Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Not Delete Trojan.Vundo.H remaining entries


  • This topic is locked This topic is locked
2 replies to this topic

#1 NetPros

NetPros

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 29 October 2009 - 10:10 AM

Hello:

I am an experienced IT Administrator and am working on one of our top manager's personal PCs, and over the past 10 days or so (off-and-on) have been trying to get rid of the last pieces of the Trojan.Vundo.h files. I've spent several hours so far. This thing is stubborn!! Probably the worst I've dealt with in years. Have used MBAM, VundoFix, KillBox, VirtumundoBeGone, etc. to get rid on the main DLL in the system32 directory, and the 3 reg keys. No go...still there after many attempts after rebooting. I know...you've heard all this before...

I've read and re-read a few posts here and other places (yours seem to be the only ones that actually accomplish the removal), and have done prep work (downloaded OTViewIt, ran the Kaspersky online AV scan, downloaded ATF-Cleaner, etc), and am ready to get rid of this thing once-and-for-all!!!

So...am ready and willing for some help!!

H-E-L-P!!!!

******************************************************
To get started...here is the log text from the last MBAM scan:

Malwarebytes' Anti-Malware 1.41
Database version: 3037
Windows 5.1.2600 Service Pack 3 (Safe Mode)

10/29/2009 2:55:13 AM
mbam-log-2009-10-29 (02-55-13).txt

Scan type: Quick Scan
Objects scanned: 3216
Time elapsed: 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a27c5c4e-60ab-400f-8ed4-409fd3f79d2c} (Trojan.Vundo.H) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vbsbiade (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a27c5c4e-60ab-400f-8ed4-409fd3f79d2c} (Trojan.Vundo.H) -> Not selected for removal.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\lripdbz.dll (Trojan.Vundo.H) -> Not selected for removal.

*******************************************************************

ANd here are the 2 log files (OTViewIt and Extras) from OTViewIt:

OTViewIt logfile created on: 10/29/2009 7:51:23 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.43% Memory free
3.85 Gb Paging File | 3.18 Gb Available in Paging File | 82.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 390.63 Gb Total Space | 378.47 Gb Free Space | 96.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 75.13 Gb Total Space | 67.41 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAMER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009/09/17 14:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2009/09/15 10:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2009/09/17 14:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/12/18 22:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
[2009/10/29 04:26:21 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ScanningProcess.exe
[2009/10/29 04:26:21 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ScanningProcess.exe
[2009/10/29 03:19:39 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/30 21:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Stopped])
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/23 18:46:30 | 00,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService [Auto | Stopped])
[2008/09/17 14:39:19 | 00,000,000 | ---D | M] -- C:\WINDOWS\System32\bits -- (BITS [On_Demand | Stopped])
File not found -- -- (ccEvtMgr [Disabled | Stopped])
[2006/11/21 18:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Stopped])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/14 20:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Stopped])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
[2006/09/02 17:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])
[2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
[2009/09/17 14:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Stopped])
[2009/09/16 11:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Stopped])
[2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Stopped])
[2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
[2009/09/15 10:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/08/24 16:53:14 | 00,072,176 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10 [On_Demand | Stopped])
[2007/08/24 16:53:16 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10 [Auto | Stopped])
[2007/08/24 16:52:48 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10 [Auto | Stopped])
[2007/08/24 16:52:38 | 01,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10 [On_Demand | Stopped])
[2007/08/24 16:52:46 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10 [Auto | Stopped])
[2007/03/14 20:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
File not found -- -- (SessionLauncher [Auto | Stopped])
File not found -- -- (SNDSrvc [Disabled | Stopped])
[2007/01/10 17:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Stopped])
[2007/03/14 20:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Stopped])
[2007/10/30 21:51:44 | 00,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService [Auto | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Stopped])

