Jump to content

Recommended Posts

My computer's been infected with a pop-up virus, but whenever I try to install malware bytes, I get an error. I tried installing it with a random name, but got another error message. I've tried uninstalling then reinstalling it, but I get the same message each time. Help is much appreciated.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:04:40 AM, on 2/16/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\ps2.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Saitek\Software\ProfilerU.exe

C:\Program Files\Saitek\Software\SaiMfd.exe

C:\WINDOWS\system32\smss32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://favorites/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\PROGRA~1\Crawler\Shared\CShared.dll (file missing)

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe

O4 - HKLM\..\Run: [rupahebey] Rundll32.exe "c:\windows\system32\sohotuwa.dll",a

O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')

O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [rupahebey] Rundll32.exe "c:\windows\system32\sohotuwa.dll",a (User 'Guest')

O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe (User 'Guest')

O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [Vzeyogoyineba] rundll32.exe "C:\Documents and Settings\Guest.UZI\Local Settings\Application Data\r32pet42.dll",Startup (User 'Guest')

O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [Twoseguwivi] rundll32.exe "C:\Documents and Settings\Guest.UZI\Local Settings\Application Data\ejopijaf.dll",Startup (User 'Guest')

O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe (User 'Guest')

O4 - S-1-5-21-2692080380-3255334498-1319242016-501 User Startup: .lnk = ? (User 'Guest')

O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)

O9 - Extra button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buy-security-essentials.com

O15 - Trusted Zone: http://*.download-soft-package.com

O15 - Trusted Zone: http://*.download-software-package.com

O15 - Trusted Zone: http://*.get-key-se10.com

O15 - Trusted Zone: http://*.is-software-download.com

O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)

O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200085510015

O20 - AppInit_DLLs: sejigowe.dll c:\windows\system32\sohotuwa.dll

O21 - SSODL: hiyenipuk - {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - (no file)

O21 - SSODL: nugovumat - {dffaf43e-902d-4826-909e-d98ea55c3267} - (no file)

O21 - SSODL: liruromuv - {a603907c-8e08-4d5e-8f57-aca2e011fa18} - (no file)

O21 - SSODL: linoziten - {03ff4ffd-bb6e-47a4-9de1-aeeb957443dd} - c:\windows\system32\sohotuwa.dll

O22 - SharedTaskScheduler: gahurihor - {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - (no file)

O22 - SharedTaskScheduler: kupuhivus - {dffaf43e-902d-4826-909e-d98ea55c3267} - (no file)

O22 - SharedTaskScheduler: gahurihor - {a603907c-8e08-4d5e-8f57-aca2e011fa18} - (no file)

O22 - SharedTaskScheduler: gahurihor - {03ff4ffd-bb6e-47a4-9de1-aeeb957443dd} - c:\windows\system32\sohotuwa.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 10027 bytes

Link to post
Share on other sites

Hello Xeon

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    %SYSTEMDRIVE%\*.*

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    /md5stop

    %systemroot%\*. /mp /s

    %systemroot%\System32\config\*.sav

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • Sections

  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites

I tried using OTL, but no files appeared. After I looked into it more, it seems my notepad isn't working. When I try running it, a warning sign pops up that says, "Application cannot be executed. The file is infected. Please activate your antivirus software." After I exit it, a program begins to run called Security Essentials 2010.

I was able to run the GMER Scanner. The log is here:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-02-16 16:17:44

Windows 5.1.2600 Service Pack 2

Running: krk8yx1g.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ugldapow.sys

---- System - GMER 1.0.15 ----

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F67444F6

INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F674459C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Ok please try it in Safe Mode for now just so I can get those logs please.

*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Link to post
Share on other sites

I ran it in safe mode, but it only gave me one log, the OTL and not the Extra. Here's the OTL log.

OTL logfile created on: 2/17/2010 4:14:33 PM - Run 3

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 78.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 107.70 Gb Total Space | 3.54 Gb Free Space | 3.29% Space Free | Partition Type: NTFS

Drive D: | 4.07 Gb Total Space | 0.78 Gb Free Space | 19.12% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 492.62 Mb Total Space | 488.52 Mb Free Space | 99.17% Space Free | Partition Type: FAT32

Computer Name: UZI

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\WINDOWS\system32\lonobori.dll ()

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (CAISafe) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe (Computer Associates International, Inc.)

