[Struggling with Virtumonde (I think) MBAM won't install or run correct]

It starts to boot up (I can see the files loading up for it, but it never loads up), but then the monitor goes into the powersave mode as it would if the computer is turned off, like it's not even connected. I can't even see the GUI to use the commandline because it's like the computer isnt even connected to the monitor, though I know it is b/c it was showing just seconds before. What to do?

[Struggling with Virtumonde (I think) MBAM won't install or run correct]

Sorry It took me so long I was waiting to get a blank cd. I have one now, and I will run the scan tonight and post it after I get back from work tomorrow. Bear with me please : /

[Struggling with Virtumonde (I think) MBAM won't install or run correct]

Kaspersky won't start either--I know that some of those files in the Quarantine folder are viruses, and I hate it when none of these programs seems to work. You got anything else up your sleeve that might do the trick? You think if i delete those quarantined files it might make a difference?

[Struggling with Virtumonde (I think) MBAM won't install or run correct]

Just attempted to run that program and I get this error

"Mismatch between the kernel reported by windows and the one reported by a hardware scan.

Do you want to use the kernel reported by windows?"

Yes No

If I click Yes it says Could not load driver (0xc000036b)!

same error no matter which option I pick. Apparently it does not work with my 64 bit OS from what a google search dug up--Windows XP Professional x64

[Struggling with Virtumonde (I think) MBAM won't install or run correct]

Also I consulted Jotti online malware scan and Im pretty sure that the Dr.Web folder's AOL files, VirtumundobeGone, and the batch file, possibly the reg entries are false positives from the heuristics, but the other files in that folder showed up as infections.

[Struggling with Virtumonde (I think) MBAM won't install or run correct]

Nothing will install, all programs taht were messed up before still are. There are a lot of files in the quarantine bins for trendmicro housecall and Dr. Web, but i dont think it moved anymore in there after my restart. I attached pictures of the two quarantine folders so you can see the files in there

[Struggling with Virtumonde (I think) MBAM won't install or run correct]

I attached it with non word wrap. All the same problems still there, due to the 2 or 3 things taht could not be fixed I guess. No change that I can tell, everything is still messed up

DrWeb.csv.txt

DrWeb.csv.txt

[Struggling with Virtumonde (I think) MBAM won't install or run correct]

Dr.Web log found a lot of stuff but wasnt able to delete it all. Excel won't open due to the virus so this is the only way to put the drweb log in, since it won't let me upload .csv files

c.bat;C:\32788R22FWJFW;Probably BATCH.Virus;Moved.;

psexec.cfexe;C:\32788R22FWJFW;Program.PsExec.171;Moved.;

A0042298.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Siggen.568;Deleted.;

A0042299.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1459;Deleted.;

A0042301.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;

A0042302.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;

A0042303.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;

A0045631.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Siggen.568;Deleted.;

A0045632.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1459;Deleted.;

A0045633.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;

A0045634.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;

A0045635.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;

BACKUP-20071207-233006-457.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;

BACKUP-20071207-233103-479.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;

BACKUP-20071207-233123-734.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;

BACKUP-20071207-233141-958.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;

BACKUP-20071207-235336-312.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;

BACKUP-20071208-000717-169.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;

sch20ddshlp.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Probably Trojan.Packed.196;Moved.;

wnl32.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.DownLoader.61955;Deleted.;

VirtumundoBeGone.exe\data005;C:\Documents and Settings\Administrator\Desktop\system health tools\VirtumundoBeGone.exe;Tool.Prockill;;

VirtumundoBeGone.exe;C:\Documents and Settings\Administrator\Desktop\system health tools;Archive contains infected objects;Moved.;

nsh2F.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Moved.;

nsuA.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Moved.;

nsv5.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Moved.;

nswD.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Moved.;

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Incurable.Moved.;

ocpinst.exe\data529;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ocpinst.exe;Probably BACKDOOR.Trojan;;

ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Archive contains infected objects;Moved.;

regLocal.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups;Probably SCRIPT.Virus;Incurable.Moved.;

RegUBP2b-Administrator.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;

ylcgcuoq.dat;C:\WINDOWS\system32\Drivers;Trojan.NtRootKit.511;Deleted.;

new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:05 PM, on 03/02/2009

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe

C:\Program Files (x86)\Java\jre6\bin\jqs.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\WINDOWS\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\SysWOW64\wwSecure.exe

C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\iPod\bin\iPodService.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =

http://go.microsoft.com/fwlink/?LinkId=54843

O1 - Hosts: be placed in the first column followed by the corresponding host

name.

