c:\documents and settings\Fle\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bmhq.net/
FF - HiddenExtension: XUL Cache: {FC5AC480-EB0E-49C6-921F-0A06BA69003F} - c:\documents and settings\Fle\Local Settings\Application Data\{FC5AC480-EB0E-49C6-921F-0A06BA69003F}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-pasakagenu - mebozihi.dll
SharedTaskScheduler-{469d47d1-cd01-4d09-8bd1-2586b98c30ca} - c:\windows\system32\zelayira.dll
SSODL-nofawenay-{469d47d1-cd01-4d09-8bd1-2586b98c30ca} - c:\windows\system32\zelayira.dll
AddRemove-Driver - c:\progra~1\GT Interactive\Driver\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 07:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-10-09 7:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-09 12:51

Pre-Run: 127,900,184,576 bytes free
Post-Run: 127,777,017,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

291 --- E O F --- 2009-10-03 04:04

Edited by __VDB__, 09 October 2009 - 08:01 AM.


#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 09 October 2009 - 12:44 PM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
mvfdyjhh

File::
C:\Delme.bat
c:\windows\system32\damorume.dll
c:\windows\system32\davagadu.exe
c:\windows\system32\junefare.dll
c:\windows\system32\kapekabo.exe
c:\windows\system32\rujudagu.dll
c:\windows\system32\vijohato.dll
c:\windows\system32\wivagoge.exe
c:\windows\system32\zumidiba.dll
c:\windows\system32\lakiyati.dll


Folder::
c:\documents and settings\All Users\Application Data\05823422

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7a3c9af9-1828-486a-befb-243612cc1393}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"=-
"NoSMMyPictures"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"=-
"NoSMMyPictures"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"betijiyot"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 __VDB__

__VDB__
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 10 October 2009 - 07:11 AM

- Combo Fix Log -




ComboFix 09-10-08.04 - Fle 10/10/2009 6:58.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1007 [GMT -5:00]
Running from: c:\documents and settings\Fle\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Fle\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091009-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

FILE ::
"C:\Delme.bat"
"c:\windows\system32\damorume.dll"
"c:\windows\system32\davagadu.exe"
"c:\windows\system32\junefare.dll"
"c:\windows\system32\kapekabo.exe"
"c:\windows\system32\lakiyati.dll"
"c:\windows\system32\rujudagu.dll"
"c:\windows\system32\vijohato.dll"
"c:\windows\system32\wivagoge.exe"
"c:\windows\system32\zumidiba.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Delme.bat
c:\windows\system32\bawawaza.dll
c:\windows\system32\damorume.dll
c:\windows\system32\davagadu.exe
c:\windows\system32\gopikobi.dll
c:\windows\system32\junefare.dll
c:\windows\system32\kapekabo.exe
c:\windows\system32\rujudagu.dll
c:\windows\system32\saheloju.dll
c:\windows\system32\tikutove.dll
c:\windows\system32\vijohato.dll
c:\windows\system32\viwawobi.dll
c:\windows\system32\wivagoge.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_mvfdyjhh