========== Driver Services ==========

[2007/10/23 18:48:16 | 00,012,416 | ---- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb [On_Demand | Stopped])
[2007/10/23 18:48:12 | 00,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt [System | Stopped])
[2007/01/29 18:12:52 | 00,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC [On_Demand | Stopped])
[2009/10/19 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Stopped])
[2007/07/12 11:03:38 | 00,012,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO [System | Stopped])
[2009/10/19 01:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Stopped])
[2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/11/01 15:38:56 | 04,620,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped])
[2008/04/13 11:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2009/09/16 10:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
[2009/09/16 10:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
[2009/09/16 10:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Stopped])
[2009/09/16 10:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2009/09/16 10:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
[2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2004/08/12 19:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2009/10/19 01:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091028.006\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
[2009/10/19 01:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091028.006\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,023,424 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nuyqvxli.sys -- (nuyqvxli [Boot | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2007/10/12 17:15:08 | 00,054,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2007/10/12 17:15:10 | 00,022,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/26 04:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/08/18 04:09:04 | 00,057,328 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter [Disabled | Stopped])
[2005/03/21 11:00:24 | 00,004,096 | ---- | M] (SuperAdBlocker.com) -- C:\WINDOWS\System32\sabprocenum.sys -- (SABProcEnum [On_Demand | Stopped])
[2009/10/12 21:24:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2009/10/12 21:24:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/10/12 21:24:52 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
[2006/09/06 15:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Stopped])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/02/17 21:45:48 | 00,129,248 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [Boot | Running])
[2007/01/10 17:27:26 | 00,390,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Stopped])
[2008/02/17 21:30:59 | 00,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
[2007/02/12 18:22:36 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Stopped])
[2007/02/12 18:22:40 | 00,196,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI [Disabled | Stopped])
[2008/02/17 21:45:31 | 00,368,544 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman [Boot | Running])
[2008/02/17 21:46:00 | 00,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter [Auto | Stopped])
[2008/02/17 21:46:00 | 00,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter [Boot | Running])
[2008/02/18 11:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2007/10/23 18:48:14 | 00,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D [On_Demand | Stopped])
[2009/06/17 05:20:34 | 00,012,648 | ---- | M] (Secunia) -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default"=

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default"=

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default"=

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default"=

[HKEY_USERS\S-1-5-21-1454471165-113007714-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-21-1454471165-113007714-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1454471165-113007714-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (114 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
94.232.248.66 antivirprotection.com
94.232.248.66 www.antivirprotection.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{A27C5C4E-60AB-400F-8ED4-409FD3F79D2C} (HKLM) -- c:\WINDOWS\system32\lripdbz.dll ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Acronis)
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
"ccApp"=- File not found
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" ()
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation)
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" (McAfee)
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" (Sonic Solutions)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)

========== (O4) Startup Folders ==========

[2009/08/21 01:15:32 | 00,900,816 | ---- | M] (Secunia) -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
[2008/04/13 17:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
[2008/02/17 20:15:20 | 00,110,592 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Start Menu\Programs\Startup\QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_USERS\S-1-5-21-1454471165-113007714-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{8569D715-FF88-44BA-8D1D-AD3E59543DDE}: https://www.gs.reyrey.com/clientdll/arview2.cab -- ActiveReports Viewer2
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_15
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}: http://www.superadblocker.com/activex/sabspx.cab -- SABScanProcesses Class
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_15
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_15
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
CM_AdvancedCAB: https://www.gs.reyrey.com/common/ClientChec...AdvancedCAB.CAB -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file:///C:/WINDOWS/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.
PrintTemplateViewerCab: https://www.gs.reyrey.com/clientdll/printtemplateviewer.cab -- Reg Error: Key does not exist or could not be opened.
ReyScanCab: https://www.gs.reyrey.com/clientdll/ReyScan.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{7A86DE3B-11F2-4D78-8694-BDC6396AFAF7} (Servers: | Description: 1394 Net Adapter)
{AFD91D42-15E1-4C1E-9E55-B3925251C4CF} (Servers: | Description: )
{CD171CF2-EB16-48CB-B9CC-1AF09761DB7B} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
vbsbiade: "DllName" = lripdbz.dll -- C:\WINDOWS\system32\lripdbz.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/02/17 12:22:47 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/10/29 07:49:45 | 00,000,848 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Kaspersky Online Scanner report 2009.10.29
[2009/10/29 04:36:44 | 00,974,457 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Trojan_ Vundo_ H (maybe winloggn).mht
[2009/10/29 04:36:35 | 00,000,287 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Trojan. Vundo. H (maybe winloggn).url
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Administrator\Desktop\Trojan. Vundo. H (maybe winloggn).url:favicon
[2009/10/29 04:23:12 | 00,000,262 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Scan Now - Online (OSI) - Vulnerability Scanning - Secunia.com (2).url
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Administrator\Desktop\Scan Now - Online (OSI) - Vulnerability Scanning - Secunia.com (2).url:favicon
[2009/10/29 04:23:03 | 00,000,282 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Scan Now - Online (OSI) - Vulnerability Scanning - Secunia.com.url
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Administrator\Desktop\Scan Now - Online (OSI) - Vulnerability Scanning - Secunia.com.url:favicon
[2009/10/29 04:21:41 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Secunia PSI.lnk
[2009/10/29 04:21:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/29 04:21:31 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
[2009/10/29 04:21:13 | 00,716,320 | ---- | C] (Secunia) -- C:\Documents and Settings\Administrator\Desktop\PSISetup.exe
[2009/10/29 03:48:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.reg
[2009/10/29 03:36:13 | 00,000,542 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2009.10.29.reg
[2009/10/29 03:19:39 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/10/29 03:10:43 | 00,121,903 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BleepingComputer_com Cannot remove some Trojan_Vundo_H files.mht
[2009/10/29 03:10:25 | 00,282,833 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2009/10/29 03:08:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2009/10/29 02:47:01 | 00,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2009/10/29 02:43:12 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe
[2009/10/27 00:51:19 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/10/27 00:51:14 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Administrator\Desktop\KillBox.exe
[2009/10/26 23:01:28 | 00,720,276 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Virus backdoorwin32-agent can't remove.mht
[2009/10/26 23:00:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/26 22:59:59 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/26 22:59:57 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/26 22:59:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/10/26 22:59:21 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/10/26 22:57:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/10/26 22:52:03 | 00,317,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Trojan_Vundo Removal - Removing Help Symantec.mht
[2009/10/26 22:38:37 | 03,712,656 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/26 22:25:21 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/10/26 22:25:07 | 00,082,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/26 22:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2009/10/26 22:24:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Roxio
[2009/10/26 22:24:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ASUS
[2009/10/26 22:24:50 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data\yahoo!
[2009/10/26 22:24:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2009/10/26 22:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
[2009/10/26 22:24:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/10/26 22:24:19 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2009/10/26 22:24:18 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/10/26 22:24:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2009/10/26 21:39:27 | 00,563,894 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Can't remove winlogon notify [RESOLVED].mht
[2009/10/26 21:25:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/10/26 21:21:28 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/10/26 21:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/26 21:21:04 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTsetup.exe
[2009/10/26 21:20:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/10/26 21:14:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/10/26 21:11:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/26 21:01:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/10/26 20:56:15 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2009/10/26 20:56:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/10/26 20:56:15 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/10/26 20:56:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/10/26 20:45:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/26 20:45:15 | 07,280,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2009/10/26 20:23:56 | 00,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Task Manager.lnk
[2009/10/26 20:13:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/22 08:55:53 | 00,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/10/22 08:38:54 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/10/21 20:57:04 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/21 20:57:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/21 20:57:00 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/21 20:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/21 20:57:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/21 20:21:08 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/10/21 20:21:08 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/10/16 13:22:44 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe

========== Files - Modified Within 30 Days ==========

[2009/10/29 07:49:45 | 00,000,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Kaspersky Online Scanner report 2009.10.29
[2009/10/29 04:36:52 | 00,974,457 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Trojan_ Vundo_ H (maybe winloggn).mht
[2009/10/29 04:36:35 | 00,000,287 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Trojan. Vundo. H (maybe winloggn).url
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Administrator\Desktop\Trojan. Vundo. H (maybe winloggn).url:favicon
[2009/10/29 04:24:27 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/29 04:23:12 | 00,000,262 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Scan Now - Online (OSI) - Vulnerability Scanning - Secunia.com (2).url
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Administrator\Desktop\Scan Now - Online (OSI) - Vulnerability Scanning - Secunia.com (2).url:favicon
[2009/10/29 04:23:03 | 00,000,282 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Scan Now - Online (OSI) - Vulnerability Scanning - Secunia.com.url
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Administrator\Desktop\Scan Now - Online (OSI) - Vulnerability Scanning - Secunia.com.url:favicon
[2009/10/29 04:21:41 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Secunia PSI.lnk
[2009/10/29 04:21:22 | 00,716,320 | ---- | M] (Secunia) -- C:\Documents and Settings\Administrator\Desktop\PSISetup.exe
[2009/10/29 03:48:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.reg
[2009/10/29 03:36:13 | 00,000,542 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2009.10.29.reg
[2009/10/29 03:19:39 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/10/29 03:10:46 | 00,121,903 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BleepingComputer_com Cannot remove some Trojan_Vundo_H files.mht
[2009/10/29 03:10:34 | 00,282,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2009/10/29 02:54:25 | 00,010,883 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/29 02:54:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/29 02:54:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/29 02:53:18 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/29 02:47:01 | 00,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2009/10/29 02:47:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/29 02:43:12 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe
[2009/10/28 15:14:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/28 14:41:00 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/10/28 14:16:00 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/10/27 00:51:18 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Administrator\Desktop\KillBox.exe
[2009/10/26 23:01:35 | 00,720,276 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Virus backdoorwin32-agent can't remove.mht
[2009/10/26 22:59:59 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/26 22:59:25 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/10/26 22:52:05 | 00,317,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Trojan_Vundo Removal - Removing Help Symantec.mht
[2009/10/26 22:32:10 | 07,280,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2009/10/26 22:25:21 | 00,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/10/26 22:25:07 | 00,082,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/26 22:24:38 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/10/26 21:39:30 | 00,563,894 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Can't remove winlogon notify [RESOLVED].mht
[2009/10/26 21:21:28 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/10/26 21:21:25 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTsetup.exe
[2009/10/26 20:24:05 | 00,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Task Manager.lnk
[2009/10/21 20:57:04 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/16 13:22:44 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
< End of report >