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

(no file)

O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files

(x86)\FSI\F-Prot\F-Sched.exe" STARTUP

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files

(x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files

(x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft

Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common

Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d

locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [Window Washer] C:\Program Files

(x86)\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search

& Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [Aim6]

"C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User

'?')

O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [spybotSD

TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User

'?')

O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User

'?')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User

'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files

(x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

(no file)

O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no

file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no

file)

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)

O15 - ESC Trusted Zone: http://runonce.msn.com

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} -

http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

http://upload.facebook.com/controls/2008.1...kPhotoUploader5.

cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -

http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

http://a840.g.akamai.net/7/840/537/2004061...icro.com/housec

all/xscan53.cab

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} -

http://www.livemetallica.com/nugster/dlControl.CAB

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -

http://driveragent.com/files/driveragent.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no

file)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe (file missing)

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Event Log (Eventlog) - Unknown owner -

C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program

Files (x86)\FSI\F-Prot\fpavupdm.exe

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner -

C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files (x86)\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner -

C:\WINDOWS\system32\imapi.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files

(x86)\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner -

C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Unknown owner -

C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown

owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Virtual Disk Service (vds) - Unknown owner -

C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files

(x86)\Viewpoint\Common\ViewpointService.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner -

C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner -

C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. -

C:\WINDOWS\system32\wwSecure.exe

--

End of file - 7986 bytes

[Struggling with Virtumonde (I think) MBAM won't install or run correct]

I ran Ad-Aware in the meantime while waiting for some help, so I'll post that log too

Ad-Aware 2007 Build

Log File Created on: 2009-03-01 23:11:40

Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef

Computer name: DREWS-SGAMER

Name of user performing scan: SYSTEM

System information

===========================

Number of processors: 1

Processor type: AMD Athlon 64 Processor 3200+

Memory Available: 25%

Total Physical Memory: 1073094656 Bytes

Available Physical Memory: 257556480 Bytes

Total Page File Size: 3148898304 Bytes

Available On Page File: 2420752384 Bytes

Total Virtual Memory: 2147352576 Bytes

Available Virtual Memory: 1772601344 Bytes

OS: Microsoft Windows Server 2003 family Service Pack 2 (Build 3790)

Ad-Aware 2007 Settings

===========================

Skipping files larger than 1048576 kB

Ignoring infections with lower TAI than: 3

Extended Ad-Aware 2007 Settings

===========================

Unloading known modules during scan

Ignoring spanned files when scanning cab archives

Reanalyzing results after scanning before displaying results

Trying to unload modules prior to removal

Unloading Explorer if necessary during removal

Let Windows remove files currently in use at next reboot

Removing quarantined objects after restore

Deactivating Ad-Watch during scans

Writeprotecting system files after repairs

Include info about ignored objects in log file

Including basic settings in log file

Including advanced settings in log file

Including user and computer name in log file

Create and save WebUpdate log file

Databaseinfo

===========================

Version number: 146

Build Number: 0

Build Date and Time: 2009/01/22 14:54:48

Scan Statistics

===========================

Method: Smart

Scan tracking cookies.............................: On

Scan ADS filestreams..............................: On

Item Scanned: 189436

Infections Detected: 7

Infections Ignored: 0

Scan detailed statistics

===========================

Type Critical Total

Process Scan....: 0 0

Registry Scan...: 0 0

Registry PE Scan: 0 0

Hosts File Scan.: 0 0

File Scan.......: 0 0

Folder Scan.....: 0 0

LSP Scan........: 0 0

ADS Scan........: 0 0

Cookie Scan.....: 4 4

File Hash Scan..: 0 0

Infections Found

===========================

Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3

Item Id: 409170 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com PrefID /

Item Id: 409170 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com CSList /

Item Id: 409363 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com cluid /

Item Id: 409363 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com imprs /

Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0

Item Id: 1 Value: MRU Path: C:\Documents and Settings\Administrator\Recent Count: 149

Item Id: 2 Value: MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Search Assistant\ACMru\5603 Count: 9

Item Id: 3 Value: MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Internet Explorer\TypedURLs Count: 10