SRV - (VETMSGNT) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe (Computer Associates International, Inc.)

SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)

DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (VETMONNT) -- C:\WINDOWS\system32\drivers\vetmonnt.sys (Computer Associates International, Inc.)

DRV - (VETEFILE) -- C:\WINDOWS\system32\drivers\VetEFile.sys (Computer Associates International, Inc.)

DRV - (VETEBOOT) -- C:\WINDOWS\system32\drivers\VetEBoot.sys (Computer Associates International, Inc.)

DRV - (VET-FILT) -- C:\WINDOWS\system32\drivers\Vet-Filt.sys (Computer Associates International, Inc.)

DRV - (VET-REC) -- C:\WINDOWS\system32\drivers\Vet-Rec.sys (Computer Associates International, Inc.)

DRV - (VETFDDNT) -- C:\WINDOWS\system32\drivers\VetFDDNT.sys (Computer Associates International, Inc.)

DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (atitray) -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys ()

DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)

DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)

DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek)

DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)

DRV - (SaiH075C) -- C:\WINDOWS\system32\drivers\SaiH075C.sys (Saitek)

DRV - (FETND5BV) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )

DRV - (viagfx) -- C:\WINDOWS\system32\drivers\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)

DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)

DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Technologies, Inc. )

DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://favorites/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/20 10:35:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 06:19:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/05 20:50:48 | 000,000,000 | ---D | M]

[2008/12/25 13:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2008/12/25 13:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/01/12 21:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\extensions

[2008/01/04 00:28:27 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}

[2010/01/12 06:23:12 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

[2009/09/03 09:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\extensions\lookingforgroupboom@lookingforgroup.com

[2010/01/12 21:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\extensions\YoutubeDownloader@PeterOlayev.com

[2009/09/03 09:03:26 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\searchplugins\ask.xml

[2009/12/03 06:05:01 | 000,002,179 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\searchplugins\inbox-search.xml

[2009/09/03 09:03:26 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\searchplugins\yahoo.xml

[2010/02/15 17:15:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/06 06:19:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2007/11/20 23:22:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2008/05/05 16:48:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

[2010/01/06 06:19:08 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/01/06 06:19:08 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2006/07/28 07:32:54 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

[2007/07/26 18:03:34 | 000,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

[2007/10/11 14:17:50 | 001,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2010/01/06 06:19:09 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

[2009/08/09 08:25:38 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/08/09 08:25:38 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/08/09 08:25:38 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/08/09 08:25:39 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/08/09 08:25:39 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/08/09 08:25:39 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/08/09 08:25:39 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/02/09 09:55:05 | 000,224,776 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.1001-search.info

O1 - Hosts: 127.0.0.1 1001-search.info

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 7888 more lines...

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: () - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\PROGRA~1\Crawler\Shared\CShared.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [CaAvTray] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe (Computer Associates International, Inc.)

O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe (Computer Associates International, Inc.)

O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)

O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)

O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe (Saitek)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [rupahebey] C:\WINDOWS\System32\lonobori.DLL ()

O4 - HKLM..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe (Saitek)

O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)

O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe (Security Essentials)

O4 - HKCU..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O8 - Extra context menu item: Add To Compaq Organize... - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\core.hp.main\SendTo.html ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL File not found

O9 - Extra Button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL File not found

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\EKV1lDWDjj.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\EKV1lDWDjj.dll ()

O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)

O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)

O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: download-software-package.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (qsax Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1200085510015 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\windows\system32\rumikegu.dll) - C:\WINDOWS\System32\rumikegu.dll File not found

O20 - AppInit_DLLs: (nehukene.dll) - File not found

O20 - AppInit_DLLs: (c:\windows\system32\lonobori.dll) - C:\WINDOWS\system32\lonobori.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: gomisuhoz - {afbcb342-da52-402c-ad57-8c761fcaf5bc} - C:\WINDOWS\system32\lonobori.dll ()

O21 - SSODL: hiyenipuk - {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - CLSID or File not found.

O21 - SSODL: liruromuv - {a603907c-8e08-4d5e-8f57-aca2e011fa18} - CLSID or File not found.

O21 - SSODL: nugovumat - {dffaf43e-902d-4826-909e-d98ea55c3267} - CLSID or File not found.