((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-10 11:52 . 2009-10-10 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\80667027
2009-10-09 12:46 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-09 12:46 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-09 12:27 . 2009-10-09 12:27 -------- d-----w- C:\_OTL
2009-10-08 20:33 . 2009-10-08 20:33 -------- d-----w- c:\documents and settings\Fle\Application Data\dvdcss
2009-10-08 15:58 . 2009-10-08 15:58 290816 ----a-w- C:\vrkcwt45.exe
2009-10-02 21:12 . 2009-10-02 21:12 -------- d-----w- c:\program files\Microsoft
2009-09-29 03:57 . 2009-09-29 03:57 81920 ------r- c:\windows\bwUnin-6.1.4.61-8876480L.exe
2009-09-29 03:30 . 2009-09-29 03:30 -------- d-----w- c:\program files\MUSICMATCH
2009-09-25 22:20 . 2009-09-25 22:20 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-25 19:42 . 2009-09-25 19:42 -------- d-----w- c:\program files\EA GAMES
2009-09-24 21:26 . 2007-12-26 22:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-09-24 21:26 . 2007-12-26 22:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-09-24 21:26 . 2009-09-24 21:28 -------- d-----w- c:\program files\Cheat Engine
2009-09-24 21:26 . 2009-09-24 21:26 -------- d-----w- c:\program files\Axife Mouse Recorder DEMO
2009-09-20 22:53 . 2009-09-20 22:53 0 ----a-w- c:\documents and settings\Fle\settings.dat
2009-09-19 20:27 . 2009-09-19 20:28 -------- d-----w- c:\documents and settings\Fle\DoctorWeb
2009-09-19 18:39 . 2009-09-19 18:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-19 18:39 . 2009-09-19 18:39 -------- d-----w- c:\documents and settings\Fle\Application Data\SUPERAntiSpyware.com
2009-09-18 22:27 . 2009-09-18 22:27 -------- d-----w- c:\windows\system32\NtmsData
2009-09-18 21:29 . 2009-09-18 21:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla
2009-09-18 19:59 . 2009-09-18 19:59 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-09-18 19:41 . 2009-09-18 19:41 -------- d-----w- c:\program files\Trend Micro
2009-09-18 19:14 . 2009-09-18 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-18 09:12 . 2009-09-18 09:12 -------- d-----w- c:\program files\Windows Live Safety CenterRebootActions
2009-09-18 07:47 . 2009-09-18 07:52 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-18 06:28 . 2009-09-18 06:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ventrilo
2009-09-18 05:57 . 2009-09-18 05:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-18 05:35 . 2009-09-18 05:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-18 04:32 . 2009-09-18 04:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-18 04:29 . 2009-09-18 04:29 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-18 04:29 . 2009-09-18 04:29 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-18 04:22 . 2009-09-18 04:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-11 23:28 . 2009-09-11 23:29 -------- d-----w- c:\program files\YahELite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 13:10 . 2009-04-25 04:29 -------- d-----w- c:\documents and settings\Fle\Application Data\Xfire
2009-10-09 01:25 . 2008-05-21 20:36 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-09 01:25 . 2008-05-21 20:35 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-08 18:28 . 2009-04-25 04:29 -------- d-----w- c:\program files\Xfire
2009-10-07 18:02 . 2009-03-27 00:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 21:12 . 2009-03-19 02:56 -------- d-----w- c:\program files\Windows Live
2009-10-02 16:38 . 2009-04-25 04:10 -------- d-----w- c:\documents and settings\Fle\Application Data\U3
2009-09-29 14:09 . 2008-06-08 00:46 -------- d-----w- c:\program files\Logitech
2009-09-29 03:57 . 2008-05-21 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 19:54 . 2009-03-16 08:43 933 -c--a-w- c:\windows\eReg.dat
2009-09-19 23:00 . 2008-06-02 18:28 -------- d-----w- c:\program files\Java
2009-09-19 18:38 . 2009-03-16 06:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-19 04:42 . 2009-03-26 21:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-18 21:41 . 2009-03-20 04:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-18 19:33 . 2009-09-18 19:33 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-16 04:30 . 2009-03-20 05:19 -------- d-----w- c:\documents and settings\Fle\Application Data\gtk-2.0
2009-09-14 12:37 . 2009-03-20 05:16 -------- d-----w- c:\program files\GIMP-2.0
2009-09-10 19:54 . 2009-03-27 00:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-03-27 00:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 23:18 . 2009-04-14 07:16 -------- d-----w- c:\program files\SpeedFan
2009-08-17 16:10 . 2009-03-26 17:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-03-26 17:41 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-03-26 17:41 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-03-26 17:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-03-26 17:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-03-26 17:41 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-03-26 17:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-03-26 17:41 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-03-26 17:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-07 00:24 . 2008-05-13 06:04 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2008-05-13 06:04 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2008-05-13 06:04 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2007-07-31 00:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2008-05-13 06:04 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2006-02-28 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2008-05-13 06:04 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-03-19 14:03 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2009-03-19 14:03 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2008-05-13 06:04 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-02-28 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-01-25 23:32 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-01-25 23:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 10:23 . 2009-03-19 05:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-02-28 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2008-01-25 22:17 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-06-03 20:57 . 2008-06-03 20:40 88 --sh--r- c:\windows\system32\6221C94788.sys
2009-07-09 13:21 . 2009-07-09 13:21 51712 --sha-w- c:\windows\system32\falozogi.dll
2009-07-09 13:21 . 2009-07-09 13:21 1011752 --sha-w- c:\windows\system32\jusivefa.exe
2009-04-09 01:11 . 2008-06-03 20:40 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-09 13:21 . 2009-07-09 13:21 51712 --sha-w- c:\windows\system32\pihuyeha.dll
2009-07-10 11:51 . 2009-07-10 11:51 1011332 --sha-w- c:\windows\system32\tevupiru.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-09_12.47.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-10 11:51 . 2009-10-10 11:51 16384 c:\windows\Temp\Perflib_Perfdata_63c.dat
+ 2009-10-10 12:03 . 2009-10-10 12:03 16384 c:\windows\Temp\Perflib_Perfdata_5f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BootSkin Startup Jobs"="c:\program files\Stardock\BootSkin\BootSkin.exe" [2004-04-26 270336]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"pasakagenu"="saheloju.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\YahELite\\YahVox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciCMService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/26/2009 12:41 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/26/2009 12:41 PM 20560]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4/23/2009 1:30 PM 17792]
S2 BootScreen;BootScreen;c:\windows\system32\drivers\vidstub.sys [6/2/2008 1:23 PM 163712]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [6/19/2009 11:20 AM 14092]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [11/22/2008 12:53 PM 23064]
S4 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [9/10/2008 10:22 AM 229648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-04-27 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]