Items Ignored During Scan

===========================

Listing of running processes

===========================

C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

c:\program files (x86)\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\program files (x86)\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\program files (x86)\lavasoft\ad-aware 2007\pkarchive84cb.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\syswow64\version.dll

c:\windows\syswow64\wininet.dll

c:\windows\syswow64\normaliz.dll

c:\windows\syswow64\iertutil.dll

c:\program files (x86)\lavasoft\ad-aware 2007\update.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\rasadhlp.dll

C:\PROGRAM FILES (X86)\FSI\F-PROT\FPAVUPDM.EXE

c:\program files (x86)\fsi\f-prot\fpavupdm.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\wininet.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\normaliz.dll

c:\windows\syswow64\iertutil.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\syswow64\shell32.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\syswow64\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\msapsspc.dll

c:\windows\system32\msvcrt40.dll

c:\windows\system32\msnsspc.dll

c:\windows\syswow64\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\syswow64\urlmon.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JQS.EXE

c:\program files (x86)\java\jre6\bin\jqs.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\system32\ws2_32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\program files (x86)\java\jre6\bin\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\pdh.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78fcf8d0\comctl32.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\odbcbcp.dll

c:\windows\syswow64\version.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\perfos.dll

c:\windows\system32\perfdisk.dll

C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

c:\program files (x86)\common files\microsoft shared\vs7debug\mdm.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\syswow64\version.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\system32\shimeng.dll

c:\windows\system32\apphelp.dll

c:\windows\apppatch\acwow64.dll

c:\windows\system32\imm32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files (x86)\common files\microsoft shared\vs7debug\msdbg2.dll

c:\windows\syswow64\netapi32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

C:\WINDOWS\SYSWOW64\PNKBSTRA.EXE

c:\windows\syswow64\pnkbstra.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\wsock32.dll

c:\windows\syswow64\ws2_32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\ws2help.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\wintrust.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\syswow64\imagehlp.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\mswsock.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSWOW64\WWSECURE.EXE

c:\windows\syswow64\wwsecure.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\version.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78fcf8d0\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\syswow64\uxtheme.dll

c:\windows\syswow64\sxs.dll

c:\windows\syswow64\xpsp2res.dll

c:\windows\syswow64\clbcatq.dll

c:\windows\syswow64\comres.dll

C:\WINDOWS\SYSWOW64\CTFMON.EXE

c:\windows\syswow64\ctfmon.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\msctf.dll

c:\windows\syswow64\msutb.dll

c:\windows\system32\imm32.dll

c:\windows\syswow64\uxtheme.dll

c:\windows\syswow64\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

C:\PROGRAM FILES (X86)\FSI\F-PROT\F-SCHED.EXE

c:\program files (x86)\fsi\f-prot\f-sched.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\system32\mfc42.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\syswow64\wininet.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\normaliz.dll

c:\windows\syswow64\iertutil.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\odbc32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\comdlg32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\odbcint.dll

c:\program files (x86)\fsi\f-prot\schedeng.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\msctf.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JUSCHED.EXE

c:\program files (x86)\java\jre6\bin\jusched.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\wininet.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\normaliz.dll

c:\windows\syswow64\iertutil.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\msctf.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\syswow64\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\syswow64\msapsspc.dll

c:\windows\system32\msvcrt40.dll

c:\windows\syswow64\msnsspc.dll

c:\windows\syswow64\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\atl.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\wmi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\esent.dll

c:\windows\system32\wzcsapi.dll

c:\windows\syswow64\urlmon.dll

C:\PROGRAM FILES (X86)\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

c:\program files (x86)\common files\real\update_ob\realsched.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\version.dll

c:\windows\system32\imm32.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\msctf.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\system32\comres.dll

c:\windows\system32\ntmarta.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\samlib.dll

C:\PROGRAM FILES (X86)\IPOD\BIN\IPODSERVICE.EXE

c:\program files (x86)\ipod\bin\ipodservice.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\version.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\system32\imm32.dll

c:\program files (x86)\ipod\bin\ipodservice.resources\en.lproj\ipodservicelocalized.dll

c:\program files (x86)\ipod\bin\ipodservice.resources\ipodservice.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\wintrust.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\syswow64\imagehlp.dll

