Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool / Other Random Malware / Pop Ups


  • This topic is locked This topic is locked
24 replies to this topic

#1 Peoples-2

Peoples-2

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 30 October 2009 - 04:09 PM

So recently I have been trouble with my computer, with both pop ups and malware programs. I got rid of the first one, then after a day a second one appeared, deleted or thought I deleted the second, then the same virus/program popped back up the next day. Throughout all of these I have been having random pop ups while using FireFox which has never happened before.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Riverside at 16:42:53.79 on Fri 10/30/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.383 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Riverside\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {C277B942-1F68-486b-8F95-6E486A13F148} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\explorer.exe" /runcleanupscript
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by141fd.bay141.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139876059046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/html - {3b087895-3975-4347-a3f8-e1305719f548} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: yurebuju.dll c:\windows\system32\wiliroba.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: badarolod - {3a8a116c-5560-4e4b-b4aa-3d48d5e4db12} - c:\windows\system32\wiliroba.dll
STS: tokatiluy: {3a8a116c-5560-4e4b-b4aa-3d48d5e4db12} - c:\windows\system32\wiliroba.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli c:\windows\system32\gizolama.dll c:\windows\system32\kosugake.dll mujoviku.dll gobikose.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rivers~1\applic~1\mozilla\firefox\profiles\qldbzdy2.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-11-26 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-26 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-26 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-26 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-26 285392]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2005-8-20 14336]
R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2004-8-10 47104]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe

-sVAIO_VEDB [?]
S1 54eb5c268c4e0;54eb5c268c4e0;c:\windows\system32\drivers\54eb5c268c4e0.sys --> c:\windows\system32\drivers\54eb5c268c4e0.sys [?]
S1 6ec01f81674faff0;6ec01f81674faff0;c:\windows\system32\drivers\6ec01f81674faff0.sys [2005-8-20 79872]
S2 gsshob;gsshob;\??\c:\windows\system32\drivers\uhurd.sys --> c:\windows\system32\drivers\uhurd.sys [?]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\lccfltr.sys --> c:\windows\system32\drivers\LCcFltr.Sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i

VAIO_VEDB [?]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2008-7-8 2385896]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-14 24652]

=============== Created Last 30 ================

2009-10-30 20:38:25 0 d-----w- c:\program files\Trend Micro
2009-10-30 20:34:19 34775 ----a-w- c:\windows\system32\t1p0_310647828669.b1k
2009-10-30 20:31:30 34775 ----a-w- c:\windows\system32\t1p0_203930119178.b1k
2009-10-30 12:05:11 34775 ----a-w- c:\windows\system32\t1p0_410570761583.b1k
2009-10-30 12:00:15 0 d-sh--w- C:\found.004
2009-10-30 02:37:15 34775 ----a-w- c:\windows\system32\t1p0_331220775362.b1k
2009-10-30 01:46:35 34749 ----a-w- c:\windows\system32\t1p0_733930711999.b1k
2009-10-29 19:57:21 39129 ----a-w- c:\windows\system32\t1p0_15013558503.b1k
2009-10-29 04:13:16 34774 ----a-w- c:\windows\system32\t1p0_427268198666.b1k
2009-10-29 02:52:59 34773 ----a-w- c:\windows\system32\t1p0_635711490226.b1k
2009-10-27 22:30:09 34748 ----a-w- c:\windows\system32\t1p0_237529553996.b1k
2009-10-27 19:51:51 39128 ----a-w- c:\windows\system32\t1p0_393239523836.b1k
2009-10-27 04:13:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-27 04:13:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-27 04:13:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 03:34:51 0 d-----w- c:\docume~1\rivers~1\applic~1\AVG9
2009-10-27 03:30:40 0 d--h--w- C:\$AVG
2009-10-27 03:29:45 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-26 02:04:26 181 --sh--w- c:\windows\system32\miyahewe.dll
2009-10-25 12:46:38 2713 --sh--w- c:\windows\system32\yamiluyu.dll
2009-10-25 12:46:38 2713 --sh--w- c:\windows\system32\wifowigu.exe
2009-10-24 22:45:05 74 ----a-w- c:\windows\st_affiliate.ini
2009-10-24 18:23:46 0 d-----w- c:\program files\ktimdi
2009-10-24 18:21:21 0 ----a-w- C:\dsiqvib.exe
2009-10-24 18:21:19 6535 ----a-w- C:\wggam.exe
2009-10-24 14:54:23 0 d-----w- c:\program files\Shared
2009-10-04 02:09:57 3250 ----a-w- c:\windows\system32\wbem\Outlook_01ca4497c50ae008.mof
2009-10-04 01:54:53 27792 ----a-w- c:\windows\system32\drivers\point32.sys
2009-10-04 01:54:05 0 d-----w- c:\program files\Microsoft IntelliPoint
2009-10-04 01:53:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-10-04 01:53:50 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-04 01:52:54 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-10-04 01:52:50 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-10-04 01:52:50 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-10-04 01:52:08 0 d-----w- c:\program files\Microsoft IntelliType Pro

