Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe and other processes + excessive tmp files


  • This topic is locked This topic is locked
30 replies to this topic

#1 tehfuzzle

tehfuzzle

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 10 August 2010 - 05:11 PM

Well lately I keep noticing iexplore.exe process and other processes such hiowo.exe, l3rbd.com, l3rdb.exe which basically flood my Task Manager. I always end the process but for iexplore.exe it comes back each minute which is driving my insane. AVG won't run so instead I scanned my computer with MalwareBytes but each time it tells me to restart then it just comes back. Also I noticed that each minute it creates iexplore.exe creates .tmp files in my temp folder most of them start with ~DF its really annoying each day I get over 500 of these .tmp files so please help anything is appreciated.

Also when I run GMER.exe it scans about halfway and then it doesn't respond.

Here is my log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by computer at 14:24:27.29 on Tue 08/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.457 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\umdmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\computer\My Documents\Downloads\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\computer\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = hxxp://www.piotoshow.com/ac.php?aid=139&sid=direct
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant =
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CAB Class: {c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} - c:\windows\system32\iBhmF8F1.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Zango Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:\program files\zango\bin\10.3.85.0\HostIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [asam] c:\documents and settings\computer\local settings\application data\asam.exe
uRun: [riuom] c:\documents and settings\computer\riuom.exe
uRun: [boazu] c:\documents and settings\computer\boazu.exe
uRun: [JDK5SWFMZY] c:\docume~1\computer\locals~1\temp\Wnt.exe
uRun: [Vmuqeqi] rundll32.exe "c:\windows\coianey.dll",Startup
uRun: [hiowo] c:\documents and settings\computer\hiowo.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [ujhxnewl] c:\documents and settings\computer\local settings\application data\lojdjclxk\wypsetktssd.exe
uRun: [ahejvgsb] c:\documents and settings\computer\local settings\application data\rkbsmwjvl\xnbpofqtssd.exe
uRun: [vjdhvhnd] c:\documents and settings\computer\local settings\application data\sgjipahdn\xsoyowdtssd.exe
uRun: [fymkmdtc] c:\documents and settings\computer\local settings\application data\ykmerjnot\xmluuxctssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [kiupogew] c:\documents and settings\computer\local settings\application data\lyjaetpkw\gikcgsotssd.exe
uRun: [xvgijavo] c:\documents and settings\computer\local settings\application data\sawyfequd\gytytritssd.exe
uRun: [kchexaih] c:\documents and settings\computer\local settings\application data\mddugmvfe\gtkkcattssd.exe
uRun: [vihalbua] c:\documents and settings\computer\local settings\application data\hhjqhuapf\goavkhetssd.exe
uRun: [ppwvosdf] c:\documents and settings\computer\local settings\application data\rwxnikqgo\gcvdotxtssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [ekqwewbk] c:\documents and settings\computer\local settings\application data\csydluoun\hyeohyatssd.exe
uRun: [oycmysne] c:\documents and settings\computer\local settings\application data\lptrojomv\htbuvoftssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [knkeqgud] c:\documents and settings\computer\local settings\application data\siecinxpf\irsycyftssd.exe
uRun: [rtedgbbu] c:\documents and settings\computer\local settings\application data\nqqayasvd\kxbnffatssd.exe
uRun: [whkmhpst] c:\documents and settings\computer\local settings\application data\ddfcdymuk\reunqqvtssd.exe
uRun: [lniukeow] c:\documents and settings\computer\local settings\application data\mjlvecsax\rgdsbwttssd.exe
uRun: [storubkt] c:\documents and settings\computer\local settings\application data\djrveutsa\roiqhjetssd.exe
uRun: [njpkenvy] c:\documents and settings\computer\local settings\application data\awnvemhko\rwwkpmgtssd.exe
uRun: [emsvvltk] c:\documents and settings\computer\local settings\application data\vwdufuhtp\rnyvgsltssd.exe
uRun: [afklbdgy] c:\documents and settings\computer\local settings\application data\txwtfxiwy\rmmraeptssd.exe
uRun: [fvypnvvd] c:\documents and settings\computer\local settings\application data\wyasfrjqg\rtyaejntssd.exe
uRun: [xieilter] c:\documents and settings\computer\local settings\application data\hdmnhsosk\rwtkteitssd.exe
uRun: [jfykijpr] c:\documents and settings\computer\local settings\application data\bewmheqfu\smkrevrtssd.exe
uRun: [xggupsjl] c:\windows\sxttbtotssd.exe
uRun: [tuinyfvq] c:\documents and settings\computer\local settings\application data\hiahjnvqb\sghnjwqtssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [qgbntjih] c:\documents and settings\computer\local settings\application data\nafxkdrej\jdobgtltssd.exe
uRun: [lucgdvum] c:\documents and settings\computer\local settings\application data\lnbxkuevw\jmdtowntssd.exe
uRun: [mtxplale] c:\documents and settings\computer\local settings\application data\sfadprbba\kfbayygtssd.exe
uRun: [ylctmkuu] c:\documents and settings\computer\local settings\application data\lsldqsocp\kfrfwintssd.exe
uRun: [rdxjgnfs] c:\documents and settings\computer\local settings\application data\wkwwrfipo\kxmryljtssd.exe
uRun: [ilqrtqdm] c:\documents and settings\computer\local settings\application data\sylvsywll\kepfbaptssd.exe
uRun: [urrniqqf] c:\documents and settings\computer\local settings\application data\ndrrthbun\kafqjiatssd.exe
uRun: [wwexskaa] c:\documents and settings\computer\local settings\application data\dspounrcu\kvxmwoptssd.exe
uRun: [ybridejt] c:\documents and settings\computer\local settings\application data\riolvtijc\krqijtetssd.exe
uRun: [akxduolm] c:\documents and settings\computer\local settings\application data\sklivqlhs\kxqmhkgtssd.exe
uRun: [qcwgacmy] c:\documents and settings\computer\local settings\application data\pbvexhdyg\kkseipotssd.exe
uRun: [anpmutsp] c:\documents and settings\computer\local settings\application data\vqbbygtyq\koqxcintssd.exe
uRun: [myggeygr] c:\documents and settings\computer\local settings\application data\qiguaamun\lyglwyytssd.exe
uRun: [oijnkwqu] c:\documents and settings\computer\local settings\application data\gmcqcqrnp\llyjvnptssd.exe
uRun: [ocucsruf] c:\documents and settings\computer\local settings\application data\iqvldkwiw\lwyrruttssd.exe
uRun: [iobuqpdu] c:\documents and settings\computer\local settings\application data\suihekclb\latbhootssd.exe
uRun: [ybkbaxdx] c:\documents and settings\computer\local settings\application data\pxvefqfrt\lwvrvlvtssd.exe
uRun: [smrgdurg] c:\documents and settings\computer\application data\dtasiufbb\lbqlsvwtssd.exe
uRun: [nibghqky] c:\documents and settings\computer\local settings\application data\dcjjlnovh\lpeshfhtssd.exe
uRun: [sivfltcu] c:\documents and settings\computer\local settings\application data\hfjgmdsng\ldpfjaitssd.exe
uRun: [vwoknxnh] c:\documents and settings\computer\local settings\application data\wweaogmse\mfiftwytssd.exe
uRun: [monnrlou] c:\documents and settings\computer\local settings\application data\tnpvpwekr\mrkwuchtssd.exe
uRun: [bkfbeqif] c:\documents and settings\computer\local settings\application data\cqysqehso\mntxgrdtssd.exe
uRun: [kvxiyhnv] c:\documents and settings\computer\local settings\application data\iheorcysy\mrqrakctssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [jiqon] c:\documents and settings\computer\jiqon.exe
uRun: [htdkbctj] c:\documents and settings\computer\local settings\application data\ijhskalqj\qkcgsngtssd.exe
uRun: [xwgvtbru] c:\documents and settings\computer\local settings\application data\djwskimal\qcesitltssd.exe
uRun: [jokyulbl] c:\documents and settings\computer\local settings\application data\wwirljybb\qbuxhdstssd.exe
uRun: [wqouqlyr] c:\documents and settings\computer\local settings\application data\vlxbpasxh\qxkdgqptssd.exe
uRun: [pikklnip] c:\documents and settings\computer\local settings\application data\hejurlllg\qrfohsltssd.exe
uRun: [lwldtauv] c:\documents and settings\computer\local settings\application data\fqfurdydu\qasipvntssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [uaslckjq] c:\documents and settings\computer\local settings\application data\oeufwypeo\rqptnlwtssd.exe
uRun: [ldvwtjhc] c:\documents and settings\computer\local settings\application data\kekfwipnq\rhrgerctssd.exe
uRun: [cgxilhfn] c:\documents and settings\computer\local settings\application data\febfwrqwr\ryusuxhtssd.exe
uRun: [sjbtegdx] c:\documents and settings\computer\local settings\application data\bfrfwaqgt\rpwfkeltssd.exe
uRun: [qskcgcvg] c:\documents and settings\computer\local settings\application data\mfoewcrix\roepiwbtssd.exe
uRun: [vjygsulj] c:\documents and settings\computer\local settings\application data\pgrdwvscf\rvpxlcytssd.exe
uRun: [fklswboh] c:\documents and settings\computer\local settings\application data\uuycxxgey\runohevtssd.exe
uRun: [omyeairf] c:\documents and settings\computer\local settings\application data\aihbxauhs\rtkedgrtssd.exe
uRun: [qhgttryh] c:\documents and settings\computer\local settings\application data\ovjaxjiqk\rkdvrvetssd.exe
uRun: [qmvqowaq] c:\documents and settings\computer\local settings\application data\ojhyxuwdf\radxeeftssd.exe
uRun: [deauphkh] c:\documents and settings\computer\local settings\application data\hwsyyvkdu\ratdcnmtssd.exe
uRun: [vfcgbtvx] c:\documents and settings\computer\local settings\application data\trbqbegok\rxoscgltssd.exe
uRun: [yofnhsgb] c:\documents and settings\computer\local settings\application data\kvwlcvlin\rkhpbubtssd.exe
uRun: [tdhfqfsh] c:\documents and settings\computer\local settings\application data\hislcmyab\rsvjjxdtssd.exe
uRun: [rwviklng] c:\documents and settings\computer\local settings\application data\ullidkcyw\rxcxehutssd.exe
uRun: [nlwbswam] c:\documents and settings\computer\local settings\application data\sxhidcpqk\rgqqmkwtssd.exe
uRun: [doamlvxw] c:\documents and settings\computer\local settings\application data\nywidlpal\rwsddqctssd.exe
uRun: [rgcdbupy] c:\documents and settings\computer\local settings\application data\vnigehfvn\rdcccxwtssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [ewitgffk] c:\documents and settings\computer\local settings\application data\qtlygmmdf\resrjwktssd.exe
uRun: [vmgajqel] c:\documents and settings\computer\local settings\application data\jcwifutmn\cffmppmtssd.exe
uRun: [mpjlcocw] c:\documents and settings\computer\local settings\application data\fdmifetvo\cwhygvrtssd.exe
uRun: [wtnhfamx] c:\documents and settings\computer\local settings\application data\mwkyhvqqg\cmfbvuutssd.exe
uRun: [imslglvo] c:\documents and settings\computer\local settings\application data\fkvyiweqv\clvguectssd.exe
uRun: [iaodsbyq] c:\documents and settings\computer\local settings\application data\hbrujeuai\chumfdgtssd.exe
uRun: [jokugpcr] c:\documents and settings\computer\local settings\application data\irmrklmjt\cdusocjtssd.exe
uRun: [jyqpwaek] c:\documents and settings\computer\local settings\application data\jtjoliogk\ciuwmsltssd.exe
uRun: [acsbpycv] c:\documents and settings\computer\local settings\application data\etyolrppm\cywidyqtssd.exe
uRun: [fapmwbxl] c:\documents and settings\computer\local settings\application data\kpqenlnnn\cnignjxtssd.exe
uRun: [xvttkcdw] c:\documents and settings\computer\local settings\application data\tlhpafsva\dbidmmmtssd.exe
uRun: [skulsooc] c:\documents and settings\computer\local settings\application data\rxdpawgnn\djvvupptssd.exe
uRun: [oywecbbi] c:\documents and settings\computer\application data\plxpaosfb\drkodsrtssd.exe
uRun: [arbidmky] c:\documents and settings\computer\local settings\application data\iyjpaogfq\drbtbcytssd.exe
uRun: [ugcbmxve] c:\documents and settings\computer\local settings\application data\glepagtwe\dapnjfctssd.exe
uRun: [ljfmewtp] c:\documents and settings\computer\local settings\application data\bmuoaptgg\dqraalgtssd.exe
uRun: [ositkvfs] c:\documents and settings\computer\local settings\application data\qpqkchyai\ddkwyavtssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [ynkskmne] c:\documents and settings\computer\local settings\application data\klimqmevk\frwngswtssd.exe
uRun: [umlconny] c:\documents and settings\computer\local settings\application data\oaivvuvjp\gxkhpaotssd.exe
uRun: [secrmsns] c:\documents and settings\computer\local settings\application data\dvtmxwton\geqfsxltssd.exe
uRun: [fvgvndxj] c:\documents and settings\computer\local settings\application data\wielxwhpc\gdhlqhstssd.exe
uRun: [qnkaooha] c:\documents and settings\computer\local settings\application data\pvplyxuqr\gdxqpqatssd.exe
uRun: [mcmsxbtg] c:\documents and settings\computer\local settings\application data\njllyphhf\glljxtdtssd.exe
uRun: [bgrjhgxd] c:\documents and settings\computer\local settings\application data\aewqcmaoi\iqdwxbjtssd.exe
uRun: [ishaqmgg] c:\documents and settings\computer\local settings\application data\wrjahkqrh\ightsihtssd.exe
uRun: [vqotvlob] c:\documents and settings\computer\application data\arivpjxbs\jfvthaptssd.exe
uRun: [dwuqgikw] c:\documents and settings\computer\local settings\application data\qrpvpbytv\jnaromytssd.exe
uRun: [ymvjpuvd] c:\documents and settings\computer\local settings\application data\ofkvpsllj\jvolwpctssd.exe
uRun: [tbxcxhii] c:\documents and settings\computer\local settings\application data\mrfvpkydx\jedefsetssd.exe
uRun: [ykxvtubw] c:\documents and settings\computer\local settings\application data\qxcprwgrm\jwouffhtssd.exe
uRun: [gqesdrws] c:\documents and settings\computer\local settings\application data\hxiorpgkp\jfstlrrtssd.exe
uRun: [dambgnqb] c:\documents and settings\computer\local settings\application data\tyfosqhmt\jeaeikgtssd.exe
uRun: [yootoacg] c:\documents and settings\computer\local settings\application data\qlansiteh\jmnwqnjtssd.exe
uRun: [khswpkmw] c:\documents and settings\computer\local settings\application data\kylnsihew\jmecpwqtssd.exe
uRun: [gdcwugfo] c:\documents and settings\computer\application data\lhueubrae\jcrjdgbtssd.exe
uRun: [crdpdsru] c:\documents and settings\computer\local settings\application data\itqeusfrr\jkgdljdtssd.exe
uRun: [jxjmnpmq] c:\documents and settings\computer\local settings\application data\yuweukfku\jslbsvntssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [oeyfwdog] c:\documents and settings\computer\local settings\application data\oyaudghod\pvshvnatssd.exe
uRun: [mnhnyyio] c:\documents and settings\computer\local settings\application data\ayvtdhiph\puyrtgptssd.exe
uRun: [enoxawqn] c:\documents and settings\computer\local settings\application data\akvghyvmo\pobxaqgtssd.exe
uRun: [qgejibud] c:\documents and settings\computer\local settings\application data\ciroyxdnj\sedewdhtssd.exe
uRun: [oejjxlrl] c:\documents and settings\computer\local settings\application data\pajjbhuxa\tykueuatssd.exe
uRun: [jtkchxer] c:\documents and settings\computer\local settings\application data\nmfjbyipn\thxnmxctssd.exe
uRun: [fslllydm] c:\documents and settings\computer\local settings\application data\qbesfgbds\tnlhuettssd.exe
uRun: [skfvyrps] c:\documents and settings\computer\local settings\application data\vgwjpxnil\uxaogdgtssd.exe
uRun: [juokfpdw] c:\documents and settings\computer\local settings\application data\mqbhykfex\uihcltytssd.exe
uRun: [lsnkyeqc] c:\documents and settings\computer\local settings\application data\elsybkbgm\upaguhrtssd.exe
uRun: [eqxkklvo] c:\documents and settings\computer\local settings\application data\nykxbdpaf\uxujadjtssd.exe
uRun: [lhjclttd] c:\documents and settings\computer\local settings\application data\fbnucrspy\ulamfgvtssd.exe
uRun: [xyogmedt] c:\documents and settings\computer\local settings\application data\xoyucsgqn\ukqrdpdtssd.exe
uRun: [swvtnbrs] c:\documents and settings\computer\local settings\application data\weqrdgvfr\vyeojjitssd.exe
uRun: [tqhivuvd] c:\documents and settings\computer\application data\yikneycay\vkewgpmtssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [onqrdugf] c:\documents and settings\computer\local settings\application data\ebvfjgfgg\uwaotuttssd.exe
uRun: [trwxkhoc] c:\documents and settings\computer\local settings\application data\oktfrftod\vrkjrbotssd.exe
uRun: [gxwtyhcu] c:\documents and settings\computer\local settings\application data\jnabsnyxf\vnbuajytssd.exe
uRun: [rpbwasll] c:\documents and settings\computer\local settings\application data\cblbsomyt\vmqayshtssd.exe
uRun: [hgywxvue] c:\documents and settings\computer\local settings\application data\riweyhxby\vlyfjcutssd.exe
uRun: [pacyaiyw] c:\documents and settings\computer\local settings\application data\lrpsclkiq\vqdticntssd.exe
uRun: [ihstcagc] c:\documents and settings\computer\local settings\application data\whepdbbyy\wexclohtssd.exe
uRun: [wekhnean] c:\documents and settings\computer\local settings\application data\fknmeiehv\wahdwedtssd.exe
uRun: [prjkurhl] c:\documents and settings\computer\local settings\application data\yfnytwgpq\ribhjyftssd.exe
uRun: [iujicenh] c:\documents and settings\computer\local settings\application data\ihewtbitf\rfvmbdxtssd.exe
uRun: [fwcdgktg] c:\documents and settings\computer\local settings\application data\odtxbxjah\scisdhwtssd.exe
uRun: [eysjyeiq] c:\documents and settings\computer\local settings\application data\kajxjpmbw\sgorhjitssd.exe
uRun: [sdregsjn] c:\documents and settings\computer\local settings\application data\vwhlnxnnm\tiwgyfmtssd.exe
uRun: [fqsbmvww] c:\documents and settings\computer\local settings\application data\qljqbdmjy\uoroakxtssd.exe
uRun: [seethqop] c:\documents and settings\computer\local settings\application data\xmvpbnntf\ufblmjrtssd.exe
uRun: [hqpnckfi] c:\documents and settings\computer\local settings\application data\fmjobxofl\uukiailtssd.exe
uRun: [xyivpoec] c:\documents and settings\computer\local settings\application data\bbxncrdai\ucmwdwrtssd.exe
uRun: [hflfoaij] c:\documents and settings\computer\local settings\application data\gdeldfgow\uqkokhotssd.exe
uRun: [oqhyucfo] c:\documents and settings\computer\local settings\application data\xrjjdjusv\uooodcatssd.exe
uRun: [ovwwphgx] c:\documents and settings\computer\local settings\application data\xghidtjeq\ueoqpkbtssd.exe
uRun: [koomuytn] c:\documents and settings\computer\local settings\application data\whbgewkha\ucdmjvetssd.exe
uRun: [dwfixqbs] c:\documents and settings\computer\local settings\application data\hwpdfmbxj\upxtmhxtssd.exe
uRun: [vafgeeho] c:\documents and settings\computer\local settings\application data\ryfbfqedw\unsaelqtssd.exe
uRun: [irjkfoqf] c:\documents and settings\computer\local settings\application data\kmqbgrqel\umjfduxtssd.exe
uRun: [gatemkph] c:\documents and settings\computer\application data\yfftiwmls\unpyidstssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [rifyfmig] c:\documents and settings\computer\local settings\application data\ywthwxtll\neiijchtssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [oaquakym] c:\documents and settings\computer\local settings\application data\lslsoomkb\lgtsufqtssd.exe
uRun: [xgteyvdt] c:\documents and settings\computer\local settings\application data\qurqpboyq\lurkcpotssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [ditpiblo] c:\documents and settings\computer\local settings\application data\bmodibuvh\nvgaudhtssd.exe
uRun: [uudvrkls] c:\documents and settings\computer\local settings\application data\xobajgxca\nsipjyotssd.exe
uRun: [ihopmeck] c:\documents and settings\computer\local settings\application data\fpnajqymf\nirmwxitssd.exe
uRun: [yynsqsdx] c:\documents and settings\computer\local settings\application data\cgyvlhqfs\nutfwdqtssd.exe
uRun: [wjvbtowf] c:\documents and settings\computer\local settings\application data\ngvuljrhx\nubptvftssd.exe
uRun: [sxxtcajk] c:\documents and settings\computer\local settings\application data\ltqulbfxl\ndpicyhtssd.exe
uRun: [whxnxncy] c:\documents and settings\computer\local settings\application data\qynonnlna\nvbaclltssd.exe
uRun: [ahvamckk] c:\documents and settings\computer\local settings\application data\fbnmninjm\nctsdjytssd.exe