2009-04-27 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-04-27 20:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = localhost
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
FF - ProfilePath - c:\documents and settings\Fle\Application Data\Mozilla\Firefox\Profiles\kxgp07mu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bmhq.net/
FF - HiddenExtension: XUL Cache: {FC5AC480-EB0E-49C6-921F-0A06BA69003F} - c:\documents and settings\Fle\Local Settings\Application Data\{FC5AC480-EB0E-49C6-921F-0A06BA69003F}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-betijiyot - c:\windows\system32\viwawobi.dll
SharedTaskScheduler-{3510aa3b-a4cf-4207-aa39-bdd3aa44556e} - c:\windows\system32\viwawobi.dll
SSODL-powibizam-{3510aa3b-a4cf-4207-aa39-bdd3aa44556e} - c:\windows\system32\viwawobi.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 07:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-10-10 7:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-10 12:07
ComboFix2.txt 2009-10-09 12:51

Pre-Run: 127,734,132,736 bytes free
Post-Run: 127,685,226,496 bytes free

276 --- E O F --- 2009-10-03 04:04

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 10 October 2009 - 10:13 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    c:\documents and settings\All Users\Application Data\80667027
    c:\windows\system32\jusivefa.exe
    c:\windows\system32\pihuyeha.dll
    c:\windows\system32\tevupiru.exe
    c:\windows\system32\falozogi.dll
    
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "pasakagenu"=-
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.
====================
Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Online Scanner
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 __VDB__

__VDB__
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 10 October 2009 - 03:59 PM

[OTL] Report.


========== FILES ==========
c:\documents and settings\All Users\Application Data\80667027 moved successfully.
c:\windows\system32\jusivefa.exe moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\pihuyeha.dll
c:\windows\system32\pihuyeha.dll NOT unregistered.
c:\windows\system32\pihuyeha.dll moved successfully.
c:\windows\system32\tevupiru.exe moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\falozogi.dll
c:\windows\system32\falozogi.dll NOT unregistered.
c:\windows\system32\falozogi.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pasakagenu deleted successfully.