==================== Find3M ====================

2009-10-29 07:15:57 79872 ----a-w- c:\windows\system32\drivers\6ec01f81674faff0.sys
2009-10-27 03:30:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-27 03:30:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-27 03:30:12 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-27 03:30:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-19 21:42:18 19655 ----a-w- c:\windows\system32\yqelibu.dat
2009-09-19 21:42:18 19278 ----a-w- c:\windows\system32\hufoqiguji.sys
2009-09-19 21:42:18 14467 ----a-w- c:\windows\system32\ykiziro.vbs
2009-09-19 21:42:18 13150 ----a-w- c:\windows\system32\gynifumedo.bat
2009-09-19 20:56:52 17533 ----a-w- c:\docume~1\alluse~1\applic~1\ihopyvote.dat
2009-09-19 20:56:52 15855 ----a-w- c:\docume~1\rivers~1\applic~1\oweqivu.pif
2009-09-19 20:56:52 15796 ----a-w- c:\program files\common files\foxyxi.dat
2009-09-19 20:56:52 14716 ----a-w- c:\program files\common files\yzypyqi.com
2009-09-19 20:56:52 14419 ----a-w- c:\docume~1\rivers~1\applic~1\judo.pif
2009-09-19 20:56:52 10121 ----a-w- c:\program files\common files\wafomujoli.bat
2009-09-19 20:56:51 19533 ----a-w- c:\docume~1\alluse~1\applic~1\ekuwuwo.dll
2009-09-19 20:56:51 19403 ----a-w- c:\docume~1\rivers~1\applic~1\atuhuryc.vbs
2009-09-19 20:56:51 15011 ----a-w- c:\program files\common files\xysizifo.dat
2009-09-19 20:56:51 14448 ----a-w- c:\docume~1\rivers~1\applic~1\culuxubega.dll
2009-09-19 20:42:30 6656 ----a-w- C:\rhjdpc.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-16 00:58:57 34 ----a-w- c:\documents and settings\riverside\jagex_runescape_preferences.dat
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 22:06:18 142831 ----a-w- c:\windows\fonts\AdobeFnt11.lst
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-30 20:00:27 39424 --sha-w- c:\windows\system32\bekubonu.dll
2009-07-28 23:23:37 39424 --sha-w- c:\windows\system32\botabedu.dll
2009-07-27 10:53:38 39424 --sha-w- c:\windows\system32\fihowizu.dll
2009-07-26 02:03:15 0 --sha-w- c:\windows\system32\ganafihe.dll
2009-07-26 22:55:44 53760 --sha-w- c:\windows\system32\gobikose.dll
2009-07-30 02:27:58 1055264 --sha-w- c:\windows\system32\kaleguli.exe
2009-07-28 11:24:40 39424 --sha-w- c:\windows\system32\kemuzike.dll
2009-07-27 22:53:57 92160 --sha-w- c:\windows\system32\mahalemo.dll
2009-07-25 12:44:34 0 --sha-w- c:\windows\system32\nogopofa.exe
2009-07-26 22:55:44 53760 --sha-w- c:\windows\system32\repeseza.dll
2009-07-27 10:53:38 0 --sha-w- c:\windows\system32\ruhagepi.exe
2009-07-26 02:03:14 0 --sha-w- c:\windows\system32\soremeno.dll
2009-07-25 12:44:34 0 --sha-w- c:\windows\system32\tapeyeni.dll
2009-07-29 11:24:01 39424 --sha-w- c:\windows\system32\tiwunino.dll
2009-07-27 22:53:57 39424 --sha-w- c:\windows\system32\watusero.dll
2009-07-28 11:24:40 1051168 --sha-w- c:\windows\system32\yolopusu.exe
2009-07-26 22:55:44 53760 --sha-w- c:\windows\system32\yurebuju.dll
2009-07-29 11:24:01 1012097 --sha-w- c:\windows\system32\zozegura.exe
2009-06-26 07:35:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060820090615\index.dat
2009-06-26 07:35:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009062620090627\index.dat
2008-04-30 02:29:18 98304 --sha-w- c:\windows\temp\history\history.ie5\mshist012008042920080430\index.dat
2008-05-05 20:56:02 81920 --sha-w- c:\windows\temp\history\history.ie5\mshist012008050520080506\index.dat

============= FINISH: 16:43:59.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 PM

Posted 06 November 2009 - 12:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Peoples-2

Peoples-2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 10 November 2009 - 08:02 AM

OTL freezes every time it gets to scanning my uninstall list.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 PM

Posted 10 November 2009 - 10:20 AM

Hi,

ok, please check None for the Extra registry scan and try to run the scan again, it should not scan the uninstall list, then.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Peoples-2

Peoples-2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 10 November 2009 - 10:31 PM

