Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get this Malware removed. Missing .dll files also.


  • This topic is locked This topic is locked
17 replies to this topic

#1 coreywaslegend

coreywaslegend

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 23 March 2010 - 08:29 PM

My PC starts up as c://system32/windows/muture.dll file missing or corrupt. May cause fatal errors ect ect ect. Also been having a lot of crashes and Trojans found lately. I use AVG Premium service as well as Spyhunter3 Premium service. My HijackThis log posted below. Someone please help :/

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:27 PM, on 3/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [leyajusir] Rundll32.exe "c:\windows\system32\muturebe.dll",a
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1235856335968
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazon...etect_intel.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: bonopefo.dll c:\windows\system32\muturebe.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: hiyesopir - {804c9762-55a5-4e6d-bdab-b358d5597ad6} - c:\windows\system32\muturebe.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {804c9762-55a5-4e6d-bdab-b358d5597ad6} - c:\windows\system32\muturebe.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Edited by Animal, 23 March 2010 - 08:33 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 27 March 2010 - 04:59 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 coreywaslegend

coreywaslegend
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 27 March 2010 - 06:34 PM

This problem started about 2 weeks ago. When I start up my PC I get this error message:

Error loading c:\windows\system32\muturebe.dll
The specified module could not be found.


My AVG9.0 also runs on a 6 hour interval and normally catches/blocks 3-4 Trojans. My computer is a lot slower and I find that it crashes very frequently.

OTL Logs
OTL Extras logfile created on: 3/27/2010 3:29:55 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 104.64 Gb Free Space | 44.93% Space Free | Partition Type: NTFS
Drive D: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARENT-CDBC70E1
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-73586283-1123561945-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"9536:TCP" = 9536:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"9536:TCP" = 9536:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\regsvr32.exe" = C:\WINDOWS\system32\regsvr32.exe:*:Enabled:Microsoft© Register Server -- (Microsoft Corporation)
"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F33250B-7C59-5A14-6ED5-FCC251A962D0}" = Skins
"{14378007-ACD5-2482-33A1-F79289A452E7}" = Catalyst Control Center Graphics Full Existing
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1E1CB0CC-50E9-2618-5D7C-03BE0A27E118}" = Catalyst Control Center Core Implementation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{4CA9EA31-65E6-00E2-3DBB-19AF01D51C8D}" = Catalyst Control Center Graphics Light
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"{5EF19AD3-1873-9072-D526-E8F4E6A9EE59}" = Catalyst Control Center Graphics Full New
"{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{68C83D63-C661-C444-7E60-E0328D842ECB}" = ccc-core-preinstall
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{72D07FDD-94B7-A4EE-8C28-888C55D33831}" = ccc-core-static
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7FFC95A3-A514-E94D-72A1-B0FF80656519}" = CCC Help English
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA7444-96B0-439F-ADCA-9DA75D18BA4F}" = RPS CRT
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3C4EBD-EB8F-44A2-A571-241CDECBB266}" = VideoMate for You/Stereo Driver
"{8CC15633-2327-43F4-BA85-B83FDB4B59BE}" = Microsoft Broadband Networking
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97FA9DC8-B4AF-84EE-DA97-B13FE28381BA}" = ccc-utility
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer and Tetra Master
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB8DAA53-7DBA-4783-9908-1FD72CD1AE9F}" = SwitchBlade PRO
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F73920B1-FD39-6893-4E9B-748311B666AF}" = Catalyst Control Center Graphics Previews Common
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AlienGUIse Theme Manager" = AlienGUIse Theme Manager
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"FFXI AppBeta June 26" = FFXI App
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer and Tetra Master
"JAIELangPack" = Japanese Language Support
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"NVIDIA Drivers" = NVIDIA Drivers
"Pinnacle Studio DC10plus" = Pinnacle Studio DC10plus
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/12/2010 8:29:27 PM | Computer Name = PARENT-CDBC70E1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3.

Error - 1/12/2010 9:27:41 PM | Computer Name = PARENT-CDBC70E1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x02ad179f.

Error - 1/12/2010 9:29:01 PM | Computer Name = PARENT-CDBC70E1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msvcrt.dll, version 7.0.2600.5512, fault address 0x0003641a.

Error - 1/13/2010 2:21:08 AM | Computer Name = PARENT-CDBC70E1 | Source = Application Error | ID = 1000
Description = Faulting application pol.exe, version 1.18.12.0, faulting module msvcrt.dll,
version 7.0.2600.5512, fault address 0x000372e3.

Error - 1/13/2010 10:50:17 PM | Computer Name = PARENT-CDBC70E1 | Source = Application Error | ID = 1000
Description = Faulting application setf4.tmp, version 9.1.0.429, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 1/13/2010 11:02:49 PM | Computer Name = PARENT-CDBC70E1 | Source = Application Error | ID = 1000
Description = Faulting application spyhunter3.exe, version 1.0.46.0, faulting module
registryguard.dll, version 1.0.48.0, fault address 0x0005414b.

Error - 1/13/2010 11:03:35 PM | Computer Name = PARENT-CDBC70E1 | Source = Application Error | ID = 1001
Description = Fault bucket 1508726151.

Error - 1/19/2010 10:48:40 PM | Computer Name = PARENT-CDBC70E1 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/20/2010 8:10:13 PM | Computer Name = PARENT-CDBC70E1 | Source = MsiInstaller | ID = 11308
Description = Product: SwitchBlade PRO -- Error 1308. Source file not found: C:\Program
Files\SwitchBlade\haspdnert_x64.dll. Verify that the file exists and that you
can access it.