uRun: [qkxlebiu] c:\documents and settings\computer\local settings\application data\abemnrosn\nsvftpdtssd.exe
uRun: [jnyjlnpr] c:\documents and settings\computer\local settings\application data\kdtkovqwc\nqqkktvtssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [fhpyqfcg] c:\documents and settings\computer\local settings\application data\ienioxrak\nofgffatssd.exe
uRun: [qiaxianp] c:\documents and settings\computer\local settings\application data\dtvfpviyq\ntvpbfjtssd.exe
uRun: [jlavpnul] c:\documents and settings\computer\local settings\application data\muldqakee\nrqusjctssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [siede] c:\documents and settings\computer\siede.exe
uRun: [siede ] c:\documents and settings\computer\siede .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [siede ] c:\documents and settings\computer\siede .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [siede ] c:\documents and settings\computer\siede .exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [uhbik] c:\windows\system32\uhbik.exe \u
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [coF2] c:\windows\system32\umdmgr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Mreha] rundll32.exe "c:\windows\oqeguxavigam.dll",Startup
mRun: [klcfugej] c:\documents and settings\jose\local settings\application data\cnvbkuwko\vpvrmmotssd.exe
mRun: [asam] c:\documents and settings\computer\local settings\application data\asam.exe
mRun: [uymfteio] c:\documents and settings\networkservice\local settings\application data\ojxubsexs\awknyymtssd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sniffer] c:\windows\temp\_ex-08 .exe
mRun: [ujhxnewl] c:\documents and settings\computer\local settings\application data\lojdjclxk\wypsetktssd.exe
mRun: [ahejvgsb] c:\documents and settings\computer\local settings\application data\rkbsmwjvl\xnbpofqtssd.exe
mRun: [vjdhvhnd] c:\documents and settings\computer\local settings\application data\sgjipahdn\xsoyowdtssd.exe
mRun: [fymkmdtc] c:\documents and settings\computer\local settings\application data\ykmerjnot\xmluuxctssd.exe
mRun: [kiupogew] c:\documents and settings\computer\local settings\application data\lyjaetpkw\gikcgsotssd.exe
mRun: [xvgijavo] c:\documents and settings\computer\local settings\application data\sawyfequd\gytytritssd.exe
mRun: [kchexaih] c:\documents and settings\computer\local settings\application data\mddugmvfe\gtkkcattssd.exe
mRun: [vihalbua] c:\documents and settings\computer\local settings\application data\hhjqhuapf\goavkhetssd.exe
mRun: [ppwvosdf] c:\documents and settings\computer\local settings\application data\rwxnikqgo\gcvdotxtssd.exe
mRun: [ekqwewbk] c:\documents and settings\computer\local settings\application data\csydluoun\hyeohyatssd.exe
mRun: [oycmysne] c:\documents and settings\computer\local settings\application data\lptrojomv\htbuvoftssd.exe
mRun: [knkeqgud] c:\documents and settings\computer\local settings\application data\siecinxpf\irsycyftssd.exe
mRun: [rtedgbbu] c:\documents and settings\computer\local settings\application data\nqqayasvd\kxbnffatssd.exe
mRun: [whkmhpst] c:\documents and settings\computer\local settings\application data\ddfcdymuk\reunqqvtssd.exe
mRun: [lniukeow] c:\documents and settings\computer\local settings\application data\mjlvecsax\rgdsbwttssd.exe
mRun: [storubkt] c:\documents and settings\computer\local settings\application data\djrveutsa\roiqhjetssd.exe
mRun: [njpkenvy] c:\documents and settings\computer\local settings\application data\awnvemhko\rwwkpmgtssd.exe
mRun: [emsvvltk] c:\documents and settings\computer\local settings\application data\vwdufuhtp\rnyvgsltssd.exe
mRun: [afklbdgy] c:\documents and settings\computer\local settings\application data\txwtfxiwy\rmmraeptssd.exe
mRun: [fvypnvvd] c:\documents and settings\computer\local settings\application data\wyasfrjqg\rtyaejntssd.exe
mRun: [xieilter] c:\documents and settings\computer\local settings\application data\hdmnhsosk\rwtkteitssd.exe
mRun: [jfykijpr] c:\documents and settings\computer\local settings\application data\bewmheqfu\smkrevrtssd.exe
mRun: [xggupsjl] c:\windows\sxttbtotssd.exe
mRun: [tuinyfvq] c:\documents and settings\computer\local settings\application data\hiahjnvqb\sghnjwqtssd.exe
mRun: [qgbntjih] c:\documents and settings\computer\local settings\application data\nafxkdrej\jdobgtltssd.exe
mRun: [lucgdvum] c:\documents and settings\computer\local settings\application data\lnbxkuevw\jmdtowntssd.exe
mRun: [mtxplale] c:\documents and settings\computer\local settings\application data\sfadprbba\kfbayygtssd.exe
mRun: [ylctmkuu] c:\documents and settings\computer\local settings\application data\lsldqsocp\kfrfwintssd.exe
mRun: [rdxjgnfs] c:\documents and settings\computer\local settings\application data\wkwwrfipo\kxmryljtssd.exe
mRun: [ilqrtqdm] c:\documents and settings\computer\local settings\application data\sylvsywll\kepfbaptssd.exe
mRun: [urrniqqf] c:\documents and settings\computer\local settings\application data\ndrrthbun\kafqjiatssd.exe
mRun: [wwexskaa] c:\documents and settings\computer\local settings\application data\dspounrcu\kvxmwoptssd.exe
mRun: [ybridejt] c:\documents and settings\computer\local settings\application data\riolvtijc\krqijtetssd.exe
mRun: [akxduolm] c:\documents and settings\computer\local settings\application data\sklivqlhs\kxqmhkgtssd.exe
mRun: [qcwgacmy] c:\documents and settings\computer\local settings\application data\pbvexhdyg\kkseipotssd.exe
mRun: [anpmutsp] c:\documents and settings\computer\local settings\application data\vqbbygtyq\koqxcintssd.exe
mRun: [myggeygr] c:\documents and settings\computer\local settings\application data\qiguaamun\lyglwyytssd.exe
mRun: [oijnkwqu] c:\documents and settings\computer\local settings\application data\gmcqcqrnp\llyjvnptssd.exe
mRun: [ocucsruf] c:\documents and settings\computer\local settings\application data\iqvldkwiw\lwyrruttssd.exe
mRun: [iobuqpdu] c:\documents and settings\computer\local settings\application data\suihekclb\latbhootssd.exe
mRun: [ybkbaxdx] c:\documents and settings\computer\local settings\application data\pxvefqfrt\lwvrvlvtssd.exe
mRun: [smrgdurg] c:\documents and settings\computer\application data\dtasiufbb\lbqlsvwtssd.exe
mRun: [nibghqky] c:\documents and settings\computer\local settings\application data\dcjjlnovh\lpeshfhtssd.exe
mRun: [sivfltcu] c:\documents and settings\computer\local settings\application data\hfjgmdsng\ldpfjaitssd.exe
mRun: [vwoknxnh] c:\documents and settings\computer\local settings\application data\wweaogmse\mfiftwytssd.exe
mRun: [monnrlou] c:\documents and settings\computer\local settings\application data\tnpvpwekr\mrkwuchtssd.exe
mRun: [bkfbeqif] c:\documents and settings\computer\local settings\application data\cqysqehso\mntxgrdtssd.exe
mRun: [kvxiyhnv] c:\documents and settings\computer\local settings\application data\iheorcysy\mrqrakctssd.exe
mRun: [htdkbctj] c:\documents and settings\computer\local settings\application data\ijhskalqj\qkcgsngtssd.exe
mRun: [xwgvtbru] c:\documents and settings\computer\local settings\application data\djwskimal\qcesitltssd.exe
mRun: [jokyulbl] c:\documents and settings\computer\local settings\application data\wwirljybb\qbuxhdstssd.exe
mRun: [wqouqlyr] c:\documents and settings\computer\local settings\application data\vlxbpasxh\qxkdgqptssd.exe
mRun: [pikklnip] c:\documents and settings\computer\local settings\application data\hejurlllg\qrfohsltssd.exe
mRun: [lwldtauv] c:\documents and settings\computer\local settings\application data\fqfurdydu\qasipvntssd.exe
mRun: [uaslckjq] c:\documents and settings\computer\local settings\application data\oeufwypeo\rqptnlwtssd.exe
mRun: [ldvwtjhc] c:\documents and settings\computer\local settings\application data\kekfwipnq\rhrgerctssd.exe
mRun: [cgxilhfn] c:\documents and settings\computer\local settings\application data\febfwrqwr\ryusuxhtssd.exe
mRun: [sjbtegdx] c:\documents and settings\computer\local settings\application data\bfrfwaqgt\rpwfkeltssd.exe
mRun: [qskcgcvg] c:\documents and settings\computer\local settings\application data\mfoewcrix\roepiwbtssd.exe
mRun: [vjygsulj] c:\documents and settings\computer\local settings\application data\pgrdwvscf\rvpxlcytssd.exe
mRun: [fklswboh] c:\documents and settings\computer\local settings\application data\uuycxxgey\runohevtssd.exe
mRun: [omyeairf] c:\documents and settings\computer\local settings\application data\aihbxauhs\rtkedgrtssd.exe
mRun: [qhgttryh] c:\documents and settings\computer\local settings\application data\ovjaxjiqk\rkdvrvetssd.exe
mRun: [qmvqowaq] c:\documents and settings\computer\local settings\application data\ojhyxuwdf\radxeeftssd.exe
mRun: [deauphkh] c:\documents and settings\computer\local settings\application data\hwsyyvkdu\ratdcnmtssd.exe
mRun: [vfcgbtvx] c:\documents and settings\computer\local settings\application data\trbqbegok\rxoscgltssd.exe
mRun: [yofnhsgb] c:\documents and settings\computer\local settings\application data\kvwlcvlin\rkhpbubtssd.exe
mRun: [tdhfqfsh] c:\documents and settings\computer\local settings\application data\hislcmyab\rsvjjxdtssd.exe
mRun: [rwviklng] c:\documents and settings\computer\local settings\application data\ullidkcyw\rxcxehutssd.exe
mRun: [nlwbswam] c:\documents and settings\computer\local settings\application data\sxhidcpqk\rgqqmkwtssd.exe
mRun: [doamlvxw] c:\documents and settings\computer\local settings\application data\nywidlpal\rwsddqctssd.exe
mRun: [rgcdbupy] c:\documents and settings\computer\local settings\application data\vnigehfvn\rdcccxwtssd.exe
mRun: [ewitgffk] c:\documents and settings\computer\local settings\application data\qtlygmmdf\resrjwktssd.exe
mRun: [vmgajqel] c:\documents and settings\computer\local settings\application data\jcwifutmn\cffmppmtssd.exe
mRun: [mpjlcocw] c:\documents and settings\computer\local settings\application data\fdmifetvo\cwhygvrtssd.exe
mRun: [wtnhfamx] c:\documents and settings\computer\local settings\application data\mwkyhvqqg\cmfbvuutssd.exe
mRun: [imslglvo] c:\documents and settings\computer\local settings\application data\fkvyiweqv\clvguectssd.exe
mRun: [iaodsbyq] c:\documents and settings\computer\local settings\application data\hbrujeuai\chumfdgtssd.exe
mRun: [jokugpcr] c:\documents and settings\computer\local settings\application data\irmrklmjt\cdusocjtssd.exe
mRun: [jyqpwaek] c:\documents and settings\computer\local settings\application data\jtjoliogk\ciuwmsltssd.exe
mRun: [acsbpycv] c:\documents and settings\computer\local settings\application data\etyolrppm\cywidyqtssd.exe
mRun: [fapmwbxl] c:\documents and settings\computer\local settings\application data\kpqenlnnn\cnignjxtssd.exe
mRun: [xvttkcdw] c:\documents and settings\computer\local settings\application data\tlhpafsva\dbidmmmtssd.exe
mRun: [skulsooc] c:\documents and settings\computer\local settings\application data\rxdpawgnn\djvvupptssd.exe
mRun: [oywecbbi] c:\documents and settings\computer\application data\plxpaosfb\drkodsrtssd.exe
mRun: [arbidmky] c:\documents and settings\computer\local settings\application data\iyjpaogfq\drbtbcytssd.exe
mRun: [ugcbmxve] c:\documents and settings\computer\local settings\application data\glepagtwe\dapnjfctssd.exe
mRun: [ljfmewtp] c:\documents and settings\computer\local settings\application data\bmuoaptgg\dqraalgtssd.exe
mRun: [ositkvfs] c:\documents and settings\computer\local settings\application data\qpqkchyai\ddkwyavtssd.exe
mRun: [ynkskmne] c:\documents and settings\computer\local settings\application data\klimqmevk\frwngswtssd.exe
mRun: [umlconny] c:\documents and settings\computer\local settings\application data\oaivvuvjp\gxkhpaotssd.exe
mRun: [secrmsns] c:\documents and settings\computer\local settings\application data\dvtmxwton\geqfsxltssd.exe
mRun: [fvgvndxj] c:\documents and settings\computer\local settings\application data\wielxwhpc\gdhlqhstssd.exe
mRun: [qnkaooha] c:\documents and settings\computer\local settings\application data\pvplyxuqr\gdxqpqatssd.exe
mRun: [mcmsxbtg] c:\documents and settings\computer\local settings\application data\njllyphhf\glljxtdtssd.exe
mRun: [bgrjhgxd] c:\documents and settings\computer\local settings\application data\aewqcmaoi\iqdwxbjtssd.exe
mRun: [ishaqmgg] c:\documents and settings\computer\local settings\application data\wrjahkqrh\ightsihtssd.exe
mRun: [vqotvlob] c:\documents and settings\computer\application data\arivpjxbs\jfvthaptssd.exe
mRun: [dwuqgikw] c:\documents and settings\computer\local settings\application data\qrpvpbytv\jnaromytssd.exe
mRun: [ymvjpuvd] c:\documents and settings\computer\local settings\application data\ofkvpsllj\jvolwpctssd.exe
mRun: [tbxcxhii] c:\documents and settings\computer\local settings\application data\mrfvpkydx\jedefsetssd.exe
mRun: [ykxvtubw] c:\documents and settings\computer\local settings\application data\qxcprwgrm\jwouffhtssd.exe
mRun: [gqesdrws] c:\documents and settings\computer\local settings\application data\hxiorpgkp\jfstlrrtssd.exe
mRun: [dambgnqb] c:\documents and settings\computer\local settings\application data\tyfosqhmt\jeaeikgtssd.exe
mRun: [yootoacg] c:\documents and settings\computer\local settings\application data\qlansiteh\jmnwqnjtssd.exe
mRun: [khswpkmw] c:\documents and settings\computer\local settings\application data\kylnsihew\jmecpwqtssd.exe
mRun: [gdcwugfo] c:\documents and settings\computer\application data\lhueubrae\jcrjdgbtssd.exe
mRun: [crdpdsru] c:\documents and settings\computer\local settings\application data\itqeusfrr\jkgdljdtssd.exe
mRun: [jxjmnpmq] c:\documents and settings\computer\local settings\application data\yuweukfku\jslbsvntssd.exe
mRun: [oeyfwdog] c:\documents and settings\computer\local settings\application data\oyaudghod\pvshvnatssd.exe
mRun: [mnhnyyio] c:\documents and settings\computer\local settings\application data\ayvtdhiph\puyrtgptssd.exe
mRun: [enoxawqn] c:\documents and settings\computer\local settings\application data\akvghyvmo\pobxaqgtssd.exe
mRun: [qgejibud] c:\documents and settings\computer\local settings\application data\ciroyxdnj\sedewdhtssd.exe
mRun: [oejjxlrl] c:\documents and settings\computer\local settings\application data\pajjbhuxa\tykueuatssd.exe
mRun: [jtkchxer] c:\documents and settings\computer\local settings\application data\nmfjbyipn\thxnmxctssd.exe
mRun: [fslllydm] c:\documents and settings\computer\local settings\application data\qbesfgbds\tnlhuettssd.exe
mRun: [skfvyrps] c:\documents and settings\computer\local settings\application data\vgwjpxnil\uxaogdgtssd.exe
mRun: [juokfpdw] c:\documents and settings\computer\local settings\application data\mqbhykfex\uihcltytssd.exe
mRun: [lsnkyeqc] c:\documents and settings\computer\local settings\application data\elsybkbgm\upaguhrtssd.exe
mRun: [eqxkklvo] c:\documents and settings\computer\local settings\application data\nykxbdpaf\uxujadjtssd.exe
mRun: [lhjclttd] c:\documents and settings\computer\local settings\application data\fbnucrspy\ulamfgvtssd.exe
mRun: [xyogmedt] c:\documents and settings\computer\local settings\application data\xoyucsgqn\ukqrdpdtssd.exe
mRun: [swvtnbrs] c:\documents and settings\computer\local settings\application data\weqrdgvfr\vyeojjitssd.exe
mRun: [tqhivuvd] c:\documents and settings\computer\application data\yikneycay\vkewgpmtssd.exe
mRun: [onqrdugf] c:\documents and settings\computer\local settings\application data\ebvfjgfgg\uwaotuttssd.exe
mRun: [trwxkhoc] c:\documents and settings\computer\local settings\application data\oktfrftod\vrkjrbotssd.exe
mRun: [gxwtyhcu] c:\documents and settings\computer\local settings\application data\jnabsnyxf\vnbuajytssd.exe
mRun: [rpbwasll] c:\documents and settings\computer\local settings\application data\cblbsomyt\vmqayshtssd.exe
mRun: [hgywxvue] c:\documents and settings\computer\local settings\application data\riweyhxby\vlyfjcutssd.exe
mRun: [pacyaiyw] c:\documents and settings\computer\local settings\application data\lrpsclkiq\vqdticntssd.exe
mRun: [ihstcagc] c:\documents and settings\computer\local settings\application data\whepdbbyy\wexclohtssd.exe
mRun: [wekhnean] c:\documents and settings\computer\local settings\application data\fknmeiehv\wahdwedtssd.exe
mRun: [prjkurhl] c:\documents and settings\computer\local settings\application data\yfnytwgpq\ribhjyftssd.exe
mRun: [iujicenh] c:\documents and settings\computer\local settings\application data\ihewtbitf\rfvmbdxtssd.exe
mRun: [fwcdgktg] c:\documents and settings\computer\local settings\application data\odtxbxjah\scisdhwtssd.exe
mRun: [eysjyeiq] c:\documents and settings\computer\local settings\application data\kajxjpmbw\sgorhjitssd.exe
mRun: [sdregsjn] c:\documents and settings\computer\local settings\application data\vwhlnxnnm\tiwgyfmtssd.exe
mRun: [fqsbmvww] c:\documents and settings\computer\local settings\application data\qljqbdmjy\uoroakxtssd.exe
mRun: [seethqop] c:\documents and settings\computer\local settings\application data\xmvpbnntf\ufblmjrtssd.exe
mRun: [hqpnckfi] c:\documents and settings\computer\local settings\application data\fmjobxofl\uukiailtssd.exe
mRun: [xyivpoec] c:\documents and settings\computer\local settings\application data\bbxncrdai\ucmwdwrtssd.exe
mRun: [hflfoaij] c:\documents and settings\computer\local settings\application data\gdeldfgow\uqkokhotssd.exe
mRun: [oqhyucfo] c:\documents and settings\computer\local settings\application data\xrjjdjusv\uooodcatssd.exe
mRun: [ovwwphgx] c:\documents and settings\computer\local settings\application data\xghidtjeq\ueoqpkbtssd.exe
mRun: [koomuytn] c:\documents and settings\computer\local settings\application data\whbgewkha\ucdmjvetssd.exe
mRun: [dwfixqbs] c:\documents and settings\computer\local settings\application data\hwpdfmbxj\upxtmhxtssd.exe
mRun: [vafgeeho] c:\documents and settings\computer\local settings\application data\ryfbfqedw\unsaelqtssd.exe
mRun: [irjkfoqf] c:\documents and settings\computer\local settings\application data\kmqbgrqel\umjfduxtssd.exe
mRun: [gatemkph] c:\documents and settings\computer\application data\yfftiwmls\unpyidstssd.exe
mRun: [rifyfmig] c:\documents and settings\computer\local settings\application data\ywthwxtll\neiijchtssd.exe
mRun: [oaquakym] c:\documents and settings\computer\local settings\application data\lslsoomkb\lgtsufqtssd.exe
mRun: [xgteyvdt] c:\documents and settings\computer\local settings\application data\qurqpboyq\lurkcpotssd.exe
mRun: [ditpiblo] c:\documents and settings\computer\local settings\application data\bmodibuvh\nvgaudhtssd.exe
mRun: [uudvrkls] c:\documents and settings\computer\local settings\application data\xobajgxca\nsipjyotssd.exe
mRun: [ihopmeck] c:\documents and settings\computer\local settings\application data\fpnajqymf\nirmwxitssd.exe
mRun: [yynsqsdx] c:\documents and settings\computer\local settings\application data\cgyvlhqfs\nutfwdqtssd.exe
mRun: [wjvbtowf] c:\documents and settings\computer\local settings\application data\ngvuljrhx\nubptvftssd.exe
mRun: [sxxtcajk] c:\documents and settings\computer\local settings\application data\ltqulbfxl\ndpicyhtssd.exe
mRun: [whxnxncy] c:\documents and settings\computer\local settings\application data\qynonnlna\nvbaclltssd.exe
mRun: [ahvamckk] c:\documents and settings\computer\local settings\application data\fbnmninjm\nctsdjytssd.exe
mRun: [qkxlebiu] c:\documents and settings\computer\local settings\application data\abemnrosn\nsvftpdtssd.exe
mRun: [jnyjlnpr] c:\documents and settings\computer\local settings\application data\kdtkovqwc\nqqkktvtssd.exe
mRun: [fhpyqfcg] c:\documents and settings\computer\local settings\application data\ienioxrak\nofgffatssd.exe
mRun: [qiaxianp] c:\documents and settings\computer\local settings\application data\dtvfpviyq\ntvpbfjtssd.exe
mRun: [jlavpnul] c:\documents and settings\computer\local settings\application data\muldqakee\nrqusjctssd.exe
dRun: [uymfteio] c:\documents and settings\networkservice\local settings\application data\ojxubsexs\awknyymtssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\computer\applic~1\mozilla\firefox\profiles\uhocs9qk.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: XULRunner: {4F16AA05-74BF-4EB9-8537-8A54EAD076AF} - c:\documents and settings\computer\local settings\application data\{4f16aa05-74bf-4eb9-8537-8a54ead076af}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [2008-11-6 37120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-23 135664]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-7-17 50704]
S3 xboxdrv;xboxdrv;c:\windows\system32\xboxdrv.sys [2010-6-18 2304]