******************************************************

OTViewIt Extras logfile created on: 10/29/2009 7:51:23 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.43% Memory free
3.85 Gb Paging File | 3.18 Gb Available in Paging File | 82.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 390.63 Gb Total Space | 378.47 Gb Free Space | 96.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 75.13 Gb Total Space | 67.41 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAMER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DoNotAllowExceptions"=0
"DisableNotifications"=0
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Disabled:WinDVD
[2001/01/12 12:50:12 | 00,057,344 | ---- | M] (Informix Corporation) -- C:\Program Files\Reynolds\ERALink32\wIntegSM.exe:*:Enabled:wIntegrate Session Manager
[2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 19:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 14:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 14:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 14:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}"=Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}"=DirectXInstallService
"{12E11FBB-7CA6-4A86-834D-5E6390D51009}"=ASUS Smart Doctor
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}"=Roxio CinePlayer
"{1BA7B068-4719-42A3-B553-D4ED97434F92}"=ASUS Utilities
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}"=Roxio Central Tools
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 15
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}"=ASUS nVidia Driver
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}"=ASUS Gamer OSD
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}"=Roxio Disc Gallery
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{50E125D1-88E5-48CE-80AE-98EC9698E639}"=Symantec AntiVirus
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}"=Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}"=Roxio File Backup
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}"=Acronis True Image Home
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}"=Roxio Central Audio
"{7A529246-912F-4C40-A82A-E608DB702FD7}"=ASUS VideoSecurity Online
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}"=NVIDIA ForceWare Network Access Manager
"{807B1E67-FF69-4170-A835-E4B2C8A1D389}"=WRQ Reflection for UNIX and OpenVMS 10.0.2 ADP Release
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}"=Roxio CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}"=Roxio MediaShare
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}"=ASUS nVidia Driver
"{B2620599-BA17-48DB-9DC0-684BCB9B7282}"=ADP / XR10.00
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}"=Roxio Central Copy
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}"=Roxio Easy Media Creator 10 Suite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}"=WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{EC877639-07AB-495C-BFD1-D63AF9140810}"=Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}"=Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"Advanced Registry Optimizer_is1"=Advanced Registry Optimizer
"Bookshelf 2k"=Bookshelf 2000
"ERALink32 4.2.1"=ERALink32 4.2.1
"Eusing Free Registry Cleaner"=Eusing Free Registry Cleaner
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{12E11FBB-7CA6-4A86-834D-5E6390D51009}"=ASUS Smart Doctor
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}"=ASUS VideoSecurity Online
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}"=NVIDIA ForceWare Network Access Manager
"InterActual Player"=InterActual Player
"LiveUpdate"=LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"RealPlayer 6.0"=RealPlayer
"Secunia PSI"=Secunia PSI
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"xvid"=XviD MPEG-4 Video Codec
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Search Defender"=Yahoo! Search Protection
"Yahoo! Software Update"=Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 10/29/2009 5:54:34 AM | Computer Name = GAMER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/29/2009 5:55:52 AM | Computer Name = GAMER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
asuskbnt eeCtrl EIO Fips intelppm mfehidk SASDIFSV SASKUTIL SAVRTPEL SPBBCDrv

Error - 10/29/2009 5:56:19 AM | Computer Name = GAMER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 10/29/2009 5:56:20 AM | Computer Name = GAMER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 10/29/2009 6:09:34 AM | Computer Name = GAMER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/29/2009 7:04:10 AM | Computer Name = GAMER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/29/2009 7:11:35 AM | Computer Name = GAMER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/29/2009 7:11:45 AM | Computer Name = GAMER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 10/29/2009 7:20:22 AM | Computer Name = GAMER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/29/2009 7:21:50 AM | Computer Name = GAMER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >

***************************************************************

Thanks in advance for the assistance...and thanks for such a great site - have been referring to it for years, although I've never posted before.

Edited by NetPros, 29 October 2009 - 10:32 AM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:22 AM

Posted 30 October 2009 - 05:48 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:22 AM

Posted 16 November 2009 - 05:47 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users