Error - 2/20/2010 8:57:20 PM | Computer Name = PARENT-CDBC70E1 | Source = MsiInstaller | ID = 11308
Description = Product: SwitchBlade PRO -- Error 1308. Source file not found: C:\Program
Files\SwitchBlade\haspdnert_x64.dll. Verify that the file exists and that you
can access it.

[ System Events ]
Error - 3/23/2010 9:12:28 PM | Computer Name = PARENT-CDBC70E1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/23/2010 9:12:30 PM | Computer Name = PARENT-CDBC70E1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/23/2010 9:14:36 PM | Computer Name = PARENT-CDBC70E1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/23/2010 9:14:37 PM | Computer Name = PARENT-CDBC70E1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/23/2010 9:14:46 PM | Computer Name = PARENT-CDBC70E1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/23/2010 9:14:50 PM | Computer Name = PARENT-CDBC70E1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/23/2010 9:14:50 PM | Computer Name = PARENT-CDBC70E1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/23/2010 9:19:55 PM | Computer Name = PARENT-CDBC70E1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/26/2010 12:14:38 AM | Computer Name = PARENT-CDBC70E1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001D7D9AE6AB has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/26/2010 3:10:13 PM | Computer Name = PARENT-CDBC70E1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.10 for the Network Card with network
address 001D7D9AE6AB has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

---------------------------------------------------------------------------------------------

OTL logfile created on: 3/27/2010 3:29:55 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 104.64 Gb Free Space | 44.93% Space Free | Partition Type: NTFS
Drive D: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARENT-CDBC70E1
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/27 15:29:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/03/24 18:08:22 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/16 23:41:44 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/16 23:41:42 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/16 23:41:42 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/16 23:41:39 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/16 23:41:34 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/16 23:41:34 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/16 23:41:33 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/16 23:41:32 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/19 23:23:55 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/07/17 17:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2005/05/12 12:02:24 | 000,437,760 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\AlienGUIse\wbload.exe
PRC - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\system32\bonopefo.dll
MOD - [2010/03/27 15:29:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2006/08/08 15:09:54 | 000,501,821 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wblind.dll
MOD - [2003/02/26 23:24:32 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wbhelp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2010/03/16 23:41:39 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/16 23:41:34 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2008/11/25 00:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/25 00:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/07/17 17:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2010/03/16 23:41:43 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/16 23:41:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/16 23:41:34 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/16 23:41:32 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/10 12:57:44 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009/11/27 08:20:06 | 000,177,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/03/27 22:33:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/02/26 10:34:38 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCVideo.sys -- (MusCVideo)
DRV - [2009/02/26 10:34:34 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCAudio.sys -- (MusCAudio)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/29 02:21:53 | 002,873,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/03/27 19:50:00 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 17:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/09/04 20:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/04/11 17:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UsbFltr.sys -- (TarFltr)
DRV - [2007/04/11 16:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/02/26 21:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/11/10 09:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/06/02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005/01/10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/06/17 01:02:00 | 000,338,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mn720-50.sys -- (MSFT43XX)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-1123561945-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-73586283-1123561945-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-73586283-1123561945-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-73586283-1123561945-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 C8 5A BD 55 C6 CA 01 [binary data]
IE - HKU\S-1-5-21-73586283-1123561945-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-1123561945-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/16 23:52:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/24 18:08:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 18:08:26 | 000,000,000 | ---D | M]