=============== Created Last 30 ================

2010-08-10 17:11:38 54016 ----a-w- c:\windows\system32\drivers\moirmqft.sys
2010-08-10 00:05:10 7680 --sha-w- c:\windows\Thumbs.db
2010-08-09 23:42:44 0 ----a-w- c:\documents and settings\computer\jagex__preferences3.dat
2010-08-09 23:42:40 99 ----a-w- c:\documents and settings\computer\jagex_runescape_preferences2.dat
2010-08-09 23:41:23 46 ----a-w- c:\documents and settings\computer\jagex_runescape_preferences.dat
2010-08-09 03:22:16 0 d-----w- c:\program files\SwiftKit
2010-08-06 01:13:44 35852 --sha-r- c:\documents and settings\computer\siede .exe
2010-08-06 01:13:44 35852 --sh--r- c:\documents and settings\computer\siede.exe
2010-08-06 01:13:44 35848 --sha-r- c:\documents and settings\computer\siede .exe
2010-08-06 01:13:44 125952 --sha-r- c:\documents and settings\computer\siede .exe
2010-08-02 00:11:54 2770 ----a-w- c:\windows\exilidarex.dll
2010-08-01 19:20:17 0 d-----w- c:\docume~1\computer\applic~1\Malwarebytes
2010-07-26 20:40:24 35848 --sha-r- c:\documents and settings\computer\L3rbd.com
2010-07-25 20:17:32 77824 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35852 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35852 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35852 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35852 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35852 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35848 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35848 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35848 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35848 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35848 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 20:17:32 35848 --sha-r- c:\documents and settings\computer\jiqon .exe
2010-07-25 19:52:41 0 d-----w- c:\documents and settings\computer\Incomplete
2010-07-25 17:25:33 35848 --sha-r- c:\docume~1\alluse~1\applic~1\L3rbd.exe
2010-07-25 17:06:51 35848 --sha-r- c:\windows\system32\L3rbd.com
2010-07-22 19:09:34 0 d-----w- c:\documents and settings\computer\Shared
2010-07-22 19:07:04 0 d-----w- c:\docume~1\computer\applic~1\LimeWire
2010-07-17 21:40:07 0 d-sh--w- c:\documents and settings\computer\IECompatCache
2010-07-17 20:31:30 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-07-17 20:31:29 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-07-17 20:31:27 100880 ----a-w- c:\windows\system32\Packet.dll
2010-07-14 20:08:14 77824 --sh--r- c:\documents and settings\computer\haeuhi.exe
2010-07-14 10:49:29 122880 ----a-w- c:\windows\system32\iBhmF8F1.dll

==================== Find3M ====================

2010-08-08 23:37:48 35852 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-08-08 23:37:48 35852 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-08-08 23:37:48 35852 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-08-08 23:37:48 35852 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-07-21 00:45:55 35848 --sha-r- c:\windows\fonts\L3rbd.com
2010-07-21 00:45:55 35848 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-07-21 00:45:55 35848 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-07-21 00:45:55 35848 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-07-21 00:45:55 35848 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-07-21 00:45:55 35848 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-07-21 00:45:55 35848 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-07-21 00:45:55 35848 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-07-21 00:45:55 35848 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-07-21 00:45:55 35848 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-07-20 23:22:38 125952 --sha-r- c:\documents and settings\computer\hiowo .exe
2010-06-22 17:28:57 45056 ----a-w- c:\windows\system32\pIotM8M1.dll
2010-06-18 19:00:07 2304 ----a-w- c:\windows\system32\xboxdrv.sys
2010-05-30 17:27:45 17812 ----a-w- c:\windows\War3Unin.dat
2010-05-30 17:26:28 2829 ----a-w- c:\windows\War3Unin.pif
2010-05-30 17:26:28 126976 ----a-w- c:\windows\War3Unin.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-16 22:12:34 40960 ---ha-w- c:\windows\system32\redireg.dll

============= FINISH: 14:26:27.31 ===============

Attached File  Attach.txt   14.55KB   4 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 AM

Posted 17 August 2010 - 01:36 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tehfuzzle

tehfuzzle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 17 August 2010 - 05:06 PM