OTL by OldTimer - Version 3.0.18.4 log created on 10102009_125851




[MBAM] Report



Malwarebytes' Anti-Malware 1.41
Database version: 2938
Windows 5.1.2600 Service Pack 3

10/10/2009 1:25:36 PM
mbam-log-2009-10-10 (13-25-36).txt

Scan type: Quick Scan
Objects scanned: 96931
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



[Kaspersky] Report


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 10, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 10, 2009 20:08:06
Records in database: 2949009
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 48343
Threats found: 8
Infected objects found: 26
Suspicious objects found: 0
Scan duration: 02:03:25


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\95132727\95132727.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\davagadu.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pogewaso.dll.vir Infected: Trojan.Win32.Monderb.beon 1
C:\Qoobox\Quarantine\[4]-Submit_2009-10-10_06.58.03.zip Infected: Packed.Win32.Krap.x 2
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP1\A0000027.dll Infected: Trojan.Win32.Stuh.acvk 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP2\A0000037.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP2\A0000038.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP2\A0000040.exe Infected: Backdoor.Win32.Bredolab.aep 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP2\A0000042.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP2\A0000060.exe Infected: Trojan.Win32.FraudPack.tyj 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP23\A0040796.exe Infected: Trojan.Win32.FraudPack.uce 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP24\A0040994.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP24\A0040999.dll Infected: Trojan.Win32.Monderb.beon 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP24\A0041107.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP24\A0041108.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP25\A0041145.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP3\A0033238.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP4\A0033471.exe Infected: Trojan.Win32.FraudPack.tyj 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP4\A0033472.exe Infected: Trojan.Win32.FraudPack.tyj 1
C:\_OTL\MovedFiles\10092009_072807\Documents and Settings\All Users\Application Data\75138327\75138327.exe Infected: Packed.Win32.Krap.x 1
C:\_OTL\MovedFiles\10092009_072807\WINDOWS\System32\latabaye.exe Infected: Packed.Win32.Krap.x 1
C:\_OTL\MovedFiles\10092009_072807\WINDOWS\System32\lopuheso.dll Infected: Trojan.Win32.Plapon.ux 1
C:\_OTL\MovedFiles\10102009_125851\documents and settings\All Users\Application Data\80667027\80667027.exe Infected: Packed.Win32.Krap.x 1
C:\_OTL\MovedFiles\10102009_125851\windows\system32\jusivefa.exe Infected: Packed.Win32.Krap.x 1
C:\_OTL\MovedFiles\10102009_125851\windows\system32\tevupiru.exe Infected: Packed.Win32.Krap.x 1

Selected area has been scanned.

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 10 October 2009 - 04:09 PM

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Also let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 __VDB__

__VDB__
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 10 October 2009 - 04:58 PM

[OTL] Log


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 10, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 10, 2009 20:08:06
Records in database: 2949009
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 48343
Threats found: 8
Infected objects found: 26
Suspicious objects found: 0
Scan duration: 02:03:25