O21 - SSODL: pomutewam - {34cab3ab-c5a2-4e32-8954-ac88f5c783f7} - C:\WINDOWS\System32\rumikegu.dll File not found

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {34cab3ab-c5a2-4e32-8954-ac88f5c783f7} - jugezatag - C:\WINDOWS\System32\rumikegu.dll File not found

O22 - SharedTaskScheduler: {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - gahurihor - Reg Error: Key error. File not found

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {a603907c-8e08-4d5e-8f57-aca2e011fa18} - gahurihor - Reg Error: Key error. File not found

O22 - SharedTaskScheduler: {afbcb342-da52-402c-ad57-8c761fcaf5bc} - jugezatag - C:\WINDOWS\system32\lonobori.dll ()

O22 - SharedTaskScheduler: {dffaf43e-902d-4826-909e-d98ea55c3267} - kupuhivus - Reg Error: Key error. File not found

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/04/02 03:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{4c3f945d-f3c8-11de-a78a-00112f219e2e}\Shell - "" = AutoRun

O33 - MountPoints2\{4c3f945d-f3c8-11de-a78a-00112f219e2e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4c3f945d-f3c8-11de-a78a-00112f219e2e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT

Error starting restore point: The function was called in safe mode.

Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/02/16 15:30:55 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/02/16 09:46:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/02/16 09:46:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/02/16 09:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Securityessentials2010

[2010/02/15 12:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group

[2010/02/15 12:48:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys

[2010/02/15 12:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2010/02/15 12:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/02/06 12:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2010/02/06 12:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/02/06 12:30:35 | 005,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2010/02/05 18:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/02/05 18:17:46 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe

[2010/02/05 18:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan

[2010/02/04 20:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\inkscape

[2010/02/04 20:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape

[2008/09/28 17:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/01/14 22:56:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2008/01/11 22:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2007/08/20 16:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire

[2007/08/17 18:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire

[2005/01/23 20:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2004/04/02 03:06:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2004/04/02 03:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,096,768 | -HS- | M] () -- C:\WINDOWS\System32\lonobori.dll

[2099/01/01 12:00:00 | 000,043,520 | -HS- | M] () -- C:\WINDOWS\System32\gibedevo.dll

[2010/02/17 11:05:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/02/17 11:04:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini

[2010/02/17 11:04:31 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT

[2010/02/17 10:58:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/02/17 10:58:38 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat

[2010/02/17 10:56:49 | 000,004,278 | ---- | M] () -- C:\WINDOWS\System32\warnings.html

[2010/02/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\lwfmvlmg.job

[2010/02/17 10:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\guadvtom.job

[2010/02/17 09:14:17 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vedibewu

[2010/02/16 18:04:06 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/16 18:03:28 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2010/02/16 17:58:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe

[2010/02/16 17:54:38 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com

[2010/02/16 17:38:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe

[2010/02/16 17:18:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe

[2010/02/16 16:58:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe

[2010/02/16 16:38:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe

[2010/02/16 16:18:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe

[2010/02/16 16:11:12 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\krk8yx1g.exe

[2010/02/16 15:58:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe

[2010/02/16 15:38:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe

[2010/02/16 15:30:55 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/02/16 15:18:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe

[2010/02/16 14:58:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe

[2010/02/16 14:38:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe

[2010/02/16 14:18:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe

[2010/02/16 13:58:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe

[2010/02/16 13:38:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe

[2010/02/16 13:18:01 | 000,036,864 | ---- | M] () -- C:\WINDOWS\System32\EKV1lDWDjj.dll

[2010/02/16 13:18:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\28145.exe

[2010/02/16 12:57:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe

[2010/02/16 12:37:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe

[2010/02/16 12:17:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe

[2010/02/16 11:57:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe

[2010/02/16 11:37:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe

[2010/02/16 11:17:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe

[2010/02/16 10:57:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe

[2010/02/16 10:37:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe

[2010/02/16 10:17:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe

[2010/02/16 09:57:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe

[2010/02/16 09:16:21 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\helpers32.dll

[2010/02/16 09:16:13 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe

[2010/02/16 09:16:13 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe

[2010/02/15 12:48:24 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk

[2010/02/14 23:15:54 | 000,002,502 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel

[2010/02/14 23:15:53 | 000,086,439 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shinigamitaicho.svg

[2010/02/13 01:08:58 | 002,113,806 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2010/02/12 23:03:22 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2010/02/12 16:34:36 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010/02/08 17:40:08 | 000,013,644 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thirdcaptain.svg

[2010/02/07 10:12:09 | 000,026,096 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thirdcaptain.png

[2010/02/07 10:12:01 | 000,013,804 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thirdtaicho.svg

[2010/02/06 18:25:29 | 000,012,066 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qAbWac8

[2010/02/05 18:18:08 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2010/02/05 18:17:47 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe

[2010/02/05 17:42:44 | 000,182,784 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\mtg.exe

[2010/02/05 17:42:43 | 000,182,784 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\MSASCui.exe

[2010/02/04 20:34:05 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk

[2010/01/23 15:14:34 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Frozen Throne.lnk

[2010/01/21 15:45:11 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rcon Halo.lnk

[2010/01/20 18:12:21 | 000,084,443 | ---- | M] () -- C:\WINDOWS\War3Unin.dat

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,096,768 | -HS- | C] () -- C:\WINDOWS\System32\lonobori.dll

[2099/01/01 12:00:00 | 000,043,520 | -HS- | C] () -- C:\WINDOWS\System32\gibedevo.dll

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\vedibewu

[2010/02/16 17:58:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe

[2010/02/16 17:54:38 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com

[2010/02/16 17:38:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe

[2010/02/16 17:18:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe

[2010/02/16 16:58:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe

[2010/02/16 16:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe

[2010/02/16 16:18:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe

[2010/02/16 16:11:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\krk8yx1g.exe

[2010/02/16 15:58:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe

[2010/02/16 15:38:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe

[2010/02/16 15:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe

[2010/02/16 14:58:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe

[2010/02/16 14:38:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe

[2010/02/16 14:18:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe

[2010/02/16 13:58:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe

[2010/02/16 13:38:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe

[2010/02/16 13:18:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EKV1lDWDjj.dll

[2010/02/16 13:17:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\28145.exe

[2010/02/16 12:57:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe

[2010/02/16 12:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe

[2010/02/16 12:17:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe

[2010/02/16 11:57:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe

[2010/02/16 11:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe

[2010/02/16 11:17:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe

[2010/02/16 10:57:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe

[2010/02/16 10:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe

[2010/02/16 10:17:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe

[2010/02/16 09:57:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe

[2010/02/16 09:46:55 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/16 09:16:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\helpers32.dll

[2010/02/16 09:16:15 | 000,004,278 | ---- | C] () -- C:\WINDOWS\System32\warnings.html

[2010/02/16 09:16:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe

[2010/02/16 09:16:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe

[2010/02/15 21:06:22 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\lwfmvlmg.job

[2010/02/15 12:48:24 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk

[2010/02/14 23:15:54 | 000,002,502 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel

[2010/02/14 21:06:00 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\guadvtom.job

[2010/02/07 10:02:02 | 000,013,804 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\thirdtaicho.svg

[2010/02/07 10:01:48 | 000,026,096 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\thirdcaptain.png

[2010/02/07 09:57:41 | 000,013,644 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\thirdcaptain.svg

[2010/02/05 18:18:07 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2010/02/05 17:42:44 | 000,182,784 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\mtg.exe

[2010/02/05 17:42:43 | 000,182,784 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\MSASCui.exe

[2010/02/05 17:41:56 | 000,012,066 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qAbWac8

[2010/02/04 22:42:28 | 000,086,439 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Shinigamitaicho.svg

[2010/02/04 20:34:05 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk

[2009/12/22 18:59:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

[2008/10/16 05:29:52 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008/10/15 15:36:13 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini

[2008/09/27 17:03:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008/09/04 18:10:30 | 000,000,133 | ---- | C] () -- C:\WINDOWS\kaillera.ini

[2008/08/19 21:01:10 | 000,000,127 | ---- | C] () -- C:\WINDOWS\galaxy.ini

[2008/07/21 09:21:10 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\xvsset320.sys

[2008/02/14 15:16:11 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008/02/13 20:56:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini

