Xeon Posted February 16, 2010 ID:200941 Share Posted February 16, 2010 My computer's been infected with a pop-up virus, but whenever I try to install malware bytes, I get an error. I tried installing it with a random name, but got another error message. I've tried uninstalling then reinstalling it, but I get the same message each time. Help is much appreciated.Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:04:40 AM, on 2/16/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\ps2.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exeC:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Saitek\Software\ProfilerU.exeC:\Program Files\Saitek\Software\SaiMfd.exeC:\WINDOWS\system32\smss32.exeC:\Program Files\Java\jre1.6.0_05\bin\jucheck.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://favorites/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exeO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\PROGRA~1\Crawler\Shared\CShared.dll (file missing)O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [AtiPTA] atiptaxx.exeO4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrunO4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exeO4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exeO4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exeO4 - HKLM\..\Run: [rupahebey] Rundll32.exe "c:\windows\system32\sohotuwa.dll",aO4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exeO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exeO4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [rupahebey] Rundll32.exe "c:\windows\system32\sohotuwa.dll",a (User 'Guest')O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe (User 'Guest')O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [Vzeyogoyineba] rundll32.exe "C:\Documents and Settings\Guest.UZI\Local Settings\Application Data\r32pet42.dll",Startup (User 'Guest')O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [Twoseguwivi] rundll32.exe "C:\Documents and Settings\Guest.UZI\Local Settings\Application Data\ejopijaf.dll",Startup (User 'Guest')O4 - HKUS\S-1-5-21-2692080380-3255334498-1319242016-501\..\Run: [security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe (User 'Guest')O4 - S-1-5-21-2692080380-3255334498-1319242016-501 User Startup: .lnk = ? (User 'Guest')O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXEO4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exeO8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)O9 - Extra button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://*.buy-security-essentials.comO15 - Trusted Zone: http://*.download-soft-package.comO15 - Trusted Zone: http://*.download-software-package.comO15 - Trusted Zone: http://*.get-key-se10.comO15 - Trusted Zone: http://*.is-software-download.comO15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200085510015O20 - AppInit_DLLs: sejigowe.dll c:\windows\system32\sohotuwa.dllO21 - SSODL: hiyenipuk - {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - (no file)O21 - SSODL: nugovumat - {dffaf43e-902d-4826-909e-d98ea55c3267} - (no file)O21 - SSODL: liruromuv - {a603907c-8e08-4d5e-8f57-aca2e011fa18} - (no file)O21 - SSODL: linoziten - {03ff4ffd-bb6e-47a4-9de1-aeeb957443dd} - c:\windows\system32\sohotuwa.dllO22 - SharedTaskScheduler: gahurihor - {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - (no file)O22 - SharedTaskScheduler: kupuhivus - {dffaf43e-902d-4826-909e-d98ea55c3267} - (no file)O22 - SharedTaskScheduler: gahurihor - {a603907c-8e08-4d5e-8f57-aca2e011fa18} - (no file)O22 - SharedTaskScheduler: gahurihor - {03ff4ffd-bb6e-47a4-9de1-aeeb957443dd} - c:\windows\system32\sohotuwa.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 10027 bytes Link to post Share on other sites More sharing options...
kahdah Posted February 16, 2010 ID:201048 Share Posted February 16, 2010 Hello XeonWelcome to Malwarebytes.=====================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in bold%SYSTEMDRIVE%\*.* /md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys /md5stop%systemroot%\*. /mp /s%systemroot%\System32\config\*.savCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfilesCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become available.If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKEDSectionsIAT/EATDrives/Partition other than Systemdrive (typically only C:\ should be checked)Show All (don't miss this one)Then click the Scan button & wait for it to finish.Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.Save it where you can easily find it, such as your desktop**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entriesClick OK and quit the GMER program.Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.Post that log in your next reply. Link to post Share on other sites More sharing options...
Xeon Posted February 16, 2010 Author ID:201187 Share Posted February 16, 2010 I tried using OTL, but no files appeared. After I looked into it more, it seems my notepad isn't working. When I try running it, a warning sign pops up that says, "Application cannot be executed. The file is infected. Please activate your antivirus software." After I exit it, a program begins to run called Security Essentials 2010.I was able to run the GMER Scanner. The log is here:GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-02-16 16:17:44Windows 5.1.2600 Service Pack 2Running: krk8yx1g.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ugldapow.sys---- System - GMER 1.0.15 ----INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F67444F6INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F674459C---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)AttachedDevice \FileSystem\Fastfat \Fat VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)AttachedDevice \FileSystem\Fastfat \Fat VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
kahdah Posted February 17, 2010 ID:201378 Share Posted February 17, 2010 Ok please try it in Safe Mode for now just so I can get those logs please.*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. Link to post Share on other sites More sharing options...