DDS (Ver_10-03-17.01) - NTFSx86
Run by computer at 14:41:09.48 on Tue 08/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.542 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\umdmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\computer\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = hxxp://www.piotoshow.com/ac.php?aid=139&sid=direct
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant =
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CAB Class: {c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} - c:\windows\system32\iBhmF8F1.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Zango Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:\program files\zango\bin\10.3.85.0\HostIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [asam] c:\documents and settings\computer\local settings\application data\asam.exe
uRun: [riuom] c:\documents and settings\computer\riuom.exe
uRun: [boazu] c:\documents and settings\computer\boazu.exe
uRun: [JDK5SWFMZY] c:\docume~1\computer\locals~1\temp\Wnt.exe
uRun: [Vmuqeqi] rundll32.exe "c:\windows\coianey.dll",Startup
uRun: [hiowo] c:\documents and settings\computer\hiowo.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [ujhxnewl] c:\documents and settings\computer\local settings\application data\lojdjclxk\wypsetktssd.exe
uRun: [ahejvgsb] c:\documents and settings\computer\local settings\application data\rkbsmwjvl\xnbpofqtssd.exe
uRun: [vjdhvhnd] c:\documents and settings\computer\local settings\application data\sgjipahdn\xsoyowdtssd.exe
uRun: [fymkmdtc] c:\documents and settings\computer\local settings\application data\ykmerjnot\xmluuxctssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [kiupogew] c:\documents and settings\computer\local settings\application data\lyjaetpkw\gikcgsotssd.exe
uRun: [xvgijavo] c:\documents and settings\computer\local settings\application data\sawyfequd\gytytritssd.exe
uRun: [kchexaih] c:\documents and settings\computer\local settings\application data\mddugmvfe\gtkkcattssd.exe
uRun: [vihalbua] c:\documents and settings\computer\local settings\application data\hhjqhuapf\goavkhetssd.exe
uRun: [ppwvosdf] c:\documents and settings\computer\local settings\application data\rwxnikqgo\gcvdotxtssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [ekqwewbk] c:\documents and settings\computer\local settings\application data\csydluoun\hyeohyatssd.exe
uRun: [oycmysne] c:\documents and settings\computer\local settings\application data\lptrojomv\htbuvoftssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [knkeqgud] c:\documents and settings\computer\local settings\application data\siecinxpf\irsycyftssd.exe
uRun: [rtedgbbu] c:\documents and settings\computer\local settings\application data\nqqayasvd\kxbnffatssd.exe
uRun: [whkmhpst] c:\documents and settings\computer\local settings\application data\ddfcdymuk\reunqqvtssd.exe
uRun: [lniukeow] c:\documents and settings\computer\local settings\application data\mjlvecsax\rgdsbwttssd.exe
uRun: [storubkt] c:\documents and settings\computer\local settings\application data\djrveutsa\roiqhjetssd.exe
uRun: [njpkenvy] c:\documents and settings\computer\local settings\application data\awnvemhko\rwwkpmgtssd.exe
uRun: [emsvvltk] c:\documents and settings\computer\local settings\application data\vwdufuhtp\rnyvgsltssd.exe
uRun: [afklbdgy] c:\documents and settings\computer\local settings\application data\txwtfxiwy\rmmraeptssd.exe
uRun: [fvypnvvd] c:\documents and settings\computer\local settings\application data\wyasfrjqg\rtyaejntssd.exe
uRun: [xieilter] c:\documents and settings\computer\local settings\application data\hdmnhsosk\rwtkteitssd.exe
uRun: [jfykijpr] c:\documents and settings\computer\local settings\application data\bewmheqfu\smkrevrtssd.exe
uRun: [xggupsjl] c:\windows\sxttbtotssd.exe
uRun: [tuinyfvq] c:\documents and settings\computer\local settings\application data\hiahjnvqb\sghnjwqtssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [qgbntjih] c:\documents and settings\computer\local settings\application data\nafxkdrej\jdobgtltssd.exe
uRun: [lucgdvum] c:\documents and settings\computer\local settings\application data\lnbxkuevw\jmdtowntssd.exe
uRun: [mtxplale] c:\documents and settings\computer\local settings\application data\sfadprbba\kfbayygtssd.exe
uRun: [ylctmkuu] c:\documents and settings\computer\local settings\application data\lsldqsocp\kfrfwintssd.exe
uRun: [rdxjgnfs] c:\documents and settings\computer\local settings\application data\wkwwrfipo\kxmryljtssd.exe
uRun: [ilqrtqdm] c:\documents and settings\computer\local settings\application data\sylvsywll\kepfbaptssd.exe
uRun: [urrniqqf] c:\documents and settings\computer\local settings\application data\ndrrthbun\kafqjiatssd.exe
uRun: [wwexskaa] c:\documents and settings\computer\local settings\application data\dspounrcu\kvxmwoptssd.exe
uRun: [ybridejt] c:\documents and settings\computer\local settings\application data\riolvtijc\krqijtetssd.exe
uRun: [akxduolm] c:\documents and settings\computer\local settings\application data\sklivqlhs\kxqmhkgtssd.exe
uRun: [qcwgacmy] c:\documents and settings\computer\local settings\application data\pbvexhdyg\kkseipotssd.exe
uRun: [anpmutsp] c:\documents and settings\computer\local settings\application data\vqbbygtyq\koqxcintssd.exe
uRun: [myggeygr] c:\documents and settings\computer\local settings\application data\qiguaamun\lyglwyytssd.exe
uRun: [oijnkwqu] c:\documents and settings\computer\local settings\application data\gmcqcqrnp\llyjvnptssd.exe
uRun: [ocucsruf] c:\documents and settings\computer\local settings\application data\iqvldkwiw\lwyrruttssd.exe
uRun: [iobuqpdu] c:\documents and settings\computer\local settings\application data\suihekclb\latbhootssd.exe
uRun: [ybkbaxdx] c:\documents and settings\computer\local settings\application data\pxvefqfrt\lwvrvlvtssd.exe
uRun: [smrgdurg] c:\documents and settings\computer\application data\dtasiufbb\lbqlsvwtssd.exe
uRun: [nibghqky] c:\documents and settings\computer\local settings\application data\dcjjlnovh\lpeshfhtssd.exe
uRun: [sivfltcu] c:\documents and settings\computer\local settings\application data\hfjgmdsng\ldpfjaitssd.exe
uRun: [vwoknxnh] c:\documents and settings\computer\local settings\application data\wweaogmse\mfiftwytssd.exe
uRun: [monnrlou] c:\documents and settings\computer\local settings\application data\tnpvpwekr\mrkwuchtssd.exe
uRun: [bkfbeqif] c:\documents and settings\computer\local settings\application data\cqysqehso\mntxgrdtssd.exe
uRun: [kvxiyhnv] c:\documents and settings\computer\local settings\application data\iheorcysy\mrqrakctssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [jiqon] c:\documents and settings\computer\jiqon.exe
uRun: [htdkbctj] c:\documents and settings\computer\local settings\application data\ijhskalqj\qkcgsngtssd.exe
uRun: [xwgvtbru] c:\documents and settings\computer\local settings\application data\djwskimal\qcesitltssd.exe
uRun: [jokyulbl] c:\documents and settings\computer\local settings\application data\wwirljybb\qbuxhdstssd.exe
uRun: [wqouqlyr] c:\documents and settings\computer\local settings\application data\vlxbpasxh\qxkdgqptssd.exe
uRun: [pikklnip] c:\documents and settings\computer\local settings\application data\hejurlllg\qrfohsltssd.exe
uRun: [lwldtauv] c:\documents and settings\computer\local settings\application data\fqfurdydu\qasipvntssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [uaslckjq] c:\documents and settings\computer\local settings\application data\oeufwypeo\rqptnlwtssd.exe
uRun: [ldvwtjhc] c:\documents and settings\computer\local settings\application data\kekfwipnq\rhrgerctssd.exe
uRun: [cgxilhfn] c:\documents and settings\computer\local settings\application data\febfwrqwr\ryusuxhtssd.exe
uRun: [sjbtegdx] c:\documents and settings\computer\local settings\application data\bfrfwaqgt\rpwfkeltssd.exe
uRun: [qskcgcvg] c:\documents and settings\computer\local settings\application data\mfoewcrix\roepiwbtssd.exe
uRun: [vjygsulj] c:\documents and settings\computer\local settings\application data\pgrdwvscf\rvpxlcytssd.exe
uRun: [fklswboh] c:\documents and settings\computer\local settings\application data\uuycxxgey\runohevtssd.exe
uRun: [omyeairf] c:\documents and settings\computer\local settings\application data\aihbxauhs\rtkedgrtssd.exe
uRun: [qhgttryh] c:\documents and settings\computer\local settings\application data\ovjaxjiqk\rkdvrvetssd.exe
uRun: [qmvqowaq] c:\documents and settings\computer\local settings\application data\ojhyxuwdf\radxeeftssd.exe
uRun: [deauphkh] c:\documents and settings\computer\local settings\application data\hwsyyvkdu\ratdcnmtssd.exe
uRun: [vfcgbtvx] c:\documents and settings\computer\local settings\application data\trbqbegok\rxoscgltssd.exe
uRun: [yofnhsgb] c:\documents and settings\computer\local settings\application data\kvwlcvlin\rkhpbubtssd.exe
uRun: [tdhfqfsh] c:\documents and settings\computer\local settings\application data\hislcmyab\rsvjjxdtssd.exe
uRun: [rwviklng] c:\documents and settings\computer\local settings\application data\ullidkcyw\rxcxehutssd.exe
uRun: [nlwbswam] c:\documents and settings\computer\local settings\application data\sxhidcpqk\rgqqmkwtssd.exe
uRun: [doamlvxw] c:\documents and settings\computer\local settings\application data\nywidlpal\rwsddqctssd.exe
uRun: [rgcdbupy] c:\documents and settings\computer\local settings\application data\vnigehfvn\rdcccxwtssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [ewitgffk] c:\documents and settings\computer\local settings\application data\qtlygmmdf\resrjwktssd.exe
uRun: [vmgajqel] c:\documents and settings\computer\local settings\application data\jcwifutmn\cffmppmtssd.exe
uRun: [mpjlcocw] c:\documents and settings\computer\local settings\application data\fdmifetvo\cwhygvrtssd.exe
uRun: [wtnhfamx] c:\documents and settings\computer\local settings\application data\mwkyhvqqg\cmfbvuutssd.exe
uRun: [imslglvo] c:\documents and settings\computer\local settings\application data\fkvyiweqv\clvguectssd.exe
uRun: [iaodsbyq] c:\documents and settings\computer\local settings\application data\hbrujeuai\chumfdgtssd.exe
uRun: [jokugpcr] c:\documents and settings\computer\local settings\application data\irmrklmjt\cdusocjtssd.exe
uRun: [jyqpwaek] c:\documents and settings\computer\local settings\application data\jtjoliogk\ciuwmsltssd.exe
uRun: [acsbpycv] c:\documents and settings\computer\local settings\application data\etyolrppm\cywidyqtssd.exe
uRun: [fapmwbxl] c:\documents and settings\computer\local settings\application data\kpqenlnnn\cnignjxtssd.exe
uRun: [xvttkcdw] c:\documents and settings\computer\local settings\application data\tlhpafsva\dbidmmmtssd.exe
uRun: [skulsooc] c:\documents and settings\computer\local settings\application data\rxdpawgnn\djvvupptssd.exe
uRun: [oywecbbi] c:\documents and settings\computer\application data\plxpaosfb\drkodsrtssd.exe
uRun: [arbidmky] c:\documents and settings\computer\local settings\application data\iyjpaogfq\drbtbcytssd.exe
uRun: [ugcbmxve] c:\documents and settings\computer\local settings\application data\glepagtwe\dapnjfctssd.exe
uRun: [ljfmewtp] c:\documents and settings\computer\local settings\application data\bmuoaptgg\dqraalgtssd.exe
uRun: [ositkvfs] c:\documents and settings\computer\local settings\application data\qpqkchyai\ddkwyavtssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [ynkskmne] c:\documents and settings\computer\local settings\application data\klimqmevk\frwngswtssd.exe
uRun: [umlconny] c:\documents and settings\computer\local settings\application data\oaivvuvjp\gxkhpaotssd.exe
uRun: [secrmsns] c:\documents and settings\computer\local settings\application data\dvtmxwton\geqfsxltssd.exe
uRun: [fvgvndxj] c:\documents and settings\computer\local settings\application data\wielxwhpc\gdhlqhstssd.exe
uRun: [qnkaooha] c:\documents and settings\computer\local settings\application data\pvplyxuqr\gdxqpqatssd.exe
uRun: [mcmsxbtg] c:\documents and settings\computer\local settings\application data\njllyphhf\glljxtdtssd.exe
uRun: [bgrjhgxd] c:\documents and settings\computer\local settings\application data\aewqcmaoi\iqdwxbjtssd.exe
uRun: [ishaqmgg] c:\documents and settings\computer\local settings\application data\wrjahkqrh\ightsihtssd.exe
uRun: [vqotvlob] c:\documents and settings\computer\application data\arivpjxbs\jfvthaptssd.exe
uRun: [dwuqgikw] c:\documents and settings\computer\local settings\application data\qrpvpbytv\jnaromytssd.exe
uRun: [ymvjpuvd] c:\documents and settings\computer\local settings\application data\ofkvpsllj\jvolwpctssd.exe
uRun: [tbxcxhii] c:\documents and settings\computer\local settings\application data\mrfvpkydx\jedefsetssd.exe
uRun: [ykxvtubw] c:\documents and settings\computer\local settings\application data\qxcprwgrm\jwouffhtssd.exe
uRun: [gqesdrws] c:\documents and settings\computer\local settings\application data\hxiorpgkp\jfstlrrtssd.exe
uRun: [dambgnqb] c:\documents and settings\computer\local settings\application data\tyfosqhmt\jeaeikgtssd.exe
uRun: [yootoacg] c:\documents and settings\computer\local settings\application data\qlansiteh\jmnwqnjtssd.exe
uRun: [khswpkmw] c:\documents and settings\computer\local settings\application data\kylnsihew\jmecpwqtssd.exe
uRun: [gdcwugfo] c:\documents and settings\computer\application data\lhueubrae\jcrjdgbtssd.exe
uRun: [crdpdsru] c:\documents and settings\computer\local settings\application data\itqeusfrr\jkgdljdtssd.exe
uRun: [jxjmnpmq] c:\documents and settings\computer\local settings\application data\yuweukfku\jslbsvntssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [oeyfwdog] c:\documents and settings\computer\local settings\application data\oyaudghod\pvshvnatssd.exe