OTL logfile created on: 11/10/2009 10:30:29 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Riverside\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.12 Mb Total Physical Memory | 502.23 Mb Available Physical Memory | 49.14% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.88 Gb Total Space | 176.15 Gb Free Space | 77.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILYROOM
Current User Name: Riverside
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/10 22:30:20 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Riverside\My Documents\Downloads\OTL(5).exe
PRC - [2009/11/10 21:35:35 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 16:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/05/26 14:16:31 | 01,468,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/05/21 13:25:15 | 01,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/05/21 13:25:15 | 00,448,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2008/06/02 22:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/06/02 22:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/07/17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/08/25 15:07:32 | 00,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/06/17 09:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/06/15 13:17:44 | 00,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/06/15 13:17:44 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/06/15 13:17:38 | 00,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 19:41:42 | 00,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/03/11 20:55:40 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/10 07:00:00 | 00,087,552 | ---- | M] (Andreas Hausladen) -- C:\WINDOWS\system32\opeia.exe
PRC - [2004/08/10 07:00:00 | 00,045,056 | ---- | M] (Netopsystems AG) -- C:\WINDOWS\system32\FastNetSrv.exe
PRC - [2004/08/10 07:00:00 | 00,036,864 | ---- | M] (odatsdjugomllgdvyv) -- C:\WINDOWS\system32\lsm32.sys
PRC - [2003/08/13 14:07:22 | 00,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
PRC - [2002/12/17 19:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2009/11/10 22:30:20 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Riverside\My Documents\Downloads\OTL(5).exe
MOD - [2009/08/09 23:17:16 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\system32\tifukako.dll
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:55 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/13 19:11:51 | 00,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/19 18:57:13 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/06/02 22:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/06/02 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/05/17 16:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/08/25 15:07:32 | 00,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/06/17 09:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)
SRV - [2005/06/15 13:17:46 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/06/15 13:17:44 | 00,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/06/15 13:17:44 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/06/15 13:17:38 | 00,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/06/07 12:58:28 | 01,851,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/06/07 06:44:10 | 00,770,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2005/06/07 06:38:26 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2005/06/07 06:37:14 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/06/07 03:32:54 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/06/07 03:28:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/06/07 03:22:34 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/06/03 08:21:00 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/05/20 19:41:42 | 00,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/05 16:06:36 | 00,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/11 20:55:40 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/10 07:00:00 | 00,045,568 | ---- | M] (FTD2XX Software Technology) -- C:\WINDOWS\system32\BtwSrv.dll -- (BtwSrv)
SRV - [2004/08/10 07:00:00 | 00,045,056 | ---- | M] (Netopsystems AG) -- C:\WINDOWS\system32\FastNetSrv.exe -- (fastnetsrv)
SRV - [2003/08/13 14:10:04 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 14:07:22 | 00,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/12/17 19:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -- (MSSQL$VAIO_VEDB)
SRV - [2002/12/17 19:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -- (SQLAgent$VAIO_VEDB)
SRV - [2002/12/17 19:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - [2009/11/10 21:43:56 | 00,079,872 | ---- | M] () -- C:\WINDOWS\system32\drivers\6ec01f81674faff0.sys -- (6ec01f81674faff0)
DRV - [2009/06/05 10:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/08 20:14:21 | 00,027,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2009/05/08 20:14:18 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/06/03 01:20:54 | 03,100,160 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 13:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/03 00:59:10 | 00,086,824 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2007/07/03 00:58:20 | 00,106,792 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 00:57:24 | 00,011,944 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 00:54:24 | 00,080,552 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007/04/10 16:46:44 | 02,385,896 | ---- | M] (Microsoft Corporation
) -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/03/31 16:27:06 | 01,155,672 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/28 08:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/06/17 09:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/05/23 12:31:46 | 01,034,752 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 12:30:48 | 00,178,048 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 12:30:42 | 00,716,288 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/25 04:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/03/31 19:04:52 | 00,180,736 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express)
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/05 23:20:34 | 00,788,736 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/03/17 14:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2000/12/05 18:18:02 | 00,003,952 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 21:43:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/10 21:35:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/10 21:35:57 | 00,000,000 | ---D | M]