Xeon Posted February 17, 2010 Author ID:201592 Share Posted February 17, 2010 I ran it in safe mode, but it only gave me one log, the OTL and not the Extra. Here's the OTL log.OTL logfile created on: 2/17/2010 4:14:33 PM - Run 3OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\DesktopWindows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 78.00% Memory free3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 107.70 Gb Total Space | 3.54 Gb Free Space | 3.29% Space Free | Partition Type: NTFSDrive D: | 4.07 Gb Total Space | 0.78 Gb Free Space | 19.12% Space Free | Partition Type: FAT32E: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive K: | 492.62 Mb Total Space | 488.52 Mb Free Space | 99.17% Space Free | Partition Type: FAT32Computer Name: UZICurrent User Name: OwnerLogged in as Administrator.Current Boot Mode: SafeMode with NetworkingScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Processes (SafeList) ==========PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)========== Modules (SafeList) ==========MOD - C:\WINDOWS\system32\lonobori.dll ()MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)SRV - (CAISafe) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe (Computer Associates International, Inc.)SRV - (VETMSGNT) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe (Computer Associates International, Inc.)SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)========== Driver Services (SafeList) ==========DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)DRV - (VETMONNT) -- C:\WINDOWS\system32\drivers\vetmonnt.sys (Computer Associates International, Inc.)DRV - (VETEFILE) -- C:\WINDOWS\system32\drivers\VetEFile.sys (Computer Associates International, Inc.)DRV - (VETEBOOT) -- C:\WINDOWS\system32\drivers\VetEBoot.sys (Computer Associates International, Inc.)DRV - (VET-FILT) -- C:\WINDOWS\system32\drivers\Vet-Filt.sys (Computer Associates International, Inc.)DRV - (VET-REC) -- C:\WINDOWS\system32\drivers\Vet-Rec.sys (Computer Associates International, Inc.)DRV - (VETFDDNT) -- C:\WINDOWS\system32\drivers\VetFDDNT.sys (Computer Associates International, Inc.)DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)DRV - (atitray) -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys ()DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek)DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)DRV - (SaiH075C) -- C:\WINDOWS\system32\drivers\SaiH075C.sys (Saitek)DRV - (FETND5BV) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )DRV - (viagfx) -- C:\WINDOWS\system32\drivers\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Technologies, Inc. )DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://favorites/IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.update: falseFF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: ""FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.1FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7FF - prefs.js..network.proxy.type: 4FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/20 10:35:31 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 06:19:17 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/05 20:50:48 | 000,000,000 | ---D | M][2008/12/25 13:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions[2008/12/25 13:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2010/01/12 21:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\extensions[2008/01/04 00:28:27 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}[2010/01/12 06:23:12 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}[2009/09/03 09:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\extensions\lookingforgroupboom@lookingforgroup.com[2010/01/12 21:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\extensions\YoutubeDownloader@PeterOlayev.com[2009/09/03 09:03:26 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\searchplugins\ask.xml[2009/12/03 06:05:01 | 000,002,179 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\searchplugins\inbox-search.xml[2009/09/03 09:03:26 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pzga8sc1.default\searchplugins\yahoo.xml[2010/02/15 17:15:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010/01/06 06:19:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2007/11/20 23:22:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[2008/05/05 16:48:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[2010/01/06 06:19:08 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll[2010/01/06 06:19:08 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll[2006/07/28 07:32:54 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll[2007/07/26 18:03:34 | 000,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll[2007/10/11 14:17:50 | 001,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll[2010/01/06 06:19:09 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll[2010/01/12 22:08:53 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll[2009/08/09 08:25:38 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml[2009/08/09 08:25:38 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml[2009/08/09 08:25:38 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml[2009/08/09 08:25:39 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml[2009/08/09 08:25:39 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml[2009/08/09 08:25:39 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml[2009/08/09 08:25:39 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xmlO1 HOSTS File: ([2008/02/09 09:55:05 | 000,224,776 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.1001-search.infoO1 - Hosts: 127.0.0.1 1001-search.infoO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 www.123topsearch.comO1 - Hosts: 127.0.0.1 123topsearch.comO1 - Hosts: 127.0.0.1 www.132.comO1 - Hosts: 127.0.0.1 132.comO1 - Hosts: 127.0.0.1 www.136136.netO1 - Hosts: 127.0.0.1 136136.netO1 - Hosts: 7888 more lines...O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: () - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\PROGRA~1\Crawler\Shared\CShared.dll File not foundO2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)O4 - HKLM..\Run: [CaAvTray] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe (Computer Associates International, Inc.)O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe (Computer Associates International, Inc.)O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)O4 - HKLM..