[2010/03/18 00:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/27 03:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\extensions
[2010/03/18 01:07:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/25 23:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\extensions\battlefieldheroespatcher@ea.com
[2010/01/13 22:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles(2)\pnq08tgw.default\extensions
[2010/01/13 22:24:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles(2)\pnq08tgw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/03/18 00:48:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/17 12:31:18 | 000,368,177 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12234 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-73586283-1123561945-839522115-500\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [leyajusir] C:\WINDOWS\System32\muturebe.DLL File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-73586283-1123561945-839522115-500..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-73586283-1123561945-839522115-500..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Documents and Settings\HelpAssistant.PARENT-CDBC70E1\Start Menu\Programs\Startup\Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1123561945-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-1123561945-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-73586283-1123561945-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-73586283-1123561945-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1235856335968 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequirementslab.com.s3.amazon...etect_intel.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (bonopefo.dll) - C:\WINDOWS\System32\bonopefo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\muturebe.dll) - C:\WINDOWS\System32\muturebe.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\AlienGUIse\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O21 - SSODL: hiyesopir - {804c9762-55a5-4e6d-bdab-b358d5597ad6} - C:\WINDOWS\System32\muturebe.dll File not found
O22 - SharedTaskScheduler: {804c9762-55a5-4e6d-bdab-b358d5597ad6} - gahurihor - C:\WINDOWS\System32\muturebe.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/23 23:25:13 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/22 08:00:16 | 000,598,016 | R--- | M] (SQUARE ENIX CO., LTD.) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/10/18 02:46:27 | 000,000,666 | R--- | M] () - D:\Autorun.exe.manifest -- [ UDF ]
O32 - AutoRun File - [2006/10/23 23:56:19 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\hbcd\wintools\autorun.exe -- File not found
O33 - MountPoints2\D\Shell\Option1\Command - "" = D:\hbcd\wintools\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/27 04:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Downloads
[2010/03/26 00:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PunkBuster
[2010/03/26 00:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Battlefield Heroes
[2010/03/25 23:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2010/03/23 21:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/20 22:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG9
[2010/03/18 00:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/17 12:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/03/17 12:27:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/17 12:27:16 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/17 12:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/16 23:41:42 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/16 22:54:06 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/16 22:53:57 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/16 22:53:57 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/16 22:53:53 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/16 22:53:52 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/16 22:53:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/16 22:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/16 22:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/16 22:51:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/16 22:51:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/16 22:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/16 22:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/18 12:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation
[2008/07/22 13:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/05/05 15:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
[2002/04/10 21:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,097,280 | -HS- | M] () -- C:\WINDOWS\System32\nonabefa.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\wehemeru.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\suwidusu.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\rurisugo.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\bonopefo.dll
[2099/01/01 12:00:00 | 000,044,032 | -HS- | M] () -- C:\WINDOWS\System32\pofegohu.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\vetajume.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\tugufapi.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\tisitora.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\tahuhabu.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\rutobuki.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\ranutusu.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\nobawitu.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\ninezoni.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\nigokeyo.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\meyadapi.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\keseveko.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\gewevoga.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\zomodovo.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\zijodope.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\weyuneve.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\vubabuku.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\vehevara.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\papubovu.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\nilekiza.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\lobuzosi.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\lasefoye.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\kigilepi.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\fohomugu.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\dewukobe.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\defupabo.dll
[2099/01/01 12:00:00 | 000,005,627 | -HS- | M] () -- C:\WINDOWS\System32\zefehewu.dll
[2099/01/01 12:00:00 | 000,005,626 | -HS- | M] () -- C:\WINDOWS\System32\pemesoyo.dll
[2099/01/01 12:00:00 | 000,004,167 | -HS- | M] () -- C:\WINDOWS\System32\jajulaze.dll
[2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\kabizahe.dll
[2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\geretele.dll
[2010/03/27 15:30:45 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\diramaga
[2010/03/27 15:11:30 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\yujodiju.dll
[2010/03/27 15:11:30 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\lahuyofu.dll
[2010/03/27 07:46:49 | 057,977,134 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/27 05:12:56 | 000,139,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/27 05:12:28 | 000,190,160 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/03/27 03:11:17 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\gosukuma.dll
[2010/03/27 03:11:16 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\wegaheba.dll
[2010/03/26 16:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\dviibwss.job
[2010/03/26 15:17:54 | 000,522,578 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/26 15:17:54 | 000,441,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/26 15:17:54 | 000,071,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 15:14:04 | 000,013,868 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/26 15:13:44 | 000,205,994 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/26 15:13:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/26 15:13:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/26 15:11:13 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\redivipo.dll
[2010/03/26 15:11:13 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\huhugafe.dll
[2010/03/26 15:10:29 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/26 03:41:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/26 03:41:46 | 005,363,124 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/03/26 01:10:30 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\kaleguli.dll
[2010/03/26 01:10:30 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\viyijiyu.dll
[2010/03/26 00:19:45 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/03/26 00:19:28 | 002,407,792 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010/03/25 13:26:23 | 001,705,965 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\50cal.PNG
[2010/03/25 13:25:31 | 001,706,022 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\.50 cal.PNG
[2010/03/25 13:17:01 | 003,638,406 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kozaki Yusuke 03.png
[2010/03/25 13:10:09 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\jabiduro.dll
[2010/03/25 13:10:08 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\tusohaza.dll
[2010/03/25 01:09:56 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\turazapu.dll
[2010/03/25 01:09:56 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\nejifayo.dll
[2010/03/24 21:50:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/24 13:09:38 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\kamaheru.dll
[2010/03/24 13:09:37 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\yefapuza.dll
[2010/03/24 01:09:30 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\dimanovu.dll
[2010/03/24 01:09:30 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\pasugusa.dll
[2010/03/23 21:22:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/03/23 13:09:26 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\sojusumo.dll
[2010/03/23 13:09:25 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\navavaze.dll
[2010/03/23 01:09:10 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\fonoriga.dll
[2010/03/23 01:09:10 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\lujetifi.dll
[2010/03/22 13:08:55 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\wadateke.dll
[2010/03/22 13:08:55 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\sahanudi.dll
[2010/03/22 01:08:39 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\jepazeje.dll
[2010/03/22 01:08:38 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\giyoyako.dll
[2010/03/21 13:08:23 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\yinerodu.dll
[2010/03/21 13:08:23 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\dubolaho.dll