[2009/04/10 20:20:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riverside\Application Data\Mozilla\Extensions
[2009/04/10 20:20:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riverside\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/09 23:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riverside\Application Data\Mozilla\Firefox\Profiles\qldbzdy2.default\extensions
[2009/09/17 16:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riverside\Application Data\Mozilla\Firefox\Profiles\qldbzdy2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/07 12:52:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/10 21:35:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/10 21:35:33 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/10 21:35:33 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/11/10 21:35:43 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/06/28 10:03:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/28 10:03:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/28 10:03:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/28 10:03:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/28 10:03:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/28 10:03:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/28 10:03:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/11/01 14:01:42 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/01 14:01:42 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/01 14:01:42 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/01 14:01:43 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/01 14:01:43 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/01 14:01:43 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/01 14:01:43 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (146 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.microsoft.com
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226 www.osguard-pro.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5cca3d12-f0cc-4b6d-ae50-16be88ebcc96} - File not found
O2 - BHO: (no name) - {C277B942-1F68-486b-8F95-6E486A13F148} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by141fd.bay141.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1139876059046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\wiliroba.dll) - C:\WINDOWS\System32\wiliroba.dll File not found
O20 - AppInit_DLLs: (tifukako.dll) - C:\WINDOWS\System32\tifukako.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: badarolod - {3a8a116c-5560-4e4b-b4aa-3d48d5e4db12} - C:\WINDOWS\System32\wiliroba.dll File not found
O22 - SharedTaskScheduler: {3a8a116c-5560-4e4b-b4aa-3d48d5e4db12} - tokatiluy - C:\WINDOWS\System32\wiliroba.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/20 16:26:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bbdb54ea-4bfc-11da-81e2-806d6172696f}\Shell\AutoRun\command - "" = M:\sony\Autorun.exe -- File not found
O33 - MountPoints2\{f1f0661f-0295-11dc-9581-001320b18b5e}\Shell\AutoRun\command - "" = J:\SETUP.EXE -- File not found
O33 - MountPoints2\{f1f0661f-0295-11dc-9581-001320b18b5e}\Shell\VERB\COMMAND - "" = J:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/30 15:38:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/30 07:00:15 | 00,000,000 | -HSD | C] -- C:\found.004
[2009/10/26 23:13:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/26 23:13:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/26 23:13:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/26 18:31:00 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Riverside\Desktop\hello.exe.exe
[2009/10/24 13:23:46 | 00,000,000 | ---D | C] -- C:\Program Files\ktimdi
[2009/10/24 09:54:23 | 00,000,000 | ---D | C] -- C:\Program Files\Shared
[6 C:\Documents and Settings\Riverside\Desktop\*.tmp files -> C:\Documents and Settings\Riverside\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/10 22:29:44 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\fayorike
[2009/11/10 22:21:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/10 22:21:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/11/10 22:21:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/10 22:20:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/10 22:20:09 | 10,718,45376 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/10 22:19:23 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Riverside\ntuser.dat
[2009/11/10 22:19:23 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Riverside\ntuser.ini
[2009/11/10 22:07:22 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\prvlcl.dat
[2009/11/10 21:43:56 | 00,079,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\6ec01f81674faff0.sys
[2009/11/01 21:36:55 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Riverside\Desktop\Microsoft Office Word 2003.lnk
[2009/11/01 20:25:18 | 00,000,000 | -HS- | M] () -- C:\WINDOWS\System32\yanukoka.dll
[2009/11/01 20:25:18 | 00,000,000 | -HS- | M] () -- C:\WINDOWS\System32\molukoza.dll
[2009/11/01 15:48:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/11/01 15:48:32 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/11/01 15:39:50 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Riverside\My Documents\uofc essay.doc
[2009/11/01 13:56:06 | 00,462,188 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 13:56:06 | 00,079,656 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 13:56:05 | 00,551,900 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/31 14:35:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/10/31 14:35:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/10/31 14:35:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/10/31 14:35:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/10/31 14:34:16 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Riverside\Desktop\essay.doc
[2009/10/30 15:38:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Riverside\Desktop\HijackThis.lnk
[2009/10/30 15:34:19 | 00,034,775 | ---- | M] () -- C:\WINDOWS\System32\t1p0_310647828669.b1k
[2009/10/30 15:31:30 | 00,034,775 | ---- | M] () -- C:\WINDOWS\System32\t1p0_203930119178.b1k
[2009/10/30 07:05:11 | 00,034,775 | ---- | M] () -- C:\WINDOWS\System32\t1p0_410570761583.b1k
[2009/10/29 21:37:15 | 00,034,775 | ---- | M] () -- C:\WINDOWS\System32\t1p0_331220775362.b1k
[2009/10/29 20:46:35 | 00,034,749 | ---- | M] () -- C:\WINDOWS\System32\t1p0_733930711999.b1k
[2009/10/29 14:57:21 | 00,039,129 | ---- | M] () -- C:\WINDOWS\System32\t1p0_15013558503.b1k
[2009/10/28 23:13:16 | 00,034,774 | ---- | M] () -- C:\WINDOWS\System32\t1p0_427268198666.b1k
[2009/10/28 21:53:00 | 00,034,773 | ---- | M] () -- C:\WINDOWS\System32\t1p0_635711490226.b1k
[2009/10/27 17:30:09 | 00,034,748 | ---- | M] () -- C:\WINDOWS\System32\t1p0_237529553996.b1k
[2009/10/27 14:51:51 | 00,039,128 | ---- | M] () -- C:\WINDOWS\System32\t1p0_393239523836.b1k
[2009/10/26 23:13:41 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/26 22:30:12 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
[2009/10/26 18:31:36 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Riverside\Desktop\hello.exe.exe
[2009/10/25 21:04:26 | 00,000,181 | -HS- | M] () -- C:\WINDOWS\System32\miyahewe.dll
[2009/10/25 07:46:38 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\yamiluyu.dll
[2009/10/25 07:46:38 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\wifowigu.exe
[2009/10/24 17:45:05 | 00,000,074 | ---- | M] () -- C:\WINDOWS\st_affiliate.ini
[2009/10/24 17:27:21 | 00,000,775 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/24 16:15:49 | 00,160,375 | ---- | M] () -- C:\Documents and Settings\Riverside\Desktop\NeuhardJennifer_FeasibilityAnalysis_Draft2[1].docx
[2009/10/24 13:21:23 | 00,006,535 | ---- | M] () -- C:\wggam.exe
[2009/10/24 13:21:21 | 00,000,000 | ---- | M] () -- C:\dsiqvib.exe
[2009/10/19 00:35:02 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/19 00:30:50 | 02,004,896 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/10/13 20:08:16 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[6 C:\Documents and Settings\Riverside\Desktop\*.tmp files -> C:\Documents and Settings\Riverside\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/01 20:25:18 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\yanukoka.dll
[2009/11/01 20:25:18 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\molukoza.dll
[2009/11/01 15:26:01 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Riverside\My Documents\uofc essay.doc
[2009/10/30 15:38:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Riverside\Desktop\HijackThis.lnk
[2009/10/30 15:34:19 | 00,034,775 | ---- | C] () -- C:\WINDOWS\System32\t1p0_310647828669.b1k
[2009/10/30 15:31:30 | 00,034,775 | ---- | C] () -- C:\WINDOWS\System32\t1p0_203930119178.b1k
[2009/10/30 15:11:58 | 10,718,45376 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/30 07:05:11 | 00,034,775 | ---- | C] () -- C:\WINDOWS\System32\t1p0_410570761583.b1k
[2009/10/29 21:37:15 | 00,034,775 | ---- | C] () -- C:\WINDOWS\System32\t1p0_331220775362.b1k
[2009/10/29 20:46:35 | 00,034,749 | ---- | C] () -- C:\WINDOWS\System32\t1p0_733930711999.b1k
[2009/10/29 14:57:21 | 00,039,129 | ---- | C] () -- C:\WINDOWS\System32\t1p0_15013558503.b1k