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\95132727\95132727.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\davagadu.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pogewaso.dll.vir Infected: Trojan.Win32.Monderb.beon 1
C:\Qoobox\Quarantine\[4]-Submit_2009-10-10_06.58.03.zip Infected: Packed.Win32.Krap.x 2
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP1\A0000027.dll Infected: Trojan.Win32.Stuh.acvk 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP2\A0000037.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP2\A0000038.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP2\A0000040.exe Infected: Backdoor.Win32.Bredolab.aep 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP2\A0000042.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP2\A0000060.exe Infected: Trojan.Win32.FraudPack.tyj 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP23\A0040796.exe Infected: Trojan.Win32.FraudPack.uce 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP24\A0040994.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP24\A0040999.dll Infected: Trojan.Win32.Monderb.beon 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP24\A0041107.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP24\A0041108.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP25\A0041145.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP3\A0033238.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP4\A0033471.exe Infected: Trojan.Win32.FraudPack.tyj 1
C:\System Volume Information\_restore{354B759C-3427-46FB-9834-B54047AE2C21}\RP4\A0033472.exe Infected: Trojan.Win32.FraudPack.tyj 1
C:\_OTL\MovedFiles\10092009_072807\Documents and Settings\All Users\Application Data\75138327\75138327.exe Infected: Packed.Win32.Krap.x 1
C:\_OTL\MovedFiles\10092009_072807\WINDOWS\System32\latabaye.exe Infected: Packed.Win32.Krap.x 1
C:\_OTL\MovedFiles\10092009_072807\WINDOWS\System32\lopuheso.dll Infected: Trojan.Win32.Plapon.ux 1
C:\_OTL\MovedFiles\10102009_125851\documents and settings\All Users\Application Data\80667027\80667027.exe Infected: Packed.Win32.Krap.x 1
C:\_OTL\MovedFiles\10102009_125851\windows\system32\jusivefa.exe Infected: Packed.Win32.Krap.x 1
C:\_OTL\MovedFiles\10102009_125851\windows\system32\tevupiru.exe Infected: Packed.Win32.Krap.x 1

Selected area has been scanned.




things are running much better in the last 48 hours. altho there were alot of pop ups and 3458384 <-- ect kinda stuff in my processes tab. also under msconfig i have about 15 of them unchecked to prevent startup issues. [ i have them written down in notpad by file name if you would need them let me know. but that might have also been resolved by the scripts you have gave me too run. but over all its running good , an your work is being greatly appreciated.

Edited by __VDB__, 10 October 2009 - 05:26 PM.


#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 11 October 2009 - 10:42 AM

Great I would like to see one more OTL log then you should be on your way.
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 __VDB__

__VDB__
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 11 October 2009 - 11:06 AM

[OTL] Log.



OTL logfile created on: 10/11/2009 11:00:43 AM - Run 5
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Fle\Desktop\Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 72.36% Memory free
3.35 Gb Paging File | 2.97 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 118.23 Gb Free Space | 79.32% Space Free | Partition Type: NTFS
Drive D: | 650.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FLESCRAZYMACHIN
Current User Name: Fle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\PnkBstrA.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Documents and Settings\Fle\Desktop\Programs\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AresChatServer [On_Demand | Stopped]) -- C:\Program Files\Ares\chatServer.exe (Ares Development Group)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Disabled | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrA.exe ()
SRV - (Uniblue DiskRescue [Disabled | Stopped]) -- C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe (Uniblue)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ATITool [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ATITool.sys ()
DRV - (BCMModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (BootScreen [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\vidstub.sys ()
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (LCcfltr [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LCcFltr.Sys (Logitech, Inc.)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCREAMINGBDRIVER [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SoC PC-Camera Service [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pfc027.sys ()
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (VCSVADHWSer [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vcsvad.sys (Avnex)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bmhq.net/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {FC5AC480-EB0E-49C6-921F-0A06BA69003F}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost"

FF - HKLM\software\mozilla\Firefox\extensions\\{FC5AC480-EB0E-49C6-921F-0A06BA69003F}: C:\Documents and Settings\Fle\Local Settings\Application Data\{FC5AC480-EB0E-49C6-921F-0A06BA69003F} [2009/03/26 03:35:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:00:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/06 18:37:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/21 00:43:44 | 00,000,000 | ---D | M]