[2010/03/21 01:08:32 | 000,008,547 | -HS- | M] () -- C:\WINDOWS\System32\jodunufe.dll
[2010/03/21 01:08:32 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\jotejazo.dll
[2010/03/20 13:07:52 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\dataheme.dll
[2010/03/20 01:07:54 | 000,008,546 | -HS- | M] () -- C:\WINDOWS\System32\lomokafu.dll
[2010/03/19 02:02:57 | 000,016,876 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/18 00:48:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/17 12:30:54 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2010/03/16 23:41:43 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/16 23:41:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/16 23:41:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/16 23:41:34 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/16 23:41:32 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/16 22:53:57 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/03/16 22:53:52 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/16 22:53:49 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/03/16 22:53:49 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/03/16 22:53:49 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/03/14 22:31:37 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/10 12:57:44 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/02/26 01:06:27 | 000,109,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,097,280 | -HS- | C] () -- C:\WINDOWS\System32\nonabefa.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\wehemeru.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\suwidusu.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\rurisugo.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\bonopefo.dll
[2099/01/01 12:00:00 | 000,044,032 | -HS- | C] () -- C:\WINDOWS\System32\pofegohu.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\vetajume.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\tugufapi.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\tisitora.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\tahuhabu.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\rutobuki.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\ranutusu.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\nobawitu.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\ninezoni.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\nigokeyo.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\meyadapi.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\keseveko.dll
[2099/01/01 12:00:00 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\gewevoga.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\zomodovo.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\zijodope.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\weyuneve.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\vubabuku.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\vehevara.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\papubovu.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\nilekiza.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\lobuzosi.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\lasefoye.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\kigilepi.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\fohomugu.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\dewukobe.dll
[2099/01/01 12:00:00 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\defupabo.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\diramaga
[2099/01/01 12:00:00 | 000,005,627 | -HS- | C] () -- C:\WINDOWS\System32\zefehewu.dll
[2099/01/01 12:00:00 | 000,005,626 | -HS- | C] () -- C:\WINDOWS\System32\pemesoyo.dll
[2099/01/01 12:00:00 | 000,004,167 | -HS- | C] () -- C:\WINDOWS\System32\jajulaze.dll
[2099/01/01 12:00:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\kabizahe.dll
[2099/01/01 12:00:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\geretele.dll
[2010/03/27 15:11:30 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\yujodiju.dll
[2010/03/27 15:11:30 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\lahuyofu.dll
[2010/03/27 03:11:17 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\gosukuma.dll
[2010/03/27 03:11:16 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\wegaheba.dll
[2010/03/26 15:11:13 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\redivipo.dll
[2010/03/26 15:11:13 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\huhugafe.dll
[2010/03/26 01:10:30 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\kaleguli.dll
[2010/03/26 01:10:30 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\viyijiyu.dll
[2010/03/26 00:38:42 | 000,190,160 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/03/26 00:19:28 | 002,407,792 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010/03/25 13:26:23 | 001,705,965 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\50cal.PNG
[2010/03/25 13:25:31 | 001,706,022 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\.50 cal.PNG
[2010/03/25 13:17:00 | 003,638,406 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kozaki Yusuke 03.png
[2010/03/25 13:10:09 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\jabiduro.dll
[2010/03/25 13:10:08 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\tusohaza.dll
[2010/03/25 01:09:56 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\turazapu.dll
[2010/03/25 01:09:56 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\nejifayo.dll
[2010/03/24 13:09:38 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\kamaheru.dll
[2010/03/24 13:09:37 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\yefapuza.dll
[2010/03/24 01:09:30 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\dimanovu.dll
[2010/03/24 01:09:30 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\pasugusa.dll
[2010/03/23 21:22:14 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/03/23 13:09:26 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\sojusumo.dll
[2010/03/23 13:09:25 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\navavaze.dll
[2010/03/23 01:09:10 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\fonoriga.dll
[2010/03/23 01:09:10 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\lujetifi.dll
[2010/03/22 13:08:55 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\wadateke.dll
[2010/03/22 13:08:55 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\sahanudi.dll
[2010/03/22 01:08:39 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\jepazeje.dll
[2010/03/22 01:08:38 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\giyoyako.dll
[2010/03/21 13:08:23 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\yinerodu.dll
[2010/03/21 13:08:23 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\dubolaho.dll
[2010/03/21 01:08:32 | 000,008,547 | -HS- | C] () -- C:\WINDOWS\System32\jodunufe.dll
[2010/03/21 01:08:32 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\jotejazo.dll
[2010/03/20 13:07:52 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\dataheme.dll
[2010/03/20 01:07:54 | 000,008,546 | -HS- | C] () -- C:\WINDOWS\System32\lomokafu.dll
[2010/03/19 02:02:57 | 000,016,876 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/18 01:07:11 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\dviibwss.job
[2010/03/18 00:48:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/17 12:30:54 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2010/03/16 22:53:57 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/03/16 22:53:52 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/16 22:53:49 | 057,977,134 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/16 22:53:49 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/03/16 22:53:49 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/03/16 22:53:49 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/12 02:54:59 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/01 22:11:32 | 000,000,078 | ---- | C] () -- C:\WINDOWS\mapforms.ini
[2009/09/30 00:18:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\remove.dll
[2009/09/30 00:12:44 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/09/30 00:07:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/04/14 19:24:13 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/28 11:55:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/13 21:01:55 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2008/11/24 00:43:27 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008/11/23 23:25:13 | 000,001,182 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008/11/15 19:28:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/30 15:58:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/08/25 08:42:00 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/20 23:51:34 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2008/05/23 17:14:34 | 000,139,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/05/23 17:14:34 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2008/04/30 17:36:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008/04/30 17:28:51 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2008/04/30 17:28:49 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2008/04/30 17:28:49 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2008/04/30 17:28:49 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008/04/30 17:28:48 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2008/04/30 17:28:48 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2008/04/24 21:46:15 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/19 17:32:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini
[2008/04/18 01:15:17 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2007/06/28 12:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 12:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 12:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/12 13:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2005/07/07 05:26:56 | 000,005,627 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(9).dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(8).dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(7).dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(6).dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(5).dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(4).dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(3).dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(2).dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(11).dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(10).dll
[2005/03/08 02:17:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/12/20 19:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/10/02 06:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Unicode (All) ==========
[2009/04/18 18:58:19 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/04/18 18:58:19 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 523 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