[2009/10/28 23:13:16 | 00,034,774 | ---- | C] () -- C:\WINDOWS\System32\t1p0_427268198666.b1k
[2009/10/28 21:52:59 | 00,034,773 | ---- | C] () -- C:\WINDOWS\System32\t1p0_635711490226.b1k
[2009/10/27 17:30:09 | 00,034,748 | ---- | C] () -- C:\WINDOWS\System32\t1p0_237529553996.b1k
[2009/10/27 14:51:51 | 00,039,128 | ---- | C] () -- C:\WINDOWS\System32\t1p0_393239523836.b1k
[2009/10/26 23:13:12 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/26 22:42:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\prvlcl.dat
[2009/10/26 22:26:45 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Riverside\Desktop\essay.doc
[2009/10/25 21:04:26 | 00,000,181 | -HS- | C] () -- C:\WINDOWS\System32\miyahewe.dll
[2009/10/25 07:46:38 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\yamiluyu.dll
[2009/10/25 07:46:38 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\wifowigu.exe
[2009/10/24 17:45:05 | 00,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/10/24 16:15:48 | 00,160,375 | ---- | C] () -- C:\Documents and Settings\Riverside\Desktop\NeuhardJennifer_FeasibilityAnalysis_Draft2[1].docx
[2009/10/24 13:21:21 | 00,000,000 | ---- | C] () -- C:\dsiqvib.exe
[2009/10/24 13:21:19 | 00,006,535 | ---- | C] () -- C:\wggam.exe
[2009/09/19 16:42:18 | 00,019,278 | ---- | C] () -- C:\WINDOWS\System32\hufoqiguji.sys
[2009/09/19 16:42:18 | 00,018,821 | ---- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\tewibunan.sys
[2009/09/19 16:42:18 | 00,013,672 | ---- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\favinike._dl
[2009/09/19 16:42:18 | 00,012,504 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\gulysun.inf
[2009/09/19 15:56:52 | 00,017,533 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ihopyvote.dat
[2009/09/19 15:56:52 | 00,015,855 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\oweqivu.pif
[2009/09/19 15:56:52 | 00,015,796 | ---- | C] () -- C:\Program Files\Common Files\foxyxi.dat
[2009/09/19 15:56:52 | 00,014,716 | ---- | C] () -- C:\Program Files\Common Files\yzypyqi.com
[2009/09/19 15:56:52 | 00,014,419 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\judo.pif
[2009/09/19 15:56:52 | 00,013,080 | ---- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\tekuw.pif
[2009/09/19 15:56:52 | 00,010,121 | ---- | C] () -- C:\Program Files\Common Files\wafomujoli.bat
[2009/09/19 15:56:51 | 00,019,533 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ekuwuwo.dll
[2009/09/19 15:56:51 | 00,019,403 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\atuhuryc.vbs
[2009/09/19 15:56:51 | 00,016,859 | ---- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\ijatyxijod.dat
[2009/09/19 15:56:51 | 00,016,020 | ---- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\pusetufenu.ban
[2009/09/19 15:56:51 | 00,015,011 | ---- | C] () -- C:\Program Files\Common Files\xysizifo.dat
[2009/09/19 15:56:51 | 00,014,448 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\culuxubega.dll
[2009/09/19 15:56:51 | 00,013,978 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\woryjumyfe.inf
[2009/09/19 15:56:51 | 00,012,724 | ---- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\somagobyc.bat
[2009/08/10 21:34:42 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yejedotu.dll
[2009/08/10 21:34:41 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\zepepewa.dll
[2009/08/09 23:17:16 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\tifukako.dll
[2009/08/09 23:17:16 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\mirububu.dll
[2009/08/09 23:16:44 | 00,000,003 | -HS- | C] () -- C:\WINDOWS\System32\veyetidi.dll
[2009/08/09 23:16:42 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\sunufajo.dll
[2009/08/09 23:16:42 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\peheliba.dll
[2009/08/09 23:16:42 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\hilavabi.dll
[2009/08/08 12:17:44 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fokonefo.dll
[2009/08/08 12:17:41 | 00,060,928 | -HS- | C] () -- C:\WINDOWS\System32\hofohulu.dll
[2009/08/01 20:25:10 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\lotuvowu.dll
[2009/08/01 20:25:10 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\boyefuke.dll
[2009/07/28 18:23:37 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\botabedu.dll
[2009/07/27 17:53:57 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\watusero.dll
[2009/07/25 21:03:15 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\ganafihe.dll
[2009/07/25 21:03:14 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\soremeno.dll
[2009/07/25 07:44:34 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\tapeyeni.dll
[2009/01/25 00:14:07 | 00,000,098 | ---- | C] () -- C:\WINDOWS\etkinst.ini
[2008/10/05 10:32:18 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\$_hpcst$.hpc
[2008/07/08 13:24:07 | 00,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2008/05/31 17:21:41 | 00,000,000 | -HS- | C] () -- C:\Documents and Settings\Riverside\Application Data\004841ceba78d6ef2ea4dd10730df10430d06cf4af.dat
[2008/05/31 17:18:34 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\install.ini
[2008/04/17 15:06:50 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/16 07:57:43 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/12 23:54:14 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/01 00:37:57 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/17 20:45:41 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/05/06 15:48:29 | 00,070,798 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/05/06 15:48:29 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/05/06 15:48:20 | 00,002,128 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\HPSU_48BitScanUpdate.log
[2006/05/06 15:48:20 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/05/06 15:47:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2006/05/06 15:47:07 | 00,000,359 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2006/05/06 15:47:07 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/05/06 15:46:57 | 00,002,472 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/05/06 15:46:57 | 00,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/05/06 15:46:11 | 00,002,898 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\PatchUpdate_InstantShareJPG.log
[2006/05/06 15:46:11 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/05/06 15:44:10 | 00,003,689 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\PatchUpdate_IZClosingDiscError.log
[2006/05/06 15:44:10 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/05/06 15:04:43 | 00,005,666 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/05/06 15:04:43 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/06 15:03:46 | 00,054,140 | ---- | C] () -- C:\Documents and Settings\Riverside\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/05/06 15:03:46 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/12/30 18:55:43 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/12/30 18:55:23 | 00,000,167 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/12/30 18:54:52 | 00,000,735 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2005/12/30 18:33:31 | 00,002,059 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/30 14:59:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Riverside\Application Data\desktop.ini
[2005/12/30 14:59:55 | 03,179,114 | -H-- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\IconCache.db
[2005/12/30 14:59:55 | 00,056,784 | ---- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/12/30 14:59:55 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\Riverside\Local Settings\Application Data\fusioncache.dat
[2005/11/02 19:25:28 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/11/02 19:23:13 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/11/02 19:22:41 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/02 19:22:12 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/02 19:22:12 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/02 19:22:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/02 19:22:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/02 19:22:12 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/02 19:22:12 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/02 19:21:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/02 19:16:37 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/21 13:24:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/21 12:25:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/08/20 16:34:12 | 00,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/20 16:14:25 | 00,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/20 16:14:07 | 00,000,775 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/20 16:14:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/20 16:14:02 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\6ec01f81674faff0.sys
[2005/08/20 09:20:09 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/05 16:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/06 15:30:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/17 12:46:42 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 PM