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe (Saitek)O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()O4 - HKLM..\Run: [rupahebey] C:\WINDOWS\System32\lonobori.DLL ()O4 - HKLM..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe (Saitek)O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)O4 - HKCU..\Run: [Aim6] File not foundO4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKCU..\Run: [security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe (Security Essentials)O4 - HKCU..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1O8 - Extra context menu item: Add To Compaq Organize... - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\core.hp.main\SendTo.html ()O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)O9 - Extra Button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL File not foundO9 - Extra Button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL File not foundO9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\EKV1lDWDjj.dll ()O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\EKV1lDWDjj.dll ()O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKCU\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: download-software-package.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (qsax Control)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1200085510015 (WUWebControl Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O20 - AppInit_DLLs: (c:\windows\system32\rumikegu.dll) - C:\WINDOWS\System32\rumikegu.dll File not foundO20 - AppInit_DLLs: (nehukene.dll) - File not foundO20 - AppInit_DLLs: (c:\windows\system32\lonobori.dll) - C:\WINDOWS\system32\lonobori.dll ()O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: gomisuhoz - {afbcb342-da52-402c-ad57-8c761fcaf5bc} - C:\WINDOWS\system32\lonobori.dll ()O21 - SSODL: hiyenipuk - {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - CLSID or File not found.O21 - SSODL: liruromuv - {a603907c-8e08-4d5e-8f57-aca2e011fa18} - CLSID or File not found.O21 - SSODL: nugovumat - {dffaf43e-902d-4826-909e-d98ea55c3267} - CLSID or File not found.O21 - SSODL: pomutewam - {34cab3ab-c5a2-4e32-8954-ac88f5c783f7} - C:\WINDOWS\System32\rumikegu.dll File not foundO21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {34cab3ab-c5a2-4e32-8954-ac88f5c783f7} - jugezatag - C:\WINDOWS\System32\rumikegu.dll File not foundO22 - SharedTaskScheduler: {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - gahurihor - Reg Error: Key error. File not foundO22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {a603907c-8e08-4d5e-8f57-aca2e011fa18} - gahurihor - Reg Error: Key error. File not foundO22 - SharedTaskScheduler: {afbcb342-da52-402c-ad57-8c761fcaf5bc} - jugezatag - C:\WINDOWS\system32\lonobori.dll ()O22 - SharedTaskScheduler: {dffaf43e-902d-4826-909e-d98ea55c3267} - kupuhivus - Reg Error: Key error. File not foundO24 - Desktop Components:0 (My Current Home Page) - About:HomeO24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2004/04/02 03:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]O33 - MountPoints2\{4c3f945d-f3c8-11de-a78a-00112f219e2e}\Shell - "" = AutoRunO33 - MountPoints2\{4c3f945d-f3c8-11de-a78a-00112f219e2e}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{4c3f945d-f3c8-11de-a78a-00112f219e2e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %*CREATERESTOREPOINTError starting restore point: The function was called in safe mode.Error closing restore point: The sequence number is invalid.========== Files/Folders - Created Within 30 Days ==========[2010/02/16 15:30:55 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe[2010/02/16 09:46:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/02/16 09:46:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/02/16 09:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Securityessentials2010[2010/02/15 12:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group[2010/02/15 12:48:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys[2010/02/15 12:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group[2010/02/15 12:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010/02/06 12:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes[2010/02/06 12:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2010/02/06 12:30:35 | 005,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe[2010/02/05 18:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2010/02/05 18:17:46 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe[2010/02/05 18:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan[2010/02/04 20:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\inkscape[2010/02/04 20:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape[2008/09/28 17:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2008/01/14 22:56:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[2008/01/11 22:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia[2007/08/20 16:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire[2007/08/17 18:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire[2005/01/23 20:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia[2004/04/02 03:06:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2004/04/02 03:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2099/01/01 12:00:00 | 000,096,768 | -HS- | M] () -- C:\WINDOWS\System32\lonobori.dll[2099/01/01 12:00:00 | 000,043,520 | -HS- | M] () -- C:\WINDOWS\System32\gibedevo.dll[2010/02/17 11:05:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/02/17 11:04:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini[2010/02/17 11:04:31 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT[2010/02/17 10:58:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/02/17 10:58:38 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat[2010/02/17 10:56:49 | 000,004,278 | ---- | M] () -- C:\WINDOWS\System32\warnings.html[2010/02/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\lwfmvlmg.job[2010/02/17 10:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\guadvtom.job[2010/02/17 09:14:17 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vedibewu[2010/02/16 18:04:06 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/02/16 18:03:28 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe[2010/02/16 17:58:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe[2010/02/16 17:54:38 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com[2010/02/16 17:38:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe[2010/02/16 