uRun: [mnhnyyio] c:\documents and settings\computer\local settings\application data\ayvtdhiph\puyrtgptssd.exe
uRun: [enoxawqn] c:\documents and settings\computer\local settings\application data\akvghyvmo\pobxaqgtssd.exe
uRun: [qgejibud] c:\documents and settings\computer\local settings\application data\ciroyxdnj\sedewdhtssd.exe
uRun: [oejjxlrl] c:\documents and settings\computer\local settings\application data\pajjbhuxa\tykueuatssd.exe
uRun: [jtkchxer] c:\documents and settings\computer\local settings\application data\nmfjbyipn\thxnmxctssd.exe
uRun: [fslllydm] c:\documents and settings\computer\local settings\application data\qbesfgbds\tnlhuettssd.exe
uRun: [skfvyrps] c:\documents and settings\computer\local settings\application data\vgwjpxnil\uxaogdgtssd.exe
uRun: [juokfpdw] c:\documents and settings\computer\local settings\application data\mqbhykfex\uihcltytssd.exe
uRun: [lsnkyeqc] c:\documents and settings\computer\local settings\application data\elsybkbgm\upaguhrtssd.exe
uRun: [eqxkklvo] c:\documents and settings\computer\local settings\application data\nykxbdpaf\uxujadjtssd.exe
uRun: [lhjclttd] c:\documents and settings\computer\local settings\application data\fbnucrspy\ulamfgvtssd.exe
uRun: [xyogmedt] c:\documents and settings\computer\local settings\application data\xoyucsgqn\ukqrdpdtssd.exe
uRun: [swvtnbrs] c:\documents and settings\computer\local settings\application data\weqrdgvfr\vyeojjitssd.exe
uRun: [tqhivuvd] c:\documents and settings\computer\application data\yikneycay\vkewgpmtssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [onqrdugf] c:\documents and settings\computer\local settings\application data\ebvfjgfgg\uwaotuttssd.exe
uRun: [trwxkhoc] c:\documents and settings\computer\local settings\application data\oktfrftod\vrkjrbotssd.exe
uRun: [gxwtyhcu] c:\documents and settings\computer\local settings\application data\jnabsnyxf\vnbuajytssd.exe
uRun: [rpbwasll] c:\documents and settings\computer\local settings\application data\cblbsomyt\vmqayshtssd.exe
uRun: [hgywxvue] c:\documents and settings\computer\local settings\application data\riweyhxby\vlyfjcutssd.exe
uRun: [pacyaiyw] c:\documents and settings\computer\local settings\application data\lrpsclkiq\vqdticntssd.exe
uRun: [ihstcagc] c:\documents and settings\computer\local settings\application data\whepdbbyy\wexclohtssd.exe
uRun: [wekhnean] c:\documents and settings\computer\local settings\application data\fknmeiehv\wahdwedtssd.exe
uRun: [prjkurhl] c:\documents and settings\computer\local settings\application data\yfnytwgpq\ribhjyftssd.exe
uRun: [iujicenh] c:\documents and settings\computer\local settings\application data\ihewtbitf\rfvmbdxtssd.exe
uRun: [fwcdgktg] c:\documents and settings\computer\local settings\application data\odtxbxjah\scisdhwtssd.exe
uRun: [eysjyeiq] c:\documents and settings\computer\local settings\application data\kajxjpmbw\sgorhjitssd.exe
uRun: [sdregsjn] c:\documents and settings\computer\local settings\application data\vwhlnxnnm\tiwgyfmtssd.exe
uRun: [fqsbmvww] c:\documents and settings\computer\local settings\application data\qljqbdmjy\uoroakxtssd.exe
uRun: [seethqop] c:\documents and settings\computer\local settings\application data\xmvpbnntf\ufblmjrtssd.exe
uRun: [hqpnckfi] c:\documents and settings\computer\local settings\application data\fmjobxofl\uukiailtssd.exe
uRun: [xyivpoec] c:\documents and settings\computer\local settings\application data\bbxncrdai\ucmwdwrtssd.exe
uRun: [hflfoaij] c:\documents and settings\computer\local settings\application data\gdeldfgow\uqkokhotssd.exe
uRun: [oqhyucfo] c:\documents and settings\computer\local settings\application data\xrjjdjusv\uooodcatssd.exe
uRun: [ovwwphgx] c:\documents and settings\computer\local settings\application data\xghidtjeq\ueoqpkbtssd.exe
uRun: [koomuytn] c:\documents and settings\computer\local settings\application data\whbgewkha\ucdmjvetssd.exe
uRun: [dwfixqbs] c:\documents and settings\computer\local settings\application data\hwpdfmbxj\upxtmhxtssd.exe
uRun: [vafgeeho] c:\documents and settings\computer\local settings\application data\ryfbfqedw\unsaelqtssd.exe
uRun: [irjkfoqf] c:\documents and settings\computer\local settings\application data\kmqbgrqel\umjfduxtssd.exe
uRun: [gatemkph] c:\documents and settings\computer\application data\yfftiwmls\unpyidstssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [rifyfmig] c:\documents and settings\computer\local settings\application data\ywthwxtll\neiijchtssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [oaquakym] c:\documents and settings\computer\local settings\application data\lslsoomkb\lgtsufqtssd.exe
uRun: [xgteyvdt] c:\documents and settings\computer\local settings\application data\qurqpboyq\lurkcpotssd.exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [ditpiblo] c:\documents and settings\computer\local settings\application data\bmodibuvh\nvgaudhtssd.exe
uRun: [uudvrkls] c:\documents and settings\computer\local settings\application data\xobajgxca\nsipjyotssd.exe
uRun: [ihopmeck] c:\documents and settings\computer\local settings\application data\fpnajqymf\nirmwxitssd.exe
uRun: [yynsqsdx] c:\documents and settings\computer\local settings\application data\cgyvlhqfs\nutfwdqtssd.exe
uRun: [wjvbtowf] c:\documents and settings\computer\local settings\application data\ngvuljrhx\nubptvftssd.exe
uRun: [sxxtcajk] c:\documents and settings\computer\local settings\application data\ltqulbfxl\ndpicyhtssd.exe
uRun: [whxnxncy] c:\documents and settings\computer\local settings\application data\qynonnlna\nvbaclltssd.exe
uRun: [ahvamckk] c:\documents and settings\computer\local settings\application data\fbnmninjm\nctsdjytssd.exe
uRun: [qkxlebiu] c:\documents and settings\computer\local settings\application data\abemnrosn\nsvftpdtssd.exe
uRun: [jnyjlnpr] c:\documents and settings\computer\local settings\application data\kdtkovqwc\nqqkktvtssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [fhpyqfcg] c:\documents and settings\computer\local settings\application data\ienioxrak\nofgffatssd.exe
uRun: [qiaxianp] c:\documents and settings\computer\local settings\application data\dtvfpviyq\ntvpbfjtssd.exe
uRun: [jlavpnul] c:\documents and settings\computer\local settings\application data\muldqakee\nrqusjctssd.exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [siede] c:\documents and settings\computer\siede.exe
uRun: [siede ] c:\documents and settings\computer\siede .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [siede ] c:\documents and settings\computer\siede .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [siede ] c:\documents and settings\computer\siede .exe
uRun: [siede ] c:\documents and settings\computer\siede .exe
uRun: [jiqon ] c:\documents and settings\computer\jiqon .exe
uRun: [hiowo ] c:\documents and settings\computer\hiowo .exe
uRun: [siede ] c:\documents and settings\computer\siede .exe
uRun: [siede ] c:\documents and settings\computer\siede .exe
uRun: [siede ] c:\documents and settings\computer\siede .exe
uRun: [faouk] c:\documents and settings\computer\faouk.exe
uRun: [faouk ] c:\documents and settings\computer\faouk .exe
uRun: [faouk ] c:\documents and settings\computer\faouk .exe
uRun: [faouk ] c:\documents and settings\computer\faouk .exe
uRun: [ldvoc] c:\documents and settings\computer\ldvoc.exe
uRun: [vakeg] c:\documents and settings\computer\vakeg.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [uhbik] c:\windows\system32\uhbik.exe \u
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [coF2] c:\windows\system32\umdmgr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Mreha] rundll32.exe "c:\windows\oqeguxavigam.dll",Startup
mRun: [klcfugej] c:\documents and settings\jose\local settings\application data\cnvbkuwko\vpvrmmotssd.exe
mRun: [asam] c:\documents and settings\computer\local settings\application data\asam.exe
mRun: [uymfteio] c:\documents and settings\networkservice\local settings\application data\ojxubsexs\awknyymtssd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sniffer] c:\windows\temp\_ex-08 .exe
mRun: [ujhxnewl] c:\documents and settings\computer\local settings\application data\lojdjclxk\wypsetktssd.exe
mRun: [ahejvgsb] c:\documents and settings\computer\local settings\application data\rkbsmwjvl\xnbpofqtssd.exe
mRun: [vjdhvhnd] c:\documents and settings\computer\local settings\application data\sgjipahdn\xsoyowdtssd.exe
mRun: [fymkmdtc] c:\documents and settings\computer\local settings\application data\ykmerjnot\xmluuxctssd.exe
mRun: [kiupogew] c:\documents and settings\computer\local settings\application data\lyjaetpkw\gikcgsotssd.exe
mRun: [xvgijavo] c:\documents and settings\computer\local settings\application data\sawyfequd\gytytritssd.exe
mRun: [kchexaih] c:\documents and settings\computer\local settings\application data\mddugmvfe\gtkkcattssd.exe
mRun: [vihalbua] c:\documents and settings\computer\local settings\application data\hhjqhuapf\goavkhetssd.exe
mRun: [ppwvosdf] c:\documents and settings\computer\local settings\application data\rwxnikqgo\gcvdotxtssd.exe
mRun: [ekqwewbk] c:\documents and settings\computer\local settings\application data\csydluoun\hyeohyatssd.exe
mRun: [oycmysne] c:\documents and settings\computer\local settings\application data\lptrojomv\htbuvoftssd.exe
mRun: [knkeqgud] c:\documents and settings\computer\local settings\application data\siecinxpf\irsycyftssd.exe
mRun: [rtedgbbu] c:\documents and settings\computer\local settings\application data\nqqayasvd\kxbnffatssd.exe
mRun: [whkmhpst] c:\documents and settings\computer\local settings\application data\ddfcdymuk\reunqqvtssd.exe
mRun: [lniukeow] c:\documents and settings\computer\local settings\application data\mjlvecsax\rgdsbwttssd.exe
mRun: [storubkt] c:\documents and settings\computer\local settings\application data\djrveutsa\roiqhjetssd.exe
mRun: [njpkenvy] c:\documents and settings\computer\local settings\application data\awnvemhko\rwwkpmgtssd.exe
mRun: [emsvvltk] c:\documents and settings\computer\local settings\application data\vwdufuhtp\rnyvgsltssd.exe
mRun: [afklbdgy] c:\documents and settings\computer\local settings\application data\txwtfxiwy\rmmraeptssd.exe
mRun: [fvypnvvd] c:\documents and settings\computer\local settings\application data\wyasfrjqg\rtyaejntssd.exe
mRun: [xieilter] c:\documents and settings\computer\local settings\application data\hdmnhsosk\rwtkteitssd.exe
mRun: [jfykijpr] c:\documents and settings\computer\local settings\application data\bewmheqfu\smkrevrtssd.exe
mRun: [xggupsjl] c:\windows\sxttbtotssd.exe
mRun: [tuinyfvq] c:\documents and settings\computer\local settings\application data\hiahjnvqb\sghnjwqtssd.exe
mRun: [qgbntjih] c:\documents and settings\computer\local settings\application data\nafxkdrej\jdobgtltssd.exe
mRun: [lucgdvum] c:\documents and settings\computer\local settings\application data\lnbxkuevw\jmdtowntssd.exe
mRun: [mtxplale] c:\documents and settings\computer\local settings\application data\sfadprbba\kfbayygtssd.exe
mRun: [ylctmkuu] c:\documents and settings\computer\local settings\application data\lsldqsocp\kfrfwintssd.exe
mRun: [rdxjgnfs] c:\documents and settings\computer\local settings\application data\wkwwrfipo\kxmryljtssd.exe
mRun: [ilqrtqdm] c:\documents and settings\computer\local settings\application data\sylvsywll\kepfbaptssd.exe
mRun: [urrniqqf] c:\documents and settings\computer\local settings\application data\ndrrthbun\kafqjiatssd.exe
mRun: [wwexskaa] c:\documents and settings\computer\local settings\application data\dspounrcu\kvxmwoptssd.exe
mRun: [ybridejt] c:\documents and settings\computer\local settings\application data\riolvtijc\krqijtetssd.exe
mRun: [akxduolm] c:\documents and settings\computer\local settings\application data\sklivqlhs\kxqmhkgtssd.exe
mRun: [qcwgacmy] c:\documents and settings\computer\local settings\application data\pbvexhdyg\kkseipotssd.exe
mRun: [anpmutsp] c:\documents and settings\computer\local settings\application data\vqbbygtyq\koqxcintssd.exe
mRun: [myggeygr] c:\documents and settings\computer\local settings\application data\qiguaamun\lyglwyytssd.exe
mRun: [oijnkwqu] c:\documents and settings\computer\local settings\application data\gmcqcqrnp\llyjvnptssd.exe
mRun: [ocucsruf] c:\documents and settings\computer\local settings\application data\iqvldkwiw\lwyrruttssd.exe
mRun: [iobuqpdu] c:\documents and settings\computer\local settings\application data\suihekclb\latbhootssd.exe
mRun: [ybkbaxdx] c:\documents and settings\computer\local settings\application data\pxvefqfrt\lwvrvlvtssd.exe
mRun: [smrgdurg] c:\documents and settings\computer\application data\dtasiufbb\lbqlsvwtssd.exe
mRun: [nibghqky] c:\documents and settings\computer\local settings\application data\dcjjlnovh\lpeshfhtssd.exe
mRun: [sivfltcu] c:\documents and settings\computer\local settings\application data\hfjgmdsng\ldpfjaitssd.exe
mRun: [vwoknxnh] c:\documents and settings\computer\local settings\application data\wweaogmse\mfiftwytssd.exe
mRun: [monnrlou] c:\documents and settings\computer\local settings\application data\tnpvpwekr\mrkwuchtssd.exe
mRun: [bkfbeqif] c:\documents and settings\computer\local settings\application data\cqysqehso\mntxgrdtssd.exe
mRun: [kvxiyhnv] c:\documents and settings\computer\local settings\application data\iheorcysy\mrqrakctssd.exe
mRun: [htdkbctj] c:\documents and settings\computer\local settings\application data\ijhskalqj\qkcgsngtssd.exe
mRun: [xwgvtbru] c:\documents and settings\computer\local settings\application data\djwskimal\qcesitltssd.exe