Posted 11 November 2009 - 06:34 AM

Hi,

please run Combofix, that should take out most of the infections:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Peoples-2

Peoples-2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 11 November 2009 - 08:34 AM

Ran ComboFix. Attached is the log.

For what it's worth, everytime I search something on google and click on a result, it takes me to a random irrelevant website.

Thanks for the help.

Attached Files

  • Attached File  log.txt   22.14KB   7 downloads

Edited by Peoples-2, 11 November 2009 - 08:36 AM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 PM

Posted 11 November 2009 - 09:25 AM

Hi,

Combofix took out a couple of things, but there is still quite a lot left.

Please run the following script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::
MIA::
c:\windows\system32\drivers\beep.sys
c:\windows\system32\eventlog.dll

SRPeek::
c:\windows\system32\drivers\beep.sys
c:\windows\system32\eventlog.dll

AWF::
c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
c:\program files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe
c:\program files\Sony\VAIO Update 2\bak\VAIOUpdt.exe
c:\program files\Wireless Desktop\bak\LgWDskTp.exe
c:\windows\ehome\bak\ehtray.exe
c:\windows\SONYSYS\VAIO Recovery\bak\PartSeal.exe

File::
c:\windows\system32\lsm32.sys
c:\windows\system32\drivers\uhurd.sys
c:\windows\system32\DRIVERS\54eb5c268c4e0.sys
c:\windows\system32\drivers\6ec01f81674faff0.sys
c:\windows\system32\FastNetSrv.exe
C:\windows\system32\mirububu.dll
c:\windows\system32\bozagudu.exe
c:\windows\system32\levewani.exe
c:\windows\system32\nogopofa.exe
c:\windows\system32\ruhagepi.exe
c:\windows\system32\sokofosu.exe
c:\windows\system32\veyetidi.dll
C:\wggam.exe
c:\windows\system32\drivers\6ec01f81674faff0.sys
c:\windows\system32\yqelibu.dat
c:\windows\system32\hufoqiguji.sys
c:\documents and settings\Riverside\Local Settings\Application Data\tewibunan.sys