[2009/03/17 01:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\mozilla\Extensions
[2009/03/17 01:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/10 13:07:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\mozilla\Firefox\Profiles\kxgp07mu.default\extensions
[2009/09/07 00:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fle\Application Data\mozilla\Firefox\Profiles\kxgp07mu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/10 13:07:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/21 00:43:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/19 00:28:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/02 22:49:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/19 18:00:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/21 00:43:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/21 00:43:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 16:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 13:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/09/21 00:43:34 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/05/01 16:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/09/21 00:43:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/21 00:43:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/21 00:43:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/21 00:43:38 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/21 00:43:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/21 00:43:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/21 00:43:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\mal-w-ant-by\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} http://pbells.broadjump.com/wizlet/Standar...aller_4-2-0.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (gopikobi.dll) - File not found
O20 - AppInit_DLLs: (pihuyeha.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/13 01:06:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/20 14:55:08 | 00,950,328 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/09/20 14:55:08 | 00,950,328 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/11/26 11:21:36 | 00,000,049 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/08 15:33:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Application Data\dvdcss
[2009/09/19 13:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Application Data\SUPERAntiSpyware.com
[2009/10/11 01:36:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Application Data\SystemRequirementsLab
[2009/09/24 16:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\Axife Mouse Recorder DEMO
[2009/09/24 16:26:20 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2009/09/25 14:42:01 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2009/10/10 13:16:07 | 00,000,000 | ---D | C] -- C:\Program Files\mal-w-ant-by
[2009/10/02 16:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/09/28 22:30:28 | 00,000,000 | ---D | C] -- C:\Program Files\MUSICMATCH
[2009/09/19 13:39:01 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/18 14:41:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/18 02:47:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/09/18 04:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety CenterRebootActions
[2009/09/11 18:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\YahELite
[2009/10/11 03:28:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Desktop\Unknown Error Report
[2009/10/10 13:16:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/10 13:16:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/10 13:06:12 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/09 07:46:07 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/09 07:46:07 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/10/09 07:42:09 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/09 07:40:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/09 07:40:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/09 07:40:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/09 07:40:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/09 07:40:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/09 07:40:14 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/09 07:27:52 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/24 16:26:22 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2009/09/20 17:53:14 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Fle\Desktop\tatertot.scr.exe
[2009/09/19 18:00:38 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/19 18:00:38 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/19 18:00:38 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/19 17:39:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Desktop\Programs
[2009/09/19 17:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\Desktop\log-reports
[2009/09/18 17:27:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/09/18 12:02:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/09/18 00:27:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\My Documents\cod4 config
[2009/09/18 00:26:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fle\My Documents\notepad