C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE

c:\program files (x86)\mozilla firefox\firefox.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\program files (x86)\mozilla firefox\xul.dll

c:\program files (x86)\mozilla firefox\sqlite3.dll

c:\program files (x86)\mozilla firefox\mozcrt19.dll

c:\windows\syswow64\msvcrt.dll

c:\program files (x86)\mozilla firefox\js3250.dll

c:\program files (x86)\mozilla firefox\nspr4.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\winmm.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\program files (x86)\mozilla firefox\smime3.dll

c:\program files (x86)\mozilla firefox\nss3.dll

c:\program files (x86)\mozilla firefox\nssutil3.dll

c:\program files (x86)\mozilla firefox\plc4.dll

c:\program files (x86)\mozilla firefox\plds4.dll

c:\program files (x86)\mozilla firefox\ssl3.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\version.dll

c:\windows\system32\winspool.drv

c:\windows\syswow64\comdlg32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\usp10.dll

c:\windows\syswow64\oleaut32.dll

c:\program files (x86)\mozilla firefox\xpcom.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\msctf.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files (x86)\mozilla firefox\components\browserdirprovider.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\xpsp2res.dll

c:\program files (x86)\mozilla firefox\components\brwsrcmp.dll

c:\windows\syswow64\netapi32.dll

c:\windows\system32\urlmon.dll

c:\windows\syswow64\iertutil.dll

c:\windows\system32\userenv.dll

c:\windows\system32\rsaenh.dll

c:\program files (x86)\mozilla firefox\softokn3.dll

c:\program files (x86)\mozilla firefox\nssdbm3.dll

c:\program files (x86)\mozilla firefox\freebl3.dll

c:\program files (x86)\mozilla firefox\nssckbi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\syswow64\wintrust.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\syswow64\imagehlp.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\linkinfo.dll

C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE

c:\program files (x86)\lavasoft\ad-aware 2007\ad-aware2007.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78fcf8d0\comctl32.dll

c:\windows\syswow64\comdlg32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\shell32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\syswow64\ole32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\syswow64\netapi32.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\credui.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\syswow64\version.dll

c:\windows\syswow64\mpr.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\msctf.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\olepro32.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\userenv.dll

End of Scan Section

===========================

Quarantined Infections

===========================

Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com PrefID /, Belonging to Tracking Cookie

Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com CSList /, Belonging to Tracking Cookie

Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com cluid /, Belonging to Tracking Cookie

Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com imprs /, Belonging to Tracking Cookie

MRU Path: C:\Documents and Settings\Administrator\Recent Count: 149, Belonging to MRU Object

MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Search Assistant\ACMru\5603 Count: 9, Belonging to MRU Object

MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Internet Explorer\TypedURLs Count: 10, Belonging to MRU Object

End of Quarantined Infections

===========================

[Struggling with Virtumonde (I think) MBAM won't install or run correct]

Also just a heads-up I run XP Professional x64 OS, so some things like ComboFix won't work with my x64 operating system b/c they are 32 only.

ONe other thing I want to mention is that My installer seems to be really messed up, nothing will install, always gives the error 1719 (problem with windows installer), or it gives me some thing about the permission settings not being right (though I am the sole administrator)

[Struggling with Virtumonde (I think) MBAM won't install or run correct]

for the past couple weeks my computer has basically been locked up by some malware. it keeps the most popular programs like IE and Windows Media Player,a nd most games from working, and it has affected the correct operation of dll's and prevented most installs from happening, and when I try to run programs that are isntalled like Word it just brings up a frozen installer.

Now I have scanned with Spybot, F-Prot, and they either didn't get anything or "fixed it" but nothing changed. Trendmicro Housecall picked up a bunch of stuff and said it fixed it but nothing really changed. Less popular or non microsoft programs like Firefox (what I'm using now) and Quicktime, Itunes, etc. work however.

SO at least a couple times I have thought I deleted the virtumonde files, but nothing changed after their deletion. Tried to install MBAM (changed the exe name multiple times with no avail) but I kept getting the Runtime error 0 Acceleration Grid,etc. and MBAM Runtime 404 error, a

"CoCreateInstance failed; code 0x80040154. Class not registered." when the .ink files tried to install. So MBAM installs but these errors come up both during install and when I tryto run it. I have seen other people's topics where MBAM eliminated their problems so I hope to get it installed and let it have a crack.

I have found some suspicious files like one related to a malware I got last year

C:\WINDOWS\SysWOW64\Drivers\ylcgcuoq.dat

and also wsil32.dll which i'm not sure about

In addition, attempted install of Superantispyware gives the same cocreate instance error, and I have already tried a number of specific virtumonde fix programs.