mRun: [jokyulbl] c:\documents and settings\computer\local settings\application data\wwirljybb\qbuxhdstssd.exe
mRun: [wqouqlyr] c:\documents and settings\computer\local settings\application data\vlxbpasxh\qxkdgqptssd.exe
mRun: [pikklnip] c:\documents and settings\computer\local settings\application data\hejurlllg\qrfohsltssd.exe
mRun: [lwldtauv] c:\documents and settings\computer\local settings\application data\fqfurdydu\qasipvntssd.exe
mRun: [uaslckjq] c:\documents and settings\computer\local settings\application data\oeufwypeo\rqptnlwtssd.exe
mRun: [ldvwtjhc] c:\documents and settings\computer\local settings\application data\kekfwipnq\rhrgerctssd.exe
mRun: [cgxilhfn] c:\documents and settings\computer\local settings\application data\febfwrqwr\ryusuxhtssd.exe
mRun: [sjbtegdx] c:\documents and settings\computer\local settings\application data\bfrfwaqgt\rpwfkeltssd.exe
mRun: [qskcgcvg] c:\documents and settings\computer\local settings\application data\mfoewcrix\roepiwbtssd.exe
mRun: [vjygsulj] c:\documents and settings\computer\local settings\application data\pgrdwvscf\rvpxlcytssd.exe
mRun: [fklswboh] c:\documents and settings\computer\local settings\application data\uuycxxgey\runohevtssd.exe
mRun: [omyeairf] c:\documents and settings\computer\local settings\application data\aihbxauhs\rtkedgrtssd.exe
mRun: [qhgttryh] c:\documents and settings\computer\local settings\application data\ovjaxjiqk\rkdvrvetssd.exe
mRun: [qmvqowaq] c:\documents and settings\computer\local settings\application data\ojhyxuwdf\radxeeftssd.exe
mRun: [deauphkh] c:\documents and settings\computer\local settings\application data\hwsyyvkdu\ratdcnmtssd.exe
mRun: [vfcgbtvx] c:\documents and settings\computer\local settings\application data\trbqbegok\rxoscgltssd.exe
mRun: [yofnhsgb] c:\documents and settings\computer\local settings\application data\kvwlcvlin\rkhpbubtssd.exe
mRun: [tdhfqfsh] c:\documents and settings\computer\local settings\application data\hislcmyab\rsvjjxdtssd.exe
mRun: [rwviklng] c:\documents and settings\computer\local settings\application data\ullidkcyw\rxcxehutssd.exe
mRun: [nlwbswam] c:\documents and settings\computer\local settings\application data\sxhidcpqk\rgqqmkwtssd.exe
mRun: [doamlvxw] c:\documents and settings\computer\local settings\application data\nywidlpal\rwsddqctssd.exe
mRun: [rgcdbupy] c:\documents and settings\computer\local settings\application data\vnigehfvn\rdcccxwtssd.exe
mRun: [ewitgffk] c:\documents and settings\computer\local settings\application data\qtlygmmdf\resrjwktssd.exe
mRun: [vmgajqel] c:\documents and settings\computer\local settings\application data\jcwifutmn\cffmppmtssd.exe
mRun: [mpjlcocw] c:\documents and settings\computer\local settings\application data\fdmifetvo\cwhygvrtssd.exe
mRun: [wtnhfamx] c:\documents and settings\computer\local settings\application data\mwkyhvqqg\cmfbvuutssd.exe
mRun: [imslglvo] c:\documents and settings\computer\local settings\application data\fkvyiweqv\clvguectssd.exe
mRun: [iaodsbyq] c:\documents and settings\computer\local settings\application data\hbrujeuai\chumfdgtssd.exe
mRun: [jokugpcr] c:\documents and settings\computer\local settings\application data\irmrklmjt\cdusocjtssd.exe
mRun: [jyqpwaek] c:\documents and settings\computer\local settings\application data\jtjoliogk\ciuwmsltssd.exe
mRun: [acsbpycv] c:\documents and settings\computer\local settings\application data\etyolrppm\cywidyqtssd.exe
mRun: [fapmwbxl] c:\documents and settings\computer\local settings\application data\kpqenlnnn\cnignjxtssd.exe
mRun: [xvttkcdw] c:\documents and settings\computer\local settings\application data\tlhpafsva\dbidmmmtssd.exe
mRun: [skulsooc] c:\documents and settings\computer\local settings\application data\rxdpawgnn\djvvupptssd.exe
mRun: [oywecbbi] c:\documents and settings\computer\application data\plxpaosfb\drkodsrtssd.exe
mRun: [arbidmky] c:\documents and settings\computer\local settings\application data\iyjpaogfq\drbtbcytssd.exe
mRun: [ugcbmxve] c:\documents and settings\computer\local settings\application data\glepagtwe\dapnjfctssd.exe
mRun: [ljfmewtp] c:\documents and settings\computer\local settings\application data\bmuoaptgg\dqraalgtssd.exe
mRun: [ositkvfs] c:\documents and settings\computer\local settings\application data\qpqkchyai\ddkwyavtssd.exe
mRun: [ynkskmne] c:\documents and settings\computer\local settings\application data\klimqmevk\frwngswtssd.exe
mRun: [umlconny] c:\documents and settings\computer\local settings\application data\oaivvuvjp\gxkhpaotssd.exe
mRun: [secrmsns] c:\documents and settings\computer\local settings\application data\dvtmxwton\geqfsxltssd.exe
mRun: [fvgvndxj] c:\documents and settings\computer\local settings\application data\wielxwhpc\gdhlqhstssd.exe
mRun: [qnkaooha] c:\documents and settings\computer\local settings\application data\pvplyxuqr\gdxqpqatssd.exe
mRun: [mcmsxbtg] c:\documents and settings\computer\local settings\application data\njllyphhf\glljxtdtssd.exe
mRun: [bgrjhgxd] c:\documents and settings\computer\local settings\application data\aewqcmaoi\iqdwxbjtssd.exe
mRun: [ishaqmgg] c:\documents and settings\computer\local settings\application data\wrjahkqrh\ightsihtssd.exe
mRun: [vqotvlob] c:\documents and settings\computer\application data\arivpjxbs\jfvthaptssd.exe
mRun: [dwuqgikw] c:\documents and settings\computer\local settings\application data\qrpvpbytv\jnaromytssd.exe
mRun: [ymvjpuvd] c:\documents and settings\computer\local settings\application data\ofkvpsllj\jvolwpctssd.exe
mRun: [tbxcxhii] c:\documents and settings\computer\local settings\application data\mrfvpkydx\jedefsetssd.exe
mRun: [ykxvtubw] c:\documents and settings\computer\local settings\application data\qxcprwgrm\jwouffhtssd.exe
mRun: [gqesdrws] c:\documents and settings\computer\local settings\application data\hxiorpgkp\jfstlrrtssd.exe
mRun: [dambgnqb] c:\documents and settings\computer\local settings\application data\tyfosqhmt\jeaeikgtssd.exe
mRun: [yootoacg] c:\documents and settings\computer\local settings\application data\qlansiteh\jmnwqnjtssd.exe
mRun: [khswpkmw] c:\documents and settings\computer\local settings\application data\kylnsihew\jmecpwqtssd.exe
mRun: [gdcwugfo] c:\documents and settings\computer\application data\lhueubrae\jcrjdgbtssd.exe
mRun: [crdpdsru] c:\documents and settings\computer\local settings\application data\itqeusfrr\jkgdljdtssd.exe
mRun: [jxjmnpmq] c:\documents and settings\computer\local settings\application data\yuweukfku\jslbsvntssd.exe
mRun: [oeyfwdog] c:\documents and settings\computer\local settings\application data\oyaudghod\pvshvnatssd.exe
mRun: [mnhnyyio] c:\documents and settings\computer\local settings\application data\ayvtdhiph\puyrtgptssd.exe
mRun: [enoxawqn] c:\documents and settings\computer\local settings\application data\akvghyvmo\pobxaqgtssd.exe
mRun: [qgejibud] c:\documents and settings\computer\local settings\application data\ciroyxdnj\sedewdhtssd.exe
mRun: [oejjxlrl] c:\documents and settings\computer\local settings\application data\pajjbhuxa\tykueuatssd.exe
mRun: [jtkchxer] c:\documents and settings\computer\local settings\application data\nmfjbyipn\thxnmxctssd.exe
mRun: [fslllydm] c:\documents and settings\computer\local settings\application data\qbesfgbds\tnlhuettssd.exe
mRun: [skfvyrps] c:\documents and settings\computer\local settings\application data\vgwjpxnil\uxaogdgtssd.exe
mRun: [juokfpdw] c:\documents and settings\computer\local settings\application data\mqbhykfex\uihcltytssd.exe
mRun: [lsnkyeqc] c:\documents and settings\computer\local settings\application data\elsybkbgm\upaguhrtssd.exe
mRun: [eqxkklvo] c:\documents and settings\computer\local settings\application data\nykxbdpaf\uxujadjtssd.exe
mRun: [lhjclttd] c:\documents and settings\computer\local settings\application data\fbnucrspy\ulamfgvtssd.exe
mRun: [xyogmedt] c:\documents and settings\computer\local settings\application data\xoyucsgqn\ukqrdpdtssd.exe
mRun: [swvtnbrs] c:\documents and settings\computer\local settings\application data\weqrdgvfr\vyeojjitssd.exe
mRun: [tqhivuvd] c:\documents and settings\computer\application data\yikneycay\vkewgpmtssd.exe
mRun: [onqrdugf] c:\documents and settings\computer\local settings\application data\ebvfjgfgg\uwaotuttssd.exe
mRun: [trwxkhoc] c:\documents and settings\computer\local settings\application data\oktfrftod\vrkjrbotssd.exe
mRun: [gxwtyhcu] c:\documents and settings\computer\local settings\application data\jnabsnyxf\vnbuajytssd.exe
mRun: [rpbwasll] c:\documents and settings\computer\local settings\application data\cblbsomyt\vmqayshtssd.exe
mRun: [hgywxvue] c:\documents and settings\computer\local settings\application data\riweyhxby\vlyfjcutssd.exe
mRun: [pacyaiyw] c:\documents and settings\computer\local settings\application data\lrpsclkiq\vqdticntssd.exe
mRun: [ihstcagc] c:\documents and settings\computer\local settings\application data\whepdbbyy\wexclohtssd.exe
mRun: [wekhnean] c:\documents and settings\computer\local settings\application data\fknmeiehv\wahdwedtssd.exe
mRun: [prjkurhl] c:\documents and settings\computer\local settings\application data\yfnytwgpq\ribhjyftssd.exe
mRun: [iujicenh] c:\documents and settings\computer\local settings\application data\ihewtbitf\rfvmbdxtssd.exe
mRun: [fwcdgktg] c:\documents and settings\computer\local settings\application data\odtxbxjah\scisdhwtssd.exe
mRun: [eysjyeiq] c:\documents and settings\computer\local settings\application data\kajxjpmbw\sgorhjitssd.exe
mRun: [sdregsjn] c:\documents and settings\computer\local settings\application data\vwhlnxnnm\tiwgyfmtssd.exe
mRun: [fqsbmvww] c:\documents and settings\computer\local settings\application data\qljqbdmjy\uoroakxtssd.exe
mRun: [seethqop] c:\documents and settings\computer\local settings\application data\xmvpbnntf\ufblmjrtssd.exe
mRun: [hqpnckfi] c:\documents and settings\computer\local settings\application data\fmjobxofl\uukiailtssd.exe
mRun: [xyivpoec] c:\documents and settings\computer\local settings\application data\bbxncrdai\ucmwdwrtssd.exe
mRun: [hflfoaij] c:\documents and settings\computer\local settings\application data\gdeldfgow\uqkokhotssd.exe
mRun: [oqhyucfo] c:\documents and settings\computer\local settings\application data\xrjjdjusv\uooodcatssd.exe
mRun: [ovwwphgx] c:\documents and settings\computer\local settings\application data\xghidtjeq\ueoqpkbtssd.exe
mRun: [koomuytn] c:\documents and settings\computer\local settings\application data\whbgewkha\ucdmjvetssd.exe
mRun: [dwfixqbs] c:\documents and settings\computer\local settings\application data\hwpdfmbxj\upxtmhxtssd.exe
mRun: [vafgeeho] c:\documents and settings\computer\local settings\application data\ryfbfqedw\unsaelqtssd.exe
mRun: [irjkfoqf] c:\documents and settings\computer\local settings\application data\kmqbgrqel\umjfduxtssd.exe
mRun: [gatemkph] c:\documents and settings\computer\application data\yfftiwmls\unpyidstssd.exe
mRun: [rifyfmig] c:\documents and settings\computer\local settings\application data\ywthwxtll\neiijchtssd.exe
mRun: [oaquakym] c:\documents and settings\computer\local settings\application data\lslsoomkb\lgtsufqtssd.exe
mRun: [xgteyvdt] c:\documents and settings\computer\local settings\application data\qurqpboyq\lurkcpotssd.exe
mRun: [ditpiblo] c:\documents and settings\computer\local settings\application data\bmodibuvh\nvgaudhtssd.exe
mRun: [uudvrkls] c:\documents and settings\computer\local settings\application data\xobajgxca\nsipjyotssd.exe
mRun: [ihopmeck] c:\documents and settings\computer\local settings\application data\fpnajqymf\nirmwxitssd.exe
mRun: [yynsqsdx] c:\documents and settings\computer\local settings\application data\cgyvlhqfs\nutfwdqtssd.exe
mRun: [wjvbtowf] c:\documents and settings\computer\local settings\application data\ngvuljrhx\nubptvftssd.exe
mRun: [sxxtcajk] c:\documents and settings\computer\local settings\application data\ltqulbfxl\ndpicyhtssd.exe
mRun: [whxnxncy] c:\documents and settings\computer\local settings\application data\qynonnlna\nvbaclltssd.exe
mRun: [ahvamckk] c:\documents and settings\computer\local settings\application data\fbnmninjm\nctsdjytssd.exe
mRun: [qkxlebiu] c:\documents and settings\computer\local settings\application data\abemnrosn\nsvftpdtssd.exe
mRun: [jnyjlnpr] c:\documents and settings\computer\local settings\application data\kdtkovqwc\nqqkktvtssd.exe
mRun: [fhpyqfcg] c:\documents and settings\computer\local settings\application data\ienioxrak\nofgffatssd.exe
mRun: [qiaxianp] c:\documents and settings\computer\local settings\application data\dtvfpviyq\ntvpbfjtssd.exe
mRun: [jlavpnul] c:\documents and settings\computer\local settings\application data\muldqakee\nrqusjctssd.exe
dRun: [uymfteio] c:\documents and settings\networkservice\local settings\application data\ojxubsexs\awknyymtssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\computer\applic~1\mozilla\firefox\profiles\uhocs9qk.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: XULRunner: {4F16AA05-74BF-4EB9-8537-8A54EAD076AF} - c:\documents and settings\computer\local settings\application data\{4F16AA05-74BF-4EB9-8537-8A54EAD076AF}
FF - HiddenExtension: XULRunner: {ADA23EEB-E1DD-42FC-815A-F0B8A209CD9B} - c:\documents and settings\test\local settings\application data\{ada23eeb-e1dd-42fc-815a-f0b8a209cd9b}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [2008-11-6 37120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-23 135664]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-7-17 50704]
S3 xboxdrv;xboxdrv;c:\windows\system32\xboxdrv.sys [2010-6-18 2304]