Folder::
c:\program files\ktimdi
c:\windows\system32\bak
c:\program files\QuickTime\bak
c:\program files\Java\jre1.6.0_03\bin\bak
c:\program files\iTunes\bak

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\kdlnh.exe]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\6ec01f81674faff0.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54eb5c268c4e0.sys]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"=-
"wapizenini"=-

Driver::
54eb5c268c4e0;54eb5c268c4e0
gsshob
6ec01f81674faff0
fastnetsrv
BtwSrv


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Afterwards please also run Win32kdiag:
Download and run Win32kDiag:And also run gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please post back the log from gmer, win32kdiag and ComboFix in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Peoples-2

Peoples-2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 11 November 2009 - 01:06 PM

ComboFix using that script doesn't seem to want to work. It freezes up every time before it even starts the scan. I've tried several times.

Do you want me to go ahead and run Win32kDiag and gmer?

Thanks, it's appreciated.

Edited by Peoples-2, 11 November 2009 - 01:06 PM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 PM

Posted 11 November 2009 - 06:03 PM

Hi,

please download a fresh copy of ComboFix and try again. If it still freezes please provide the gmer and win32kdiag without the ComboFix log.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Peoples-2

Peoples-2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 11 November 2009 - 10:39 PM

I could not get ComboFix to work (froze every time).

Here's win23kdiag:

Running from: C:\Documents and Settings\Riverside\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Riverside\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

Edited by Peoples-2, 11 November 2009 - 10:47 PM.


#12 Peoples-2

Peoples-2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 11 November 2009 - 10:48 PM

GMER.LOG

GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-11 22:46:53
Windows 5.1.2600 Service Pack 3
Running: m6ptcsuk.exe; Driver: C:\DOCUME~1\RIVERS~1\LOCALS~1\Temp\pxrdipog.sys


---- System - GMER 1.0.15 ----

SSDT 85924E36 ZwQuerySystemInformation

Code 859252CC pIofCallDriver
Code 8592472E pIofCompleteRequest

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00C27D91; RET
.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00C2C381; RET
.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 00C2C4B6; RET
.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 00C29126; RET
.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00C290F7; RET
.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00C26DB0; RET
.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00C2C433; RET
.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00C26D36; RET
.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00C290A5; RET
.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 00C2E3C2; RET
.text C:\Documents and Settings\Riverside\My Documents\Downloads\m6ptcsuk.exe[228] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 00C2E396; RET
.text C:\WINDOWS\Explorer.EXE[400] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00D37D91; RET
.text C:\WINDOWS\Explorer.EXE[400] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 00D3E3C2; RET
.text C:\WINDOWS\Explorer.EXE[400] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 00D3E396; RET
.text C:\WINDOWS\Explorer.EXE[400] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00D3C381; RET
.text C:\WINDOWS\Explorer.EXE[400] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 00D3C4B6; RET
.text C:\WINDOWS\Explorer.EXE[400] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 00D39126; RET
.text C:\WINDOWS\Explorer.EXE[400] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00D390F7; RET
.text C:\WINDOWS\Explorer.EXE[400] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00D36DB0; RET
.text C:\WINDOWS\Explorer.EXE[400] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00D3C433; RET
.text C:\WINDOWS\Explorer.EXE[400] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00D36D36; RET
.text C:\WINDOWS\Explorer.EXE[400] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00D390A5; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01E17D91; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 01E1C381; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 01E1C4B6; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 01E19126; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 01E190F7; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 01E16DB0; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 01E1C433; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 01E16D36; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 01E190A5; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 01E1E3C2; RET
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[660] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 01E1E396; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00E87D91; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00E8C381; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 00E8C4B6; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 00E89126; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00E890F7; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00E86DB0; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00E8C433; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00E86D36; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00E890A5; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 00E8E3C2; RET
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[664] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 00E8E396; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00D57D91; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00D5C381; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 00D5C4B6; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 00D59126; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00D590F7; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00D56DB0; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00D5C433; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00D56D36; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00D590A5; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 00D5E3C2; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[676] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 00D5E396; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 0110E3C2; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 0110E396; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01107D91; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0110C381; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 0110C4B6; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 01109126; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 011090F7; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 01106DB0; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0110C433; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 01106D36; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[784] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 011090A5; RET
.text C:\Program Files\QuickTime\qttask.exe[924] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00AA7D91; RET
.text C:\Program Files\QuickTime\qttask.exe[924] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00AAC381; RET
.text C:\Program Files\QuickTime\qttask.exe[924] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 00AAC4B6; RET
.text C:\Program Files\QuickTime\qttask.exe[924] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 00AA9126; RET
.text C:\Program Files\QuickTime\qttask.exe[924] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00AA90F7; RET
.text C:\Program Files\QuickTime\qttask.exe[924] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00AA6DB0; RET
.text C:\Program Files\QuickTime\qttask.exe[924] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00AAC433; RET
.text C:\Program Files\QuickTime\qttask.exe[924] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00AA6D36; RET
.text C:\Program Files\QuickTime\qttask.exe[924] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00AA90A5; RET
.text C:\Program Files\QuickTime\qttask.exe[924] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 00AAE3C2; RET
.text C:\Program Files\QuickTime\qttask.exe[924] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 00AAE396; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 003D7D91; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 003DE3C2; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 003DE396; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 003DC381; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 003DC4B6; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 003D9126; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 003D90F7; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 003D6DB0; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 003DC433; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 003D6D36; RET
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[992] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 003D90A5; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01077D91; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0107C381; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 0107C4B6; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 01079126; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 010790F7; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 01076DB0; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0107C433; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 01076D36; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 010790A5; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 0107E3C2; RET
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1028] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 0107E396; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00E77D91; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00E7C381; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 00E7C4B6; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 00E79126; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00E790F7; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00E76DB0; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00E7C433; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00E76D36; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00E790A5; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 00E7E3C2; RET
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1108] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 00E7E396; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00B47D91; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00B4C381; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 00B4C4B6; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 00B49126; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00B490F7; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00B46DB0; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00B4C433; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00B46D36; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00B490A5; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 00B4E3C2; RET
.text C:\WINDOWS\system32\ctfmon.exe[1124] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 00B4E396; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00367D91; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0036C381; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 0036C4B6; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 00369126; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 003690F7; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00366DB0; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0036C433; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00366D36; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 003690A5; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 0036E3C2; RET
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1232] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 0036E396; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00D17D91; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00D1C381; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 00D1C4B6; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 00D19126; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00D190F7; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00D16DB0; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00D1C433; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00D16D36; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00D190A5; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 00D1E3C2; RET
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3144] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 00D1E396; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00B37D91; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00B3C381; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] WS2_32.dll!inet_addr 71AB2EE1 6 Bytes PUSH 00B3C4B6; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] WS2_32.dll!sendto 71AB2F51 6 Bytes PUSH 00B39126; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00B390F7; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00B36DB0; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00B3C433; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00B36D36; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00B390A5; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 00B3E3C2; RET
.text C:\WINDOWS\system32\wscntfy.exe[3392] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 00B3E396; RET