PLEASE HELP! I have tried all I can by myself before bugging y'all with this problem, but I need some more experienced help with this now, so I'll roll out the logs.

Gmer log

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-03-01 00:19:34

Windows 5.2.3790 Service Pack 2

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.14 ----

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:23 AM, on 03/01/2009

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe

C:\Program Files (x86)\Java\jre6\bin\jqs.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\SysWOW64\PnkBstrA.exe

C:\WINDOWS\SysWOW64\wwSecure.exe

C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\iPod\bin\iPodService.exe

C:\Documents and Settings\Administrator\Desktop\system health tools\gmer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =

http://go.microsoft.com/fwlink/?LinkId=54843

O1 - Hosts: be placed in the first column followed by the corresponding host

name.

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

(no file)

O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files

(x86)\FSI\F-Prot\F-Sched.exe" STARTUP

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files

(x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files

(x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft

Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common

Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d

locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [Window Washer] C:\Program Files

(x86)\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search

& Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [Aim6]

"C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User

'?')

O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [spybotSD

TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User

'?')

O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User

'?')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User

'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files

(x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

(no file)

O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no

file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no

file)

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)

O15 - ESC Trusted Zone: http://runonce.msn.com

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} -

http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

http://upload.facebook.com/controls/2008.1...kPhotoUploader5.

cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -

http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

http://a840.g.akamai.net/7/840/537/2004061...icro.com/housec

all/xscan53.cab

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} -

http://www.livemetallica.com/nugster/dlControl.CAB

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -

http://driveragent.com/files/driveragent.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no

file)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe (file missing)

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Event Log (Eventlog) - Unknown owner -

C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program

Files (x86)\FSI\F-Prot\fpavupdm.exe

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner -

C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files (x86)\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner -

C:\WINDOWS\system32\imapi.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files

(x86)\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner -

C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Unknown owner -

C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown

owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Virtual Disk Service (vds) - Unknown owner -

C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files

(x86)\Viewpoint\Common\ViewpointService.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner -

C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner -

C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. -

C:\WINDOWS\system32\wwSecure.exe

--

End of file - 8121 bytes

Deckard's System Scanner

Deckard's System Scanner v20071014.68

Run by Administrator on 2009-03-01 00:25:21

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:25 AM, on 03/01/2009

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe

C:\Program Files (x86)\Java\jre6\bin\jqs.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\SysWOW64\PnkBstrA.exe

C:\WINDOWS\SysWOW64\wwSecure.exe

C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\iPod\bin\iPodService.exe

C:\Documents and Settings\Administrator\Desktop\system health tools\gmer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\system health tools\dss.exe

C:\PROGRA~2\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

O1 - Hosts: be placed in the first column followed by the corresponding host name.

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe" STARTUP

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')

O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)

O15 - ESC Trusted Zone: http://runonce.msn.com

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - http://www.livemetallica.com/nugster/dlControl.CAB

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--

End of file - 8180 bytes

-- Files created between 2009-02-01 and 2009-03-01 -----------------------------

2009-02-28 22:19:43 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2009-02-28 21:08:27 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2009-02-16 20:16:38 0 d-------- C:\VundoFix Backups

2009-02-16 02:51:29 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6

2009-02-15 01:07:42 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI

2009-02-15 00:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI(4)

2009-02-02 22:57:09 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI(3)

2009-02-02 22:40:32 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI(2)

-- Find3M Report ---------------------------------------------------------------

2009-02-28 22:18:59 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2009-02-16 21:43:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla

2009-02-16 20:16:37 0 d-------- C:\Program Files (x86)\zips of games

2009-02-15 11:46:19 0 d-------- C:\Program Files (x86)\GameSpy Arcade

2009-02-15 01:07:14 0 d-------- C:\Program Files (x86)\ATI Technologies

2009-02-10 21:41:16 0 d-------- C:\Program Files (x86)\botf

2009-02-08 23:00:45 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information

2009-02-02 23:12:27 0 d-------- C:\Program Files (x86)\CyberLink

2009-01-18 00:32:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Bioshock

2009-01-08 21:35:04 0 d-------- C:\Program Files (x86)\ubernesv3rev2

2008-12-07 22:39:06 8812 --ah----- C:\WINDOWS\system32\repefeji

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2009-03-01 00:25:41 ------------