========== Files - Modified Within 30 Days ==========

[2009/10/11 06:58:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/11 06:58:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/11 06:58:07 | 16,096,17408 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/10 22:15:48 | 00,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/10 22:15:41 | 00,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/10/10 21:01:26 | 00,190,144 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/10/10 13:04:01 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\gusitibi
[2009/10/10 07:03:44 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/10 07:03:23 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/10 06:52:16 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/10 06:52:16 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/09 07:38:59 | 03,329,529 | R--- | M] () -- C:\Documents and Settings\Fle\Desktop\ComboFix.exe
[2009/10/09 07:34:26 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/08 20:49:54 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/08 10:58:36 | 00,290,816 | ---- | M] () -- C:\vrkcwt45.exe
[2009/10/07 18:16:44 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Fle\Desktop\Internet.lnk
[2009/10/04 20:53:39 | 00,000,642 | ---- | M] () -- C:\Documents and Settings\Fle\Desktop\Ventrilo.lnk
[2009/10/04 02:39:15 | 00,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2009/10/04 02:37:48 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/28 22:57:57 | 00,081,920 | R--- | M] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2009/09/28 21:52:01 | 00,009,052 | ---- | M] () -- C:\WINDOWS\YAHELITE.INI
[2009/09/28 21:48:47 | 00,000,012 | ---- | M] () -- C:\WINDOWS\YAHVOX_ignore.ini
[2009/09/28 21:36:12 | 00,000,030 | ---- | M] () -- C:\WINDOWS\YAHELITE_BUDDY.INI
[2009/09/28 21:22:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\YAHELITE_cookie.INI
[2009/09/28 14:18:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/25 17:20:28 | 00,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/09/25 14:54:07 | 00,000,933 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2009/09/25 02:47:14 | 04,834,578 | -H-- | M] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\IconCache.db
[2009/09/24 14:05:18 | 01,440,421 | ---- | M] () -- C:\Documents and Settings\Fle\My Documents\Surprise!!!!.zip
[2009/09/20 17:53:16 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Fle\Desktop\tatertot.scr.exe
[2009/09/20 17:18:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/09/19 15:28:50 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090923-055727.backup
[2009/09/19 00:52:10 | 00,000,254 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/09/18 16:31:58 | 00,305,742 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090919-010331.backup
[2009/09/18 14:33:32 | 00,007,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/18 00:58:06 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files - No Company Name ==========
[2009/10/09 07:42:13 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/09 07:42:10 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/09 07:40:50 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/09 07:40:50 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/09 07:40:50 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/09 07:40:50 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/09 07:38:53 | 03,329,529 | R--- | C] () -- C:\Documents and Settings\Fle\Desktop\ComboFix.exe
[2009/10/08 10:58:36 | 00,290,816 | ---- | C] () -- C:\vrkcwt45.exe
[2009/10/07 18:16:44 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Fle\Desktop\Internet.lnk
[2009/10/04 20:53:39 | 00,000,642 | ---- | C] () -- C:\Documents and Settings\Fle\Desktop\Ventrilo.lnk
[2009/10/04 20:53:20 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Fle\Desktop\Xfire.lnk
[2009/09/28 22:57:57 | 00,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2009/09/28 21:36:12 | 00,000,030 | ---- | C] () -- C:\WINDOWS\YAHELITE_BUDDY.INI
[2009/09/25 17:20:28 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/09/24 16:26:22 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/09/24 14:04:40 | 01,440,421 | ---- | C] () -- C:\Documents and Settings\Fle\My Documents\Surprise!!!!.zip
[2009/09/24 14:01:15 | 16,096,17408 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/19 00:52:39 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\gusitibi
[2009/09/18 14:33:32 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/18 00:57:42 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/11 18:31:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\YAHELITE_cookie.INI
[2009/06/20 01:12:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/06/05 02:57:44 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/21 22:55:01 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/11 01:25:03 | 00,127,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2009/04/11 01:25:03 | 00,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2009/03/26 18:16:49 | 00,000,254 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/19 15:39:07 | 00,000,044 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2009/03/16 02:24:55 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2009/03/16 01:16:42 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/06/15 16:59:49 | 00,000,012 | ---- | C] () -- C:\WINDOWS\YAHVOX_ignore.ini
[2008/06/08 19:40:19 | 00,009,052 | ---- | C] () -- C:\WINDOWS\YAHELITE.INI
[2008/06/08 19:11:50 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/03 15:40:39 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/06/03 15:40:39 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6221C94788.sys
[2008/06/02 13:23:27 | 00,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008/05/29 03:09:00 | 00,019,592 | ---- | C] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/05/21 15:36:22 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/05/21 15:36:06 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Fle\Application Data\PnkBstrK.sys
[2008/05/21 15:35:18 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/05/21 12:00:17 | 04,834,578 | -H-- | C] () -- C:\Documents and Settings\Fle\Local Settings\Application Data\IconCache.db
[2008/05/13 03:57:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Fle\Application Data\desktop.ini
[2008/05/12 20:53:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/12 20:50:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/12 20:50:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/12 20:50:08 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/05/12 20:49:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/12 19:50:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/11/10 08:08:50 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/02/28 06:00:00 | 00,000,558 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEFF768F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:42 PM

Posted 11 October 2009 - 11:13 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O20 - AppInit_DLLs: (gopikobi.dll) - File not found
    O20 - AppInit_DLLs: (pihuyeha.dll) - File not found
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users