17:18:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe[2010/02/16 16:58:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe[2010/02/16 16:38:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe[2010/02/16 16:18:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe[2010/02/16 16:11:12 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\krk8yx1g.exe[2010/02/16 15:58:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe[2010/02/16 15:38:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe[2010/02/16 15:30:55 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe[2010/02/16 15:18:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe[2010/02/16 14:58:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe[2010/02/16 14:38:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe[2010/02/16 14:18:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe[2010/02/16 13:58:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe[2010/02/16 13:38:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe[2010/02/16 13:18:01 | 000,036,864 | ---- | M] () -- C:\WINDOWS\System32\EKV1lDWDjj.dll[2010/02/16 13:18:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\28145.exe[2010/02/16 12:57:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe[2010/02/16 12:37:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe[2010/02/16 12:17:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe[2010/02/16 11:57:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe[2010/02/16 11:37:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe[2010/02/16 11:17:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe[2010/02/16 10:57:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe[2010/02/16 10:37:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe[2010/02/16 10:17:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe[2010/02/16 09:57:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe[2010/02/16 09:16:21 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\helpers32.dll[2010/02/16 09:16:13 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe[2010/02/16 09:16:13 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe[2010/02/15 12:48:24 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk[2010/02/14 23:15:54 | 000,002,502 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel[2010/02/14 23:15:53 | 000,086,439 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shinigamitaicho.svg[2010/02/13 01:08:58 | 002,113,806 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db[2010/02/12 23:03:22 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk[2010/02/12 16:34:36 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn[2010/02/08 17:40:08 | 000,013,644 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thirdcaptain.svg[2010/02/07 10:12:09 | 000,026,096 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thirdcaptain.png[2010/02/07 10:12:01 | 000,013,804 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thirdtaicho.svg[2010/02/06 18:25:29 | 000,012,066 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qAbWac8[2010/02/05 18:18:08 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk[2010/02/05 18:17:47 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe[2010/02/05 17:42:44 | 000,182,784 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\mtg.exe[2010/02/05 17:42:43 | 000,182,784 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\MSASCui.exe[2010/02/04 20:34:05 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk[2010/01/23 15:14:34 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Frozen Throne.lnk[2010/01/21 15:45:11 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rcon Halo.lnk[2010/01/20 18:12:21 | 000,084,443 | ---- | M] () -- C:\WINDOWS\War3Unin.dat[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ]========== Files Created - No Company Name ==========[2099/01/01 12:00:00 | 000,096,768 | -HS- | C] () -- C:\WINDOWS\System32\lonobori.dll[2099/01/01 12:00:00 | 000,043,520 | -HS- | C] () -- C:\WINDOWS\System32\gibedevo.dll[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\vedibewu[2010/02/16 17:58:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe[2010/02/16 17:54:38 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com[2010/02/16 17:38:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe[2010/02/16 17:18:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe[2010/02/16 16:58:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe[2010/02/16 16:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe[2010/02/16 16:18:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe[2010/02/16 16:11:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\krk8yx1g.exe[2010/02/16 15:58:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe[2010/02/16 15:38:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe[2010/02/16 15:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe[2010/02/16 14:58:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe[2010/02/16 14:38:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe[2010/02/16 14:18:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe[2010/02/16 13:58:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe[2010/02/16 13:38:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe[2010/02/16 13:18:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EKV1lDWDjj.dll[2010/02/16 13:17:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\28145.exe[2010/02/16 12:57:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe[2010/02/16 12:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe[2010/02/16 12:17:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe[2010/02/16 11:57:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe[2010/02/16 11:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe[2010/02/16 11:17:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe[2010/02/16 10:57:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe[2010/02/16 10:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe[2010/02/16 10:17:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe[2010/02/16 09:57:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe[2010/02/16 09:46:55 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/02/16 09:16:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\helpers32.dll[2010/02/16 09:16:15 | 000,004,278 | ---- | C] () -- C:\WINDOWS\System32\warnings.html[2010/02/16 09:16:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe[2010/02/16 