=============== Created Last 30 ================

2010-08-17 21:17:47 20 ----a-w- c:\documents and settings\computer\defogger_reenable
2010-08-17 06:57:11 35848 --sha-r- c:\docume~1\alluse~1\applic~1\L3rbd.exe
2010-08-17 06:00:39 72706 ----a-w- c:\docume~1\alluse~1\applic~1\7lgw65up.exe
2010-08-17 06:00:12 112 ----a-w- c:\docume~1\alluse~1\applic~1\H7mAf4TXy.dat
2010-08-12 00:15:36 0 ----a-w- c:\windows\Nhojebicitaqu.dat
2010-08-10 17:11:38 54016 ----a-w- c:\windows\system32\drivers\moirmqft.sys
2010-08-10 00:05:10 7680 --sha-w- c:\windows\Thumbs.db
2010-08-09 23:42:40 99 ----a-w- c:\documents and settings\computer\jagex_runescape_preferences2.dat
2010-08-09 03:22:16 0 d-----w- c:\program files\SwiftKit
2010-08-02 00:11:54 2770 ----a-w- c:\windows\exilidarex.dll
2010-08-01 19:20:17 0 d-----w- c:\docume~1\computer\applic~1\Malwarebytes
2010-07-25 19:52:41 0 d-----w- c:\documents and settings\computer\Incomplete
2010-07-25 17:06:51 35848 --sha-r- c:\windows\system32\L3rbd.com
2010-07-22 19:09:34 0 d-----w- c:\documents and settings\computer\Shared
2010-07-22 19:07:04 0 d-----w- c:\docume~1\computer\applic~1\LimeWire

==================== Find3M ====================

2010-07-21 00:45:55 35848 --sha-r- c:\windows\fonts\L3rbd.com
2010-07-17 20:31:30 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-07-17 20:31:29 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-07-17 20:31:29 100880 ----a-w- c:\windows\system32\Packet.dll
2010-07-16 02:49:27 122880 ----a-w- c:\windows\system32\iBhmF8F1.dll
2010-06-22 17:28:57 45056 ----a-w- c:\windows\system32\pIotM8M1.dll
2010-06-18 19:00:07 2304 ----a-w- c:\windows\system32\xboxdrv.sys
2010-05-30 17:27:45 17812 ----a-w- c:\windows\War3Unin.dat
2010-05-30 17:26:28 2829 ----a-w- c:\windows\War3Unin.pif
2010-05-30 17:26:28 126976 ----a-w- c:\windows\War3Unin.exe

============= FINISH: 14:43:54.39 ===============








UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/4/2008 1:57:32 PM
System Uptime: 8/17/2010 2:32:16 PM (0 hours ago)

Motherboard: | | Wolfdale1333-D667.
Processor: Intel® Celeron® CPU 2.66GHz | CPUSocket | 2659/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 93 GiB total, 52.295 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP590: 8/25/2010 11:48:24 AM - System Checkpoint
RP591: 8/26/2010 11:49:37 AM - System Checkpoint
RP592: 8/27/2010 11:58:55 AM - System Checkpoint
RP593: 4/28/2010 6:58:02 PM - System Checkpoint
RP594: 4/29/2010 11:16:04 PM - System Checkpoint
RP595: 5/1/2010 12:08:58 AM - System Checkpoint
RP596: 5/2/2010 12:32:46 AM - System Checkpoint
RP597: 5/3/2010 1:22:10 AM - System Checkpoint
RP598: 5/4/2010 2:14:48 AM - System Checkpoint
RP599: 5/5/2010 3:14:13 AM - System Checkpoint
RP600: 5/6/2010 4:14:11 AM - System Checkpoint
RP601: 5/7/2010 5:18:51 AM - System Checkpoint
RP602: 5/8/2010 6:18:33 AM - System Checkpoint
RP603: 5/9/2010 6:59:43 AM - System Checkpoint
RP604: 5/10/2010 7:04:15 AM - System Checkpoint
RP605: 5/11/2010 7:26:50 AM - System Checkpoint
RP606: 5/12/2010 3:00:53 AM - Software Distribution Service 3.0
RP607: 5/13/2010 3:04:21 AM - System Checkpoint
RP608: 5/14/2010 4:04:20 AM - System Checkpoint
RP609: 5/15/2010 5:05:27 AM - System Checkpoint
RP610: 5/16/2010 6:04:21 AM - System Checkpoint
RP611: 5/17/2010 7:24:24 AM - System Checkpoint
RP612: 5/18/2010 7:28:02 AM - System Checkpoint
RP613: 5/19/2010 8:23:36 AM - System Checkpoint
RP614: 5/20/2010 8:39:24 AM - System Checkpoint
RP615: 5/21/2010 9:14:09 AM - System Checkpoint
RP616: 5/22/2010 9:18:58 AM - System Checkpoint
RP617: 5/23/2010 11:36:31 PM - System Checkpoint
RP618: 5/24/2010 11:37:22 PM - System Checkpoint
RP619: 5/26/2010 12:46:11 AM - System Checkpoint
RP620: 5/26/2010 3:00:36 AM - Software Distribution Service 3.0
RP621: 5/26/2010 1:46:09 PM - Installed Adobe Reader 9.3.
RP622: 5/27/2010 7:31:56 PM - SPTD setup V1.62
RP623: 5/29/2010 12:03:13 AM - System Checkpoint
RP624: 5/30/2010 12:59:56 AM - System Checkpoint
RP625: 5/31/2010 1:12:33 AM - System Checkpoint
RP626: 6/1/2010 1:30:01 AM - System Checkpoint
RP627: 6/2/2010 2:28:29 AM - System Checkpoint
RP628: 6/3/2010 3:28:28 AM - System Checkpoint
RP629: 6/4/2010 4:27:17 AM - System Checkpoint
RP630: 6/5/2010 5:26:10 AM - System Checkpoint
RP631: 6/6/2010 6:26:20 AM - System Checkpoint
RP632: 6/7/2010 6:59:13 AM - System Checkpoint
RP633: 6/8/2010 7:26:27 AM - System Checkpoint
RP634: 6/9/2010 8:32:16 AM - System Checkpoint
RP635: 6/10/2010 3:01:20 AM - Software Distribution Service 3.0
RP636: 6/11/2010 3:15:36 AM - System Checkpoint
RP637: 6/12/2010 3:38:16 AM - System Checkpoint
RP638: 6/13/2010 4:38:24 AM - System Checkpoint
RP639: 6/14/2010 5:38:24 AM - System Checkpoint
RP640: 6/15/2010 5:40:22 AM - System Checkpoint
RP641: 6/16/2010 7:26:20 AM - System Checkpoint
RP642: 6/17/2010 7:40:21 AM - System Checkpoint
RP643: 6/18/2010 8:58:55 AM - System Checkpoint
RP644: 6/19/2010 10:38:23 AM - System Checkpoint

==== Installed Programs ======================

1400
1400_Help
1400Trb
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
BufferChm
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
eSupportQFolder
Fax
Game Vindicator
GameSpy Arcade
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
Halo 2 for Windows Vista
Halo Combat Evolved
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java DB 10.4.1.3
Java™ 6 Update 19
Java™ 6 Update 3
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 11
LimeWire PRO 4.14.8
LIVE gaming on Windows Runtime Version 1.0.6027
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.6.8)
MSN
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
NewCopy
NVIDIA Drivers
OpenOffice.org 2.3
ProductContext
QuickTime
Readme
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Soft Data Fax Modem with SmartCP
SolutionCenter
Spy Sweeper Core
Status
SwiftKit
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VoiceOver Kit
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/17/2010 9:58:54 AM, error: DCOM [10000] - Unable to start a DCOM Server: {3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}. The error: "%2" Happened while starting this command: "C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe" -Embedding
8/17/2010 9:57:00 AM, error: Schedule [7901] - The At250.job command failed to start due to the following error: %%2147942402
8/17/2010 9:47:45 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
8/17/2010 8:57:04 AM, error: Schedule [7901] - The At249.job command failed to start due to the following error: %%2147942402
8/17/2010 7:57:00 AM, error: Schedule [7901] - The At248.job command failed to start due to the following error: %%2147942402
8/17/2010 7:00:55 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
8/17/2010 7:00:55 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/17/2010 6:57:00 AM, error: Schedule [7901] - The At247.job command failed to start due to the following error: %%2147942402
8/17/2010 5:57:01 AM, error: Schedule [7901] - The At246.job command failed to start due to the following error: %%2147942402
8/17/2010 2:37:00 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
8/17/2010 2:34:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
8/17/2010 2:34:28 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the path specified.
8/17/2010 2:33:59 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/17/2010 2:33:59 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/17/2010 12:57:01 PM, error: Schedule [7901] - The At253.job command failed to start due to the following error: %%2147942402
8/17/2010 11:57:00 AM, error: Schedule [7901] - The At252.job command failed to start due to the following error: %%2147942402
8/17/2010 10:57:00 AM, error: Schedule [7901] - The At251.job command failed to start due to the following error: %%2147942402
8/17/2010 10:01:14 AM, error: DCOM [10000] - Unable to start a DCOM Server: {31371420-098D-4C0E-A11E-EBEC2305DD01}. The error: "%2" Happened while starting this command: "C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe" -Embedding
8/17/2010 1:57:00 PM, error: Schedule [7901] - The At254.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================





RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6C48000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1052672 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF6A7B000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF075000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF69CB000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 720896 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF75CF000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA4E3E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6936000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xA7A7F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA4C53000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA4657000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6B78000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 233472 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 212992 bytes (Intel Corporation, Component GHAL Driver)
0xF7748000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7709000 ssidrv.sys 188416 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0xF76DC000 C:\WINDOWS\system32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA4D22000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA3EA0000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA7A0A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA7A57000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6BD4000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xA3ECB000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6BB1000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6BF8000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA7A35000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 135168 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA4EAD000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7685000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF76BD000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF75B4000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF6C1B000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 102400 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF76A5000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF765C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF69A0000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA4AFE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF69B7000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6C34000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA7AD7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7673000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7737000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF698F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA57D9000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF79E7000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF79C7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7837000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA538000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xAA4E8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7A07000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF79D7000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7847000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF77D7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7867000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF79F7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF77C7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7857000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF77B7000 ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xF79B7000 C:\WINDOWS\system32\drivers\ES1370MP.sys 40960 bytes (Creative Technology Ltd., Sound Blaster PCI WDM Audio Miniport)
0xF6D89000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7887000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF77E7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA604E000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF79A7000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA97E2000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF7797000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7877000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xAA4B8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA400E000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7807000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77A7000 sshrmd.sys 36864 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0xA605E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7AB7000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xA9F2F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7ABF000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7A1F000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7AAF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7AD7000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7AC7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7ACF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xA9F3F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA9F4F000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xA9F37000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7A27000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7ADF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7AE7000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7A17000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7AA7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7A4F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA4D96000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7C87000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7C33000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7C73000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7BA7000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA5BA9000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7C6F000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF7C7B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAA2A6000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D4F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D4D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7C97000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D51000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D45000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D53000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7CDD000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D4B000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7C99000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7DC7000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7E13000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA88AF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7D5F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x86CC82C8 unknown_irp_handler 3384 bytes
0x86D502C8 unknown_irp_handler 3384 bytes
0x86D15460 unknown_irp_handler 2976 bytes
0x86D22558 unknown_irp_handler 2728 bytes
0x86D51558 unknown_irp_handler 2728 bytes
0x86CC9600 unknown_irp_handler 2560 bytes
0x86CB4638 unknown_irp_handler 2504 bytes
0x86D4A6D8 unknown_irp_handler 2344 bytes
0x86D50760 unknown_irp_handler 2208 bytes
0x86D39830 unknown_irp_handler 2000 bytes
0x86CC5860 unknown_irp_handler 1952 bytes
0x86C8E8A8 unknown_irp_handler 1880 bytes
0x86D229F0 unknown_irp_handler 1552 bytes
0x86D339F0 unknown_irp_handler 1552 bytes
0x86D519F0 unknown_irp_handler 1552 bytes
0x86D3AA60 unknown_irp_handler 1440 bytes
0x86D36AC0 unknown_irp_handler 1344 bytes
!!!!!!!!!!!Hidden driver: 0x872F6AEA ?_empty_? 1302 bytes
0x86D4CC00 unknown_irp_handler 1024 bytes
0x86CA4C08 unknown_irp_handler 1016 bytes
0x86C9DC08 unknown_irp_handler 1016 bytes
0x86C8FC08 unknown_irp_handler 1016 bytes
0x86C8EC08 unknown_irp_handler 1016 bytes
0x86D34CF0 unknown_irp_handler 784 bytes
0x86CC7CF0 unknown_irp_handler 784 bytes
0x86D39CF0 unknown_irp_handler 784 bytes
0x86CC5CF0 unknown_irp_handler 784 bytes
0x86D4BCF0 unknown_irp_handler 784 bytes
!!!!!!!!!!!Hidden driver: 0x873C8D30 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF76A5000 WARNING: suspicious driver modification [atapi.sys::0x872F6AEA]
0xA79E759F Unknown page with executable code, 2657 bytes
0xA79E8464 Unknown page with executable code, 2972 bytes
0x10000000 Hidden Image-->PRAGMAc.dll [ EPROCESS 0x86CB8DA0 ] PID: 1036, 86016 bytes






MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7C97000 \WINDOWS\system32\KDCOM.DLL
0xF7BA7000 \WINDOWS\system32\BOOTVID.dll
0xF7748000 ACPI.sys
0xF7C99000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7737000 pci.sys
0xF7797000 isapnp.sys
0xF77A7000 sshrmd.sys
0xF77B7000 ssfs0bbc.sys
0xF7709000 ssidrv.sys
0xF76DC000 \WINDOWS\system32\DRIVERS\NDIS.SYS
0xF7A17000 \WINDOWS\system32\DRIVERS\TDI.SYS
0xF7D5F000 pciide.sys
0xF7A1F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF77C7000 MountMgr.sys
0xF76BD000 ftdisk.sys
0xF7A27000 PartMgr.sys
0xF77D7000 VolSnap.sys
0xF76A5000 atapi.sys
0xF77E7000 disk.sys
0xF77F7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7685000 fltMgr.sys
0xF7673000 sr.sys
0xF7807000 PxHelp20.sys
0xF765C000 KSecDD.sys
0xF75CF000 Ntfs.sys
0xF75B4000 Mup.sys
0xF79A7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6C48000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6C34000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6C1B000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF7AA7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6BF8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7AAF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79B7000 \SystemRoot\system32\drivers\ES1370MP.sys
0xF6BD4000 \SystemRoot\system32\drivers\portcls.sys
0xF79C7000 \SystemRoot\system32\drivers\drmk.sys
0xF6BB1000 \SystemRoot\system32\drivers\ks.sys
0xF6B78000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF6A7B000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF69CB000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7AB7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7ABF000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF69B7000 \SystemRoot\system32\DRIVERS\parport.sys
0xF79D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7AC7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7ACF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79E7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7C73000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF79F7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A07000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7837000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7AD7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7DC7000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7847000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7C7B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF69A0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7857000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7867000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF698F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7877000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7ADF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7AE7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7887000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7CDD000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6936000 \SystemRoot\system32\DRIVERS\update.sys
0xF7C87000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6D89000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA4E8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7D4B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7C6F000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xA9F4F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7D4D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA88AF000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D4F000 \SystemRoot\System32\Drivers\Beep.SYS
0xA9F3F000 \SystemRoot\System32\drivers\vga.sys
0xF7D51000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D53000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA9F37000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA9F2F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAA2A6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA7AD7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA7A7F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA7A57000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA7A35000 \SystemRoot\System32\drivers\afd.sys
0xAA4B8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA7A0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA4EAD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA605E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA4E3E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA604E000 \SystemRoot\System32\Drivers\Fips.SYS
0xA57D9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA5BA9000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7A4F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E13000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7C33000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA4D22000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7D45000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA97E2000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA4D96000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA4C53000 \SystemRoot\system32\DRIVERS\srv.sys
0xA4AFE000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA538000 \SystemRoot\system32\drivers\sysaudio.sys
0xA4657000 \SystemRoot\System32\Drivers\HTTP.sys
0xA3ECB000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA3EA0000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 106):
0 System Idle Process
4 System
544 C:\WINDOWS\system32\smss.exe
616 csrss.exe
640 C:\WINDOWS\system32\winlogon.exe
688 C:\WINDOWS\system32\services.exe
700 C:\WINDOWS\system32\lsass.exe
856 C:\WINDOWS\system32\svchost.exe
928 svchost.exe
1036 C:\WINDOWS\system32\svchost.exe
1124 svchost.exe
1288 svchost.exe
1380 C:\WINDOWS\system32\spoolsv.exe
1596 svchost.exe
1740 C:\Program Files\Java\jre6\bin\jqs.exe
1772 C:\Program Files\Google\Update\GoogleUpdate.exe
1988 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
188 C:\WINDOWS\system32\svchost.exe
292 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1256 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1240 C:\WINDOWS\explorer.exe
1716 alg.exe
2392 C:\WINDOWS\system32\hkcmd.exe
2400 C:\WINDOWS\system32\igfxpers.exe
2732 C:\Program Files\iTunes\iTunesHelper.exe
2960 C:\WINDOWS\system32\ctfmon.exe
2984 C:\WINDOWS\system32\rundll32.exe
3036 C:\WINDOWS\system32\umdmgr.exe
3160 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3888 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
1684 C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
2436 C:\WINDOWS\system32\ctfmon.exe
2964 C:\Program Files\iPod\bin\iPodService.exe
3600 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
3940 C:\Program Files\Mozilla Firefox\firefox.exe
3972 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
760 C:\Program Files\Mozilla Firefox\plugin-container.exe
2932 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3108 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
3704 C:\Documents and Settings\All Users\Application Data\L3rbd.exe
2944 C:\Documents and Settings\computer\Local Settings\Application Data\L3rbd.exe
2816 C:\Documents and Settings\All Users\Application Data\L3rbd.exe
496 C:\Documents and Settings\test\Local Settings\Application Data\L3rbd.exe
3520 C:\Documents and Settings\All Users\Application Data\L3rbd.exe
3492 C:\Documents and Settings\All Users\Application Data\L3rbd.exe
144 C:\Documents and Settings\computer\Local Settings\Application Data\L3rbd.exe
1508 C:\Documents and Settings\All Users\Application Data\L3rbd.exe
2728 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2284 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3024 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2776 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2952 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3624 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3688 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2936 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
1140 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2672 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2604 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2584 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2564 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
1916 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
1652 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2860 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
4052 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
148 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
1052 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
256 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
248 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2288 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
864 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3516 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
1004 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2172 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
824 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2772 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2224 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
1436 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2200 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
1364 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
480 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2276 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3584 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3380 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2404 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3428 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
120 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2600 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2164 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3792 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
984 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2916 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3176 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3756 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
1196 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3064 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
2848 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
400 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
1184 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
564 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
3208 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
4912 SCServer.exe
5752 <unknown>
5760 C:\Documents and Settings\computer\My Documents\Downloads\MBRCheck.exe
5916 C:\Program Files\Internet Explorer\iexplore.exe
3400 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe
1160 C:\Documents and Settings\All Users\Application Data\7lgw65up.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (1381)


Done!


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 AM

Posted 17 August 2010 - 05:21 PM

Greetings

One or more of the identified infections is Known as a Backdoor Trojan. - TDSS rootkit <--please read

What this virus does do.
QUOTE
Functionality
The functionality that the Trojan exhibits implies that it has been designed with profit-making as its primary objective. Making money from the Web typically involves generating Web traffic, installing pay-per-install software and also by generating sales leads for other Web sites and services of a dubious nature. It tries to achieve its objective by employing an array of techniques to try and make the user participate in these income-generating activities.


What the virus can do.
QUOTE
Backdoor.Tidserv is a Trojan horse that uses an advanced rootkit to hide itself. It also displays advertisements, redirects user search results, and opens a back door on the compromised computer.


This "could" allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can clean this machine but I cannot guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tehfuzzle

tehfuzzle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 19 August 2010 - 11:11 PM

For some reason combofix keeps telling me that I have Norton 360 enabled should I continue because I'm pretty sure I deleted it because I can't find it anywhere.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 AM

Posted 19 August 2010 - 11:12 PM

ok then procede please

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tehfuzzle

tehfuzzle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 19 August 2010 - 11:21 PM

Is there a newer version of Combofix? Because its telling me to update so should I click yes?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 AM

Posted 19 August 2010 - 11:25 PM

go ahead and update it is always being updated


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tehfuzzle

tehfuzzle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 20 August 2010 - 05:40 PM

ehh its not letting me post the combofix log because its too big.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 AM

Posted 20 August 2010 - 06:00 PM

attach it or upload it to mediafire and send me the link


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tehfuzzle

tehfuzzle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 20 August 2010 - 07:46 PM

Here ya go

Attached File  combofix.txt   280.41KB   5 downloads

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 AM

Posted 20 August 2010 - 10:45 PM

Hello

That is one ugly looking log, we are going to have to do this in parts.

:multiple Anti Virus programs:
    It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

    BitDefender Antivirus
    Norton 360


    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    Please remove one of them. Very important!!

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
Folder::
c:\documents and settings\test\Local Settings\Application Data\{ADA23EEB-E1DD-42FC-815A-F0B8A209CD9B}
c:\documents and settings\Guest\Local Settings\Application Data\{EA4743C1-BE53-4528-818A-86340E767465}
c:\documents and settings\computer\Local Settings\Application Data\{4F16AA05-74BF-4EB9-8537-8A54EAD076AF}
c:\documents and settings\computer\Application Data\arivpjxbs
c:\documents and settings\computer\Application Data\dtasiufbb
c:\documents and settings\computer\Application Data\lhueubrae
c:\documents and settings\computer\Application Data\plxpaosfb
c:\documents and settings\computer\Application Data\yfftiwmls
c:\documents and settings\computer\Application Data\yikneycay
c:\documents and settings\computer\Local Settings\Application Data\abemnrosn
c:\documents and settings\computer\Local Settings\Application Data\aewqcmaoi
c:\documents and settings\computer\Local Settings\Application Data\aihbxauhs
c:\documents and settings\computer\Local Settings\Application Data\akvghyvmo
c:\documents and settings\computer\Local Settings\Application Data\awnvemhko
c:\documents and settings\computer\Local Settings\Application Data\ayvtdhiph
c:\documents and settings\computer\Local Settings\Application Data\bbxncrdai
c:\documents and settings\computer\Local Settings\Application Data\bewmheqfu
c:\documents and settings\computer\Local Settings\Application Data\bfrfwaqgt
c:\documents and settings\computer\Local Settings\Application Data\bmodibuvh
c:\documents and settings\computer\Local Settings\Application Data\bmuoaptgg
c:\documents and settings\computer\Local Settings\Application Data\cblbsomyt
c:\documents and settings\computer\Local Settings\Application Data\cgyvlhqfs
c:\documents and settings\computer\Local Settings\Application Data\ciroyxdnj
c:\documents and settings\computer\Local Settings\Application Data\cqysqehso
c:\documents and settings\computer\Local Settings\Application Data\csydluoun
c:\documents and settings\computer\Local Settings\Application Data\dcjjlnovh
c:\documents and settings\computer\Local Settings\Application Data\ddfcdymuk
c:\documents and settings\computer\Local Settings\Application Data\djrveutsa
c:\documents and settings\computer\Local Settings\Application Data\djwskimal
c:\documents and settings\computer\Local Settings\Application Data\dspounrcu
c:\documents and settings\computer\Local Settings\Application Data\dtvfpviyq
c:\documents and settings\computer\Local Settings\Application Data\dvtmxwton
c:\documents and settings\computer\Local Settings\Application Data\ebvfjgfgg
c:\documents and settings\computer\Local Settings\Application Data\elsybkbgm

AtJob::

File::
c:\windows\system32\drivers\moirmqft.sys
c:\documents and settings\All Users\Application Data\7lgw65up.exe
c:\windows\system32\pIotM8M1.dll
c:\documents and settings\All Users\Application Data\H7mAf4TXy.dat
c:\documents and settings\computer\Local Settings\Application Data\asam.exe

Driver::
moirmqft

RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\DAEMON Tools Lite\DTLite .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext .exe
c:\program files\QuickTime\qttask         .exe
c:\program files\QuickTime\qttask        .exe
c:\program files\QuickTime\qttask       .exe
c:\program files\QuickTime\qttask      .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
c:\windows\system32\rundll32 .exe


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 AM

Posted 23 August 2010 - 02:09 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tehfuzzle

tehfuzzle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 24 August 2010 - 08:14 AM

Sorry gringo I think I'll need more time been busy with work and school.

Edited by tehfuzzle, 24 August 2010 - 08:15 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:41 AM

Posted 24 August 2010 - 11:44 AM

no problem



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users