---- Threads - GMER 1.0.15 ----

Thread System [4:600] 859244CC
Thread System [4:416] 859254F8
Thread System [4:1532] 85925782

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0x14 0x82 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x52 0xCD 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x02 0xA6 0x68 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0x14 0x82 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x52 0xCD 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x02 0xA6 0x68 0xEF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0x14 0x82 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x52 0xCD 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x02 0xA6 0x68 0xEF ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 PM

Posted 12 November 2009 - 06:41 AM

Hi,

please try redownloading Combofix and renaming it before you save it, then run it without the script:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • rename it to fun.exe
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Peoples-2

Peoples-2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 12 November 2009 - 09:16 PM

After numerous attempts...ComboFix finally ran taking around 45 minutes....attached is the log.

Attached Files



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 PM

Posted 13 November 2009 - 08:20 AM

Hi,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.


C:\windows\netlogon.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Then please try to run the renamed Combofix with the script following in message . It may take a lot of time.
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

MIA::
c:\windows\system32\drivers\beep.sys
c:\windows\system32\eventlog.dll

SRPeek::
C:\windows\netlogon.dll

AWF::
c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
c:\program files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe
c:\program files\Sony\VAIO Update 2\bak\VAIOUpdt.exe
c:\program files\Wireless Desktop\bak\LgWDskTp.exe
c:\windows\ehome\bak\ehtray.exe
c:\windows\SONYSYS\VAIO Recovery\bak\PartSeal.exe

File::
c:\windows\system32\lsm32.sys
c:\windows\system32\drivers\uhurd.sys
c:\windows\system32\DRIVERS\54eb5c268c4e0.sys
c:\windows\system32\drivers\6ec01f81674faff0.sys
c:\windows\system32\FastNetSrv.exe
C:\windows\system32\mirububu.dll
c:\windows\system32\bozagudu.exe
c:\windows\system32\levewani.exe
c:\windows\system32\nogopofa.exe
c:\windows\system32\ruhagepi.exe
c:\windows\system32\sokofosu.exe
c:\windows\system32\veyetidi.dll
C:\wggam.exe
c:\windows\system32\drivers\6ec01f81674faff0.sys
c:\windows\system32\yqelibu.dat
c:\windows\system32\hufoqiguji.sys
c:\documents and settings\Riverside\Local Settings\Application Data\tewibunan.sys
c:\windows\system32\wmdtc.exe
c:\windows\system32\opeia.exe


Folder::
c:\program files\ktimdi
c:\windows\system32\bak
c:\program files\QuickTime\bak
c:\program files\Java\jre1.6.0_03\bin\bak
c:\program files\iTunes\bak

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\kdlnh.exe]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\6ec01f81674faff0.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54eb5c268c4e0.sys]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"=-
"wapizenini"=-

Driver::
54eb5c268c4e0;54eb5c268c4e0
gsshob
6ec01f81674faff0
fastnetsrv
BtwSrv


Save this as CFScript.txt, in the same location as ComboFix.exe



Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

please let me know if this works.

regards myrti

Edited by myrti, 16 November 2009 - 09:07 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users