----------------------------------------------------------------------------------------------------------

Now when I try to do the Gmer scan my computer crashes each time I try to save the .log file. I ran it in safe mode and the scan came up blank. I was able to take a Printscreen of the .log before my computer crashed though.



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 28 March 2010 - 04:11 AM

Hello coreywaslegend,

That looks like a nasty rootkit together with a LOT of vundo. Lets see if we can confirm the rootkit and get rid of some vundo in the same time...

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 coreywaslegend

coreywaslegend
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 28 March 2010 - 05:42 PM

ComboFix 10-03-28.01 - Administrator 03/28/2010 15:42:17.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2846 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\balinoto.dll
c:\windows\system32\bonopefo.dll
c:\windows\system32\dataheme.dll
c:\windows\system32\dimanovu.dll
c:\windows\system32\dubolaho.dll
c:\windows\system32\fonoriga.dll
c:\windows\system32\fuhevive.dll
c:\windows\system32\geretele.dll
c:\windows\system32\gewevoga.dll
c:\windows\system32\giyoyako.dll
c:\windows\system32\gosukuma.dll
c:\windows\system32\hebowugi.dll
c:\windows\system32\hufehega.dll
c:\windows\system32\huhugafe.dll
c:\windows\system32\jabiduro.dll
c:\windows\system32\jajulaze.dll
c:\windows\system32\jepazeje.dll
c:\windows\system32\jodunufe.dll
c:\windows\system32\jotejazo.dll
c:\windows\system32\kabizahe.dll
c:\windows\system32\kakijigu.dll
c:\windows\system32\kaleguli.dll
c:\windows\system32\kamaheru.dll
c:\windows\system32\keseveko.dll
c:\windows\system32\lahuyofu.dll
c:\windows\system32\lomokafu.dll
c:\windows\system32\lujetifi.dll
c:\windows\system32\meyadapi.dll
c:\windows\system32\nadubesu.dll
c:\windows\system32\navavaze.dll
c:\windows\system32\nejifayo.dll
c:\windows\system32\nigokeyo.dll
c:\windows\system32\ninezoni.dll
c:\windows\system32\nobawitu.dll
c:\windows\system32\papubovu.dll
c:\windows\system32\pasugusa.dll
c:\windows\system32\pofegohu.dll
c:\windows\system32\ranutusu.dll
c:\windows\system32\redivipo.dll
c:\windows\system32\rutobuki.dll
c:\windows\system32\sahanudi.dll
c:\windows\system32\sojusumo.dll
c:\windows\system32\tahuhabu.dll
c:\windows\system32\tisitora.dll
c:\windows\system32\tugufapi.dll
c:\windows\system32\turazapu.dll
c:\windows\system32\tusohaza.dll
c:\windows\system32\vetajume.dll
c:\windows\system32\viyijiyu.dll
c:\windows\system32\vizalodu.dll
c:\windows\system32\wadateke.dll
c:\windows\system32\wegaheba.dll
c:\windows\system32\wehemeru.dll
c:\windows\system32\yefapuza.dll
c:\windows\system32\yinerodu.dll
c:\windows\system32\yujodiju.dll
c:\windows\system32\zefehewu.dll
c:\windows\Tasks\dviibwss.job