[2008/01/19 20:46:12 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Ef.INI

[2008/01/11 16:52:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008/01/06 18:27:35 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/12/29 21:53:16 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2007/12/21 14:52:53 | 000,000,896 | ---- | C] () -- C:\WINDOWS\STBC.ini

[2007/10/25 10:26:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2007/08/20 19:32:06 | 000,000,725 | ---- | C] () -- C:\WINDOWS\EF2.INI

[2005/12/15 15:16:14 | 000,000,007 | ---- | C] () -- C:\WINDOWS\offnm.ini

[2005/07/17 12:09:50 | 000,000,085 | ---- | C] () -- C:\WINDOWS\EmperorEdit.INI

[2005/03/20 12:42:53 | 000,000,132 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/12/06 15:02:57 | 000,000,640 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2004/11/05 18:53:06 | 000,000,035 | ---- | C] () -- C:\WINDOWS\worldbuilder.INI

[2004/10/26 14:06:05 | 000,000,280 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2004/10/08 12:17:04 | 000,000,088 | ---- | C] () -- C:\WINDOWS\EFPM.INI

[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2004/08/01 17:29:58 | 000,007,578 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini

[2004/08/01 17:29:22 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini

[2004/04/03 03:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/04/03 02:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2004/04/03 02:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2004/04/02 19:19:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2004/04/02 19:18:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2004/04/02 19:18:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2004/04/02 19:17:14 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

[2004/04/02 19:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll

[2004/04/02 19:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2004/04/02 19:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2004/04/02 05:01:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/04/02 04:52:33 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2004/04/02 04:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/04/02 03:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2004/04/02 03:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2004/04/02 03:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2004/04/02 03:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/04/02 01:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/06/29 22:55:36 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.INI

========== LOP Check ==========

[2007/07/27 14:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1280132

[2009/08/03 09:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2009/05/16 19:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client

[2008/03/29 19:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA

[2008/10/24 19:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/08/03 09:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/06/17 20:30:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}

[2008/05/09 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore

[2009/01/09 13:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath

[2008/02/14 21:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars

[2008/07/30 17:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\csl

[2008/01/26 14:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen

[2010/01/20 18:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0

[2010/02/04 20:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\inkscape

[2008/01/05 13:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Longfine Software

[2008/06/08 13:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LucasArts

[2008/02/29 20:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MilkShape 3D 1.x.x

[2009/06/20 12:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mumble

[2009/08/13 17:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mumble(PR Edition)

[2008/06/08 13:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Petroglyph

[2008/06/13 14:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\q3cpmahudeditor

[2010/02/05 18:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan

[2004/04/02 20:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2009/11/26 00:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Screaming Bee

[2008/01/04 00:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STVEF

[2008/06/13 14:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\superhudeditor

[2008/10/16 21:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab

[2009/01/09 22:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tremulous

[2009/02/10 16:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent

[2009/10/23 05:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint

[2008/02/02 22:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wormux

[2008/08/24 19:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\X-Chat 2

[2010/02/17 10:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\guadvtom.job

[2010/02/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\lwfmvlmg.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2004/04/02 03:03:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2008/01/03 20:32:46 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK

[2008/01/11 18:52:56 | 000,000,283 | RHS- | M] () -- C:\boot.ini

[2008/03/29 19:14:23 | 000,007,866 | ---- | M] () -- C:\caavsetup.log

[2004/02/11 23:25:00 | 000,245,920 | RHS- | M] () -- C:\cmldr

[2004/04/02 03:03:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/02/05 18:33:16 | 000,008,090 | ---- | M] () -- C:\hijackthis.log

[2007/12/06 21:19:13 | 000,107,503 | ---- | M] () -- C:\hpfr3600.log

[2004/04/02 03:03:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/08/03 09:23:32 | 000,000,927 | -H-- | M] () -- C:\IPH.PH

[2004/04/02 03:03:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/01/11 18:49:23 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/01/11 18:49:23 | 000,250,032 | RHS- | M] () -- C:\ntldr

[2010/02/17 11:05:11 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2010/02/16 22:54:07 | 000,000,482 | ---- | M] () -- C:\rkill.log

[1 C:\*.tmp files -> C:\*.tmp -> ]

< MD5 for: AGP440.SYS >

[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys

[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >

[2004/02/12 06:07:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2004/02/11 23:07:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys

[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2004/02/11 23:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys

[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys

[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll

[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

[2004/02/12 20:06:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll

[2004/02/12 20:11:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >

[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

[2004/02/11 22:56:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2004/04/01 18:55:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2004/04/01 18:55:44 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2004/04/01 18:55:44 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 502 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: () - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\PROGRA~1\Crawler\Shared\CShared.dll File not found
    O4 - HKLM..\Run: [rupahebey] C:\WINDOWS\System32\lonobori.DLL ()
    O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
    O4 - HKCU..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe (Security Essentials)
    O4 - HKCU..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
    O9 - Extra Button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL File not found
    O9 - Extra Button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\EKV1lDWDjj.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\EKV1lDWDjj.dll ()
    O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
    O20 - AppInit_DLLs: (c:\windows\system32\rumikegu.dll) - C:\WINDOWS\System32\rumikegu.dll File not found
    O20 - AppInit_DLLs: (nehukene.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\lonobori.dll) - C:\WINDOWS\system32\lonobori.dll ()
    O21 - SSODL: gomisuhoz - {afbcb342-da52-402c-ad57-8c761fcaf5bc} - C:\WINDOWS\system32\lonobori.dll ()
    O21 - SSODL: hiyenipuk - {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - CLSID or File not found.
    O21 - SSODL: liruromuv - {a603907c-8e08-4d5e-8f57-aca2e011fa18} - CLSID or File not found.
    O21 - SSODL: nugovumat - {dffaf43e-902d-4826-909e-d98ea55c3267} - CLSID or File not found.
    O21 - SSODL: pomutewam - {34cab3ab-c5a2-4e32-8954-ac88f5c783f7} - C:\WINDOWS\System32\rumikegu.dll File not found
    O22 - SharedTaskScheduler: {34cab3ab-c5a2-4e32-8954-ac88f5c783f7} - jugezatag - C:\WINDOWS\System32\rumikegu.dll File not found
    O22 - SharedTaskScheduler: {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {a603907c-8e08-4d5e-8f57-aca2e011fa18} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {afbcb342-da52-402c-ad57-8c761fcaf5bc} - jugezatag - C:\WINDOWS\system32\lonobori.dll ()
    O22 - SharedTaskScheduler: {dffaf43e-902d-4826-909e-d98ea55c3267} - kupuhivus - Reg Error: Key error. File not found
    [2010/02/16 09:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Securityessentials2010
    [2099/01/01 12:00:00 | 000,096,768 | -HS- | M] () -- C:\WINDOWS\System32\lonobori.dll
    [2099/01/01 12:00:00 | 000,043,520 | -HS- | M] () -- C:\WINDOWS\System32\gibedevo.dll
    [2010/02/17 10:56:49 | 000,004,278 | ---- | M] () -- C:\WINDOWS\System32\warnings.html
    [2010/02/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\lwfmvlmg.job
    [2010/02/17 10:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\guadvtom.job
    [2010/02/17 09:14:17 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vedibewu
    [2010/02/16 17:38:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
    [2010/02/16 17:18:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
    [2010/02/16 16:58:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
    [2010/02/16 16:38:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
    [2010/02/16 16:18:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
    [2010/02/16 15:58:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
    [2010/02/16 15:38:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
    [2010/02/16 15:18:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
    [2010/02/16 14:58:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
    [2010/02/16 14:38:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
    [2010/02/16 14:18:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
    [2010/02/16 13:58:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
    [2010/02/16 13:38:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
    [2010/02/16 13:18:01 | 000,036,864 | ---- | M] () -- C:\WINDOWS\System32\EKV1lDWDjj.dll
    [2010/02/16 13:18:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
    [2010/02/16 12:57:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
    [2010/02/16 12:37:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
    [2010/02/16 12:17:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
    [2010/02/16 11:57:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
    [2010/02/16 11:37:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
    [2010/02/16 11:17:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
    [2010/02/16 10:57:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
    [2010/02/16 10:37:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
    [2010/02/16 10:17:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
    [2010/02/16 09:57:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/02/16 09:16:21 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\helpers32.dll
    [2010/02/16 09:16:13 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
    [2010/02/16 09:16:13 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
    [2007/07/27 14:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1280132


    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

===============

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.