Clairefish

February 12, 2010

It said that avast was still running even after I turned it off, so I'm not sure if there's something I'm missing. Here's the log:

ComboFix 10-02-11.04 - Claire 02/11/2010 22:03:51.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.257 [GMT -5:00]

Running from: c:\documents and settings\Claire\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Claire\Desktop\CFScript.txt.txt

AV: avast! antivirus 4.8.1368 [VPS 100211-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\system32\hogufare.dll.tmp

file zipped: c:\windows\system32\katowola.dll

file zipped: c:\windows\system32\kedawubo.dll

file zipped: c:\windows\system32\lemekipe.dll

file zipped: c:\windows\system32\lofirelo.dll

file zipped: c:\windows\system32\tebanohu.dll.tmp

file zipped: c:\windows\system32\wigimogo.dll

file zipped: c:\windows\system32\yufivibo.dll.tmp

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\havowezi.dll

c:\windows\system32\hogufare.dll.tmp

c:\windows\system32\katowola.dll

c:\windows\system32\kedawubo.dll

c:\windows\system32\lemekipe.dll

c:\windows\system32\lofirelo.dll

c:\windows\system32\tebanohu.dll.tmp

c:\windows\system32\vorikope.dll

c:\windows\system32\wigimogo.dll

c:\windows\system32\yufivibo.dll.tmp

c:\windows\system32\zurihaga.dll

c:\windows\Tasks\nrbtrmgq.job

.

((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))

.

2010-02-12 02:19 . 2010-02-12 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-02-10 00:56 . 2010-02-10 00:56 -------- d-----w- c:\program files\Trend Micro

2010-01-16 23:44 . 2010-01-17 18:21 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Adobe

2010-01-13 12:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-12 03:14 . 2009-11-23 01:07 -------- d-----w- c:\program files\Steam

2010-02-12 02:20 . 2008-11-11 22:21 -------- d-----w- c:\program files\Alwil Software

2010-02-11 18:53 . 2008-11-11 22:22 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-02-11 18:53 . 2008-11-11 22:22 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-02-11 18:42 . 2008-11-11 22:22 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-02-11 18:42 . 2008-11-11 22:22 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-02-11 18:39 . 2008-11-11 22:22 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-02-11 18:38 . 2008-11-11 22:22 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-02-11 18:38 . 2008-11-11 22:22 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-02-11 18:38 . 2008-11-11 22:22 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-02-11 18:38 . 2008-11-11 22:22 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-02-09 18:31 . 2010-01-11 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-24 17:42 . 2009-02-22 04:10 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-14 00:59 . 2008-11-12 17:52 -------- d-----w- c:\program files\Paint Shop Pro 6

2010-01-11 14:17 . 2010-01-11 14:17 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes

2010-01-11 14:16 . 2010-01-11 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-07 22:26 . 2010-01-07 22:26 -------- d-----w- c:\documents and settings\Dad\Application Data\Roxio

2010-01-07 21:07 . 2010-01-11 14:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 21:07 . 2010-01-11 14:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00 . 2006-02-28 12:00 832512 ------w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll

2009-12-22 17:00 . 2009-10-30 16:06 -------- d-----w- c:\documents and settings\Claire\Application Data\vlc

2009-12-02 15:21 . 2008-11-11 22:27 36384 ----a-w- c:\documents and settings\Claire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-02 04:59 . 2009-12-02 04:59 1 ----a-w- c:\documents and settings\Claire\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-12-02 01:53 . 2009-12-02 01:53 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-23 14:02 . 2009-11-23 14:02 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-11-17 01:03 . 2009-11-17 01:03 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

1601-01-01 00:03 . 1601-01-01 00:03 53760 --sha-w- c:\windows\system32\kofidina.dll

1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\mijamehu.dll

1601-01-01 00:03 . 1601-01-01 00:03 61952 --sha-w- c:\windows\system32\niyuhelu.dll

1601-01-01 00:03 . 1601-01-01 00:03 53760 --sha-w- c:\windows\system32\zofetehi.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2009-11-23 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 1687552]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]

"mijosudus"="c:\windows\system32\havowezi.dll" [bU]

"kotesefeba"="zurihaga.dll" [bU]

c:\documents and settings\Claire\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=

"c:\\Program Files\\Apoint\\Apoint.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/11/2008 5:22 PM 162512]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/11/2008 5:22 PM 19024]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [8/8/2008 8:31 PM 92550]

.

------- Supplementary Scan -------

.

FF - ProfilePath - c:\documents and settings\Claire\Application Data\Mozilla\Firefox\Profiles\ygxxhyee.default\

FF - plugin: c:\documents and settings\Claire\Application Data\Mozilla\Firefox\Profiles\ygxxhyee.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

.

- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{221f2978-9611-4149-9907-760eb73bf81e} - c:\windows\system32\havowezi.dll

SSODL-hejiyovaz-{221f2978-9611-4149-9907-760eb73bf81e} - c:\windows\system32\havowezi.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-11 22:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2024)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\basfipm.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Apoint\HidFind.exe

c:\program files\Apoint\Apntex.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

.

**************************************************************************

.

Completion time: 2010-02-11 22:24:47 - machine was rebooted

ComboFix-quarantined-files.txt 2010-02-12 03:24

ComboFix2.txt 2010-02-11 00:36

Pre-Run: 30,455,721,984 bytes free

Post-Run: 30,300,350,464 bytes free

- - End Of File - - B42F4C59FE8CC99A5164F44021A4D5BA

February 11, 2010

Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:04:21 PM, on 2/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\basfipm.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {de50656a-9a01-4000-831b-5a81fc522e4c} - lefegosi.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: vikuzeja.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 6267 bytes

The other one is huge, so it's attached.

log.txt

February 10, 2010

So i'm trying to get rid of malware on my gf's computer, its been making the computer run super slow, making the internet go schizo, and seeding random popups. I ran avast using the boot scan, but it didn't seem to work, the bottom bar for the computer is greyed out and won't work, as can be seen here:

and malwarebytes won't launch, I've tried scanning malwarebytes with avast, and thats when the bottom bar started greying out. Avast finds stuff whenever I run the scan, but it can't seem to get all of it and malwarebytes still won't run.

here is the Hijack this log:

------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:58:43 PM, on 2/9/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\basfipm.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [bascstray] BascsTray.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [mijosudus] Rundll32.exe "c:\windows\system32\lofirelo.dll",a

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: yufivibo.dll c:\windows\system32\lofirelo.dll

O21 - SSODL: rafojidej - {40881e32-642a-4c86-b001-a6c8cb3905e5} - c:\windows\system32\lofirelo.dll

O22 - SharedTaskScheduler: tokatiluy - {40881e32-642a-4c86-b001-a6c8cb3905e5} - c:\windows\system32\lofirelo.dll