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-28 19:37 . 2010-03-28 19:37 17824 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-27 23:25 . 2010-03-27 23:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-26 04:38 . 2010-03-26 04:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PunkBuster
2010-03-26 04:19 . 2010-03-26 04:19 2407792 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-03-26 03:27 . 2010-03-26 03:27 -------- d-----w- c:\program files\EA Games
2010-03-24 01:22 . 2010-03-24 01:22 -------- d-----w- c:\program files\Trend Micro
2010-03-21 02:50 . 2010-03-21 02:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG9
2010-03-19 06:02 . 2010-03-19 06:02 16876 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-17 16:30 . 2010-03-17 16:30 -------- d-----w- c:\program files\Enigma Software Group
2010-03-17 16:27 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 16:27 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 16:27 . 2010-03-17 16:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 03:41 . 2010-03-17 03:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 02:54 . 2010-03-17 03:52 -------- d-----w- C:\$AVG
2010-03-17 02:53 . 2010-03-17 03:41 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 02:53 . 2010-03-17 03:41 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-17 02:53 . 2010-03-17 03:41 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-17 02:53 . 2010-03-17 03:41 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 02:53 . 2010-03-28 11:46 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-17 02:53 . 2010-03-20 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-17 02:53 . 2010-03-17 02:53 -------- d-----w- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 19:50 . 2010-02-20 03:23 -------- d-----w- c:\program files\Steam
2010-03-28 08:15 . 2008-05-23 21:14 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-28 08:15 . 2008-05-23 21:14 190160 -c--a-w- c:\windows\system32\PnkBstrB.exe
2010-03-26 04:19 . 2008-05-23 21:14 138056 -c--a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-03-26 04:19 . 2008-05-23 21:14 138056 -c--a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-03-26 04:19 . 2008-05-23 21:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-24 01:20 . 2008-08-18 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-03-24 01:20 . 2008-08-18 18:32 -------- d-----w- c:\program files\Viewpoint
2010-03-17 16:24 . 2010-01-29 04:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Move Networks
2010-03-17 03:41 . 2010-03-17 03:41 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-17 03:41 . 2010-03-17 03:41 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-17 03:41 . 2010-03-17 03:41 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-17 03:41 . 2010-03-17 03:41 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2010-03-17 02:53 . 2010-03-17 03:40 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-17 02:53 . 2010-03-17 03:40 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-17 02:53 . 2010-03-17 03:40 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-17 02:53 . 2010-03-17 03:40 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-12 05:38 . 2008-04-20 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-10 16:57 . 2008-08-21 03:51 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-03-01 06:22 . 2008-08-25 12:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-26 17:00 . 2010-03-26 03:25 724992 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-02-26 17:00 . 2010-03-26 03:25 1291640 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-02-25 04:48 . 2009-02-15 16:37 -------- d-----w- c:\program files\SwitchBlade
2010-02-25 04:44 . 2010-02-25 04:44 36352 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{AB8DAA53-7DBA-4783-9908-1FD72CD1AE9F}\IconED3D4FB61.exe
2010-02-25 04:44 . 2010-02-25 04:44 285696 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{AB8DAA53-7DBA-4783-9908-1FD72CD1AE9F}\Icon78DB5AD3.exe
2010-02-25 04:44 . 2008-08-20 19:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-20 23:14 . 2008-04-18 13:47 -------- d-----w- c:\program files\Logitech
2010-02-20 23:14 . 2008-04-18 13:47 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-12 06:54 . 2010-02-12 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Wayward Gamers
2010-02-04 15:01 . 2010-02-20 23:58 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 15:01 . 2010-02-20 23:58 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 15:01 . 2010-02-20 23:58 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 15:01 . 2010-02-20 23:58 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-04 05:12 . 2010-02-04 05:10 1956072 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-29 00:42 . 2008-04-20 05:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-01-29 00:42 . 2010-01-29 00:41 -------- d-----w- c:\program files\iTunes
2010-01-29 00:42 . 2010-01-29 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-29 00:41 . 2010-01-29 00:41 -------- d-----w- c:\program files\iPod
2010-01-29 00:41 . 2010-01-29 00:41 -------- d-----w- c:\program files\Bonjour
2010-01-29 00:41 . 2010-01-14 02:30 -------- d-----w- c:\program files\QuickTime
2010-01-28 18:56 . 2009-03-08 18:31 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-28 18:27 . 2010-01-28 18:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-28 17:25 . 2009-02-28 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-31 16:50 . 2008-04-14 04:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\defupabo.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\dewukobe.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\fohomugu.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\jigefuwi.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\kigilepi.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\lasefoye.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\lobuzosi.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\nilekiza.dll
1601-01-01 00:03 . 1601-01-01 00:03 97280 --sha-w- c:\windows\system32\nonabefa.dll
1601-01-01 00:03 . 1601-01-01 00:03 5626 --sha-w- c:\windows\system32\pemesoyo.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\system32\rurisugo.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\system32\suwidusu.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\vehevara.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\vubabuku.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\weyuneve.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\zijodope.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\zomodovo.dll
2009-04-19 01:29 . 2009-04-18 22:59 388896 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-04-19 01:29 . 2009-04-18 22:59 16672 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2008-05-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10d8be8b-9486-4f80-b457-d9fa99e1b631}]
1601-01-01 00:03 60928 --sha-w- c:\windows\system32\rurisugo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"nwiz"="nwiz.exe" [2009-03-28 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"P17Helper"="P17.dll" [2005-05-03 64512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-12-09 866200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-4-19 2074360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 03:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Product Registration.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Broadband Networking.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
backup=c:\windows\pss\Microsoft Broadband Networking.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 23:38 307200 -c--a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
2008-10-02 22:51 3309224 ----a-w- c:\fraps\fraps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 20:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-04-11 20:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-28 02:33 13684736 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-28 02:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-03-28 02:33 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 17:17 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-20 08:39 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tarantula]
2006-09-30 20:48 176128 -c--a-w- c:\program files\Razer\Tarantula\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-26 23:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"SMServer"=3 (0x3)
"PnkBstrA"=2 (0x2)
"NVSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"MSSQL$BWDATOOLSET"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"9536:TCP"= 9536:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3246:TCP"= 3246:TCP:Services
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/16/2010 10:53 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/16/2010 10:53 PM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/16/2010 10:53 PM 242696]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/20/2008 11:51 PM 33824]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/16/2010 11:41 PM 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 11:41 PM 308064]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2/13/2009 9:01 PM 33792]
R3 MSFT43XX;Microsoft Wireless Notebook Adapter Driver;c:\windows\system32\drivers\mn720-50.sys [6/17/2004 1:02 AM 338176]
R3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [4/17/2008 10:05 PM 45440]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [3/2/2009 12:32 AM 23096]
S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [3/2/2009 12:32 AM 3768]
S4 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);"c:\program files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sBWDATOOLSET --> c:\program files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-leyajusir - c:\windows\system32\muturebe.dll
HKLM-Run-kizizetobu - wehemeru.dll
SharedTaskScheduler-{804c9762-55a5-4e6d-bdab-b358d5597ad6} - c:\windows\system32\muturebe.dll
SSODL-hiyesopir-{804c9762-55a5-4e6d-bdab-b358d5597ad6} - c:\windows\system32\muturebe.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 15:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-1123561945-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,8b,ce,02,ce,7a,85,4a,bd,02,cb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,8b,ce,02,ce,7a,85,4a,bd,02,cb,\

[HKEY_USERS\S-1-5-21-73586283-1123561945-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-73586283-1123561945-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:63,fd,44,15,48,f0,50,12,7b,7b,3e,2f,cd,df,30,2a,95,70,08,76,9b,
dd,3f,db,8d,cb,19,cd,7c,03,c5,ef,fb,93,b6,9b,1d,89,c0,ef,b3,fb,4c,59,ea,ab,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\WININET.dll
c:\program files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\Rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-28 18:40:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-28 22:40
ComboFix2.txt 2010-01-27 21:47
ComboFix3.txt 2010-01-27 21:42
ComboFix4.txt 2009-02-27 19:50

Pre-Run: 112,271,708,160 bytes free
Post-Run: 113,866,543,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2862DB728548550837D579B95F4EC974


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 29 March 2010 - 03:15 AM

Hello, before continuing I have two questions.

1. We need an XP CD to replace two files. Please let me know if you have one (if not, maybe you can borrow one from a friend or family member).

2. Your log shows you have Remote Desktop active. Can you confirm you are using this (I ask because there is a nasty rootkit around that uses Remote Desktop).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 coreywaslegend

coreywaslegend
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 29 March 2010 - 12:24 PM

I don't currently have an XP Professional CD but I can probably find one. If I can't then what do you suggest?

Also I do not use remote desktop for anything.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 29 March 2010 - 01:11 PM

In that case, lets first concentrate on this Remote Desktop stuff.

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 coreywaslegend

coreywaslegend
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 29 March 2010 - 07:25 PM

C:\Documents and Settings\Administrator\My Documents\Downloads\HelpAsst_mebroot_fix.exe
Mon 03/29/2010 at 20:12:30.29

HelpAssistant account was found to be Active ~ attempting to de-activate

Full Name Remote Desktop Help Assistant Account
Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
termsrv32.dll successfully removed

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"9536:TCP"=-
"3389:TCP"=-
"3246:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"9536:TCP"=-
"3389:TCP"=-
"3246:TCP"=-

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-73586283-1123561945-839522115-1000
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant.PARENT-CDBC70E1 ~ attempting to remove
~ All C:\Documents and Settings\HelpAssistant.PARENT-CDBC70E1 files successfully removed ~

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Mon 03/29/2010 at 20:24:08.25

Full Name Remote Desktop Help Assistant Account
Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in List

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 30 March 2010 - 01:40 AM

Hello coreywaslegend,

It appears indeed there was an MBR infection present.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Now please re-run Combofix and post me the log.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 coreywaslegend

coreywaslegend
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 30 March 2010 - 03:54 AM

ComboFix 10-03-29.03 - Administrator 03/30/2010 4:40.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2949 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dokakuru.dll
c:\windows\system32\fefemisi.dll
c:\windows\system32\hujepaka.dll
c:\windows\system32\sabafiru.dll
c:\windows\system32\sajekeye.dll
c:\windows\system32\savajama.dll
c:\windows\system32\yeporofi.dll
c:\windows\system32\yohujoku.dll
c:\windows\system32\zedokupa.dll

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-30 )))))))))))))))))))))))))))))))
.

2010-03-30 00:12 . 2010-03-30 00:12 -------- d-----w- C:\HelpAsst_backup
2010-03-27 23:25 . 2010-03-27 23:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-26 04:38 . 2010-03-26 04:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PunkBuster
2010-03-26 04:19 . 2010-03-26 04:19 2407792 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-03-26 03:27 . 2010-03-26 03:27 -------- d-----w- c:\program files\EA Games
2010-03-26 03:25 . 2010-02-26 17:00 724992 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-03-26 03:25 . 2010-02-26 17:00 1291640 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-03-24 01:22 . 2010-03-24 01:22 -------- d-----w- c:\program files\Trend Micro
2010-03-21 02:50 . 2010-03-21 02:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG9
2010-03-19 06:02 . 2010-03-19 06:02 16876 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-17 16:30 . 2010-03-17 16:30 -------- d-----w- c:\program files\Enigma Software Group
2010-03-17 16:27 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 16:27 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 16:27 . 2010-03-17 16:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 02:53 . 2010-03-29 23:46 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-17 02:53 . 2010-03-20 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-17 02:53 . 2010-03-17 02:53 -------- d-----w- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 08:48 . 2010-02-20 03:23 -------- d-----w- c:\program files\Steam
2010-03-29 03:29 . 2008-05-23 21:14 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-29 03:28 . 2008-05-23 21:14 190160 -c--a-w- c:\windows\system32\PnkBstrB.exe
2010-03-26 04:19 . 2008-05-23 21:14 138056 -c--a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-03-26 04:19 . 2008-05-23 21:14 138056 -c--a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-03-26 04:19 . 2008-05-23 21:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-24 01:20 . 2008-08-18 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-03-24 01:20 . 2008-08-18 18:32 -------- d-----w- c:\program files\Viewpoint
2010-03-17 16:24 . 2010-01-29 04:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Move Networks
2010-03-17 03:41 . 2010-03-17 03:41 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-17 03:41 . 2010-03-17 03:41 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-17 03:41 . 2010-03-17 03:41 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-17 03:41 . 2010-03-17 03:41 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2010-03-17 03:41 . 2010-03-17 02:53 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 03:41 . 2010-03-17 03:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 03:41 . 2010-03-17 02:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 03:41 . 2010-03-17 02:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-17 03:41 . 2010-03-17 02:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-17 02:53 . 2010-03-17 03:40 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-17 02:53 . 2010-03-17 03:40 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-17 02:53 . 2010-03-17 03:40 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-17 02:53 . 2010-03-17 03:40 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-12 05:38 . 2008-04-20 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-10 16:57 . 2008-08-21 03:51 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-03-01 06:22 . 2008-08-25 12:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-25 04:48 . 2009-02-15 16:37 -------- d-----w- c:\program files\SwitchBlade
2010-02-25 04:44 . 2010-02-25 04:44 36352 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{AB8DAA53-7DBA-4783-9908-1FD72CD1AE9F}\IconED3D4FB61.exe
2010-02-25 04:44 . 2010-02-25 04:44 285696 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{AB8DAA53-7DBA-4783-9908-1FD72CD1AE9F}\Icon78DB5AD3.exe
2010-02-25 04:44 . 2008-08-20 19:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-20 23:14 . 2008-04-18 13:47 -------- d-----w- c:\program files\Logitech
2010-02-20 23:14 . 2008-04-18 13:47 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-12 06:54 . 2010-02-12 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Wayward Gamers
2010-02-04 15:01 . 2010-02-20 23:58 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 15:01 . 2010-02-20 23:58 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 15:01 . 2010-02-20 23:58 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 15:01 . 2010-02-20 23:58 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-04 05:12 . 2010-02-04 05:10 1956072 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-12-31 16:50 . 2008-04-14 04:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\defupabo.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\dewukobe.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\fohomugu.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\jigefuwi.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\jutepeso.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\jutimono.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\kigilepi.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\lasefoye.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\lobuzosi.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\nilekiza.dll
1601-01-01 00:03 . 1601-01-01 00:03 97280 --sha-w- c:\windows\system32\nonabefa.dll
1601-01-01 00:03 . 1601-01-01 00:03 5626 --sha-w- c:\windows\system32\pemesoyo.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\system32\rurisugo.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\system32\suwidusu.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\vehevara.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\vubabuku.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\weyuneve.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\womodefo.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\zijodope.dll
1601-01-01 00:03 . 1601-01-01 00:03 8546 --sha-w- c:\windows\system32\zomodovo.dll
2009-04-19 01:29 . 2009-04-18 22:59 388896 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-04-19 01:29 . 2009-04-18 22:59 16672 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2008-05-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10d8be8b-9486-4f80-b457-d9fa99e1b631}]
1601-01-01 00:03 60928 --sha-w- c:\windows\system32\rurisugo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"nwiz"="nwiz.exe" [2009-03-28 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"P17Helper"="P17.dll" [2005-05-03 64512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-12-09 866200]
"kizizetobu"="wehemeru.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-4-19 2074360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 03:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Product Registration.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Broadband Networking.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
backup=c:\windows\pss\Microsoft Broadband Networking.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 23:38 307200 -c--a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
2008-10-02 22:51 3309224 ----a-w- c:\fraps\fraps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 20:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-04-11 20:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-28 02:33 13684736 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-28 02:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-03-28 02:33 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 17:17 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-20 08:39 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tarantula]
2006-09-30 20:48 176128 -c--a-w- c:\program files\Razer\Tarantula\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-26 23:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"SMServer"=3 (0x3)
"PnkBstrA"=2 (0x2)
"NVSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"MSSQL$BWDATOOLSET"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Logitech\\Gaming Software\\LWEMon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/16/2010 10:53 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/16/2010 10:53 PM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/16/2010 10:53 PM 242696]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [8/20/2008 11:51 PM 33824]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/16/2010 11:41 PM 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 11:41 PM 308064]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2/13/2009 9:01 PM 33792]
R3 MSFT43XX;Microsoft Wireless Notebook Adapter Driver;c:\windows\system32\drivers\mn720-50.sys [6/17/2004 1:02 AM 338176]
R3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [4/17/2008 10:05 PM 45440]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [3/2/2009 12:32 AM 23096]
S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [3/2/2009 12:32 AM 3768]
S4 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);"c:\program files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sBWDATOOLSET --> c:\program files\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rnqnxhee.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 04:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-1123561945-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,8b,ce,02,ce,7a,85,4a,bd,02,cb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,8b,ce,02,ce,7a,85,4a,bd,02,cb,\

[HKEY_USERS\S-1-5-21-73586283-1123561945-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-73586283-1123561945-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:63,fd,44,15,48,f0,50,12,7b,7b,3e,2f,cd,df,30,2a,95,70,08,76,9b,
dd,3f,db,8d,cb,19,cd,7c,03,c5,ef,fb,93,b6,9b,1d,89,c0,ef,b3,fb,4c,59,ea,ab,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(3648)
c:\windows\system32\WININET.dll
c:\program files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\Rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-30 04:52:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-30 08:52
ComboFix2.txt 2010-03-28 22:40
ComboFix3.txt 2010-01-27 21:47
ComboFix4.txt 2010-01-27 21:42
ComboFix5.txt 2010-03-30 08:39

Pre-Run: 113,789,284,352 bytes free
Post-Run: 113,767,096,320 bytes free

- - End Of File - - 368C53AE6A49E98336C0C5AE3FD067C7


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 30 March 2010 - 04:56 AM

Please let me know if you have found an XP CD that we can use to replace the files.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 coreywaslegend

coreywaslegend
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 01 April 2010 - 03:16 AM

I have yet to acquire an XP CD from anyone and doubt I'll go out and buy a new one. The missing files I need to download - what will be the consequences of not having them on my PC at this time? Is there anything else that we need to fix in the meantime? My PC has been running a lot more smoothly since we've started.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 01 April 2010 - 04:51 AM

Hello coreywaslegend,

Your copy of sfcfiles.dll is not legit. This means, the System File Checker might not work properly. That leaves your computer vulnerable, since your system files (that are required for windows to run) can get patched or corrupt without anything noticing it or taking appropriate actions.

UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 19.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 coreywaslegend

coreywaslegend
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 04 April 2010 - 02:26 AM

I have updated my Java but I am having a problem with Malwarebytes. I've downloaded it but everytime I try to open the .exe file it does nothing. Doesn't open at all. Now I am also getting new pop up ads when I use the internet. SHould I post a new combo fix or hijack log?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users