09:16:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe[2010/02/15 21:06:22 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\lwfmvlmg.job[2010/02/15 12:48:24 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk[2010/02/14 23:15:54 | 000,002,502 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel[2010/02/14 21:06:00 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\guadvtom.job[2010/02/07 10:02:02 | 000,013,804 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\thirdtaicho.svg[2010/02/07 10:01:48 | 000,026,096 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\thirdcaptain.png[2010/02/07 09:57:41 | 000,013,644 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\thirdcaptain.svg[2010/02/05 18:18:07 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk[2010/02/05 17:42:44 | 000,182,784 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\mtg.exe[2010/02/05 17:42:43 | 000,182,784 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\MSASCui.exe[2010/02/05 17:41:56 | 000,012,066 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qAbWac8[2010/02/04 22:42:28 | 000,086,439 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Shinigamitaicho.svg[2010/02/04 20:34:05 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk[2009/12/22 18:59:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll[2008/10/16 05:29:52 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI[2008/10/15 15:36:13 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini[2008/09/27 17:03:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2008/09/04 18:10:30 | 000,000,133 | ---- | C] () -- C:\WINDOWS\kaillera.ini[2008/08/19 21:01:10 | 000,000,127 | ---- | C] () -- C:\WINDOWS\galaxy.ini[2008/07/21 09:21:10 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\xvsset320.sys[2008/02/14 15:16:11 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys[2008/02/13 20:56:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini[2008/01/19 20:46:12 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Ef.INI[2008/01/11 16:52:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2008/01/06 18:27:35 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2007/12/29 21:53:16 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2007/12/21 14:52:53 | 000,000,896 | ---- | C] () -- C:\WINDOWS\STBC.ini[2007/10/25 10:26:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini[2007/08/20 19:32:06 | 000,000,725 | ---- | C] () -- C:\WINDOWS\EF2.INI[2005/12/15 15:16:14 | 000,000,007 | ---- | C] () -- C:\WINDOWS\offnm.ini[2005/07/17 12:09:50 | 000,000,085 | ---- | C] () -- C:\WINDOWS\EmperorEdit.INI[2005/03/20 12:42:53 | 000,000,132 | ---- | C] () -- C:\WINDOWS\wininit.ini[2004/12/06 15:02:57 | 000,000,640 | ---- | C] () -- C:\WINDOWS\SIERRA.INI[2004/11/05 18:53:06 | 000,000,035 | ---- | C] () -- C:\WINDOWS\worldbuilder.INI[2004/10/26 14:06:05 | 000,000,280 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2004/10/08 12:17:04 | 000,000,088 | ---- | C] () -- C:\WINDOWS\EFPM.INI[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll[2004/08/01 17:29:58 | 000,007,578 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini[2004/08/01 17:29:22 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini[2004/04/03 03:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2004/04/03 02:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini[2004/04/03 02:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini[2004/04/02 19:19:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll[2004/04/02 19:18:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll[2004/04/02 19:18:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll[2004/04/02 19:17:14 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat[2004/04/02 19:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll[2004/04/02 19:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS[2004/04/02 19:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll[2004/04/02 05:01:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2004/04/02 04:52:33 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI[2004/04/02 04:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini[2004/04/02 03:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll[2004/04/02 03:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll[2004/04/02 03:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll[2004/04/02 03:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini[2004/04/02 01:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini[2003/06/29 22:55:36 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.INI========== LOP Check ==========[2007/07/27 14:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1280132[2009/08/03 09:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore[2009/05/16 19:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client[2008/03/29 19:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA[2008/10/24 19:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP[2009/08/03 09:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint[2008/06/17 20:30:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}[2008/05/09 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore[2009/01/09 13:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath[2008/02/14 21:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars[2008/07/30 17:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\csl[2008/01/26 14:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen[2010/01/20 18:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0[2010/02/04 20:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\inkscape[2008/01/05 13:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Longfine Software[2008/06/08 13:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LucasArts[2008/02/29 20:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MilkShape 3D 1.x.x[2009/06/20 12:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mumble[2009/08/13 17:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mumble(PR Edition)[2008/06/08 13:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Petroglyph[2008/06/13 14:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\q3cpmahudeditor[2010/02/05 18:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan[2004/04/02 20:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView[2009/11/26 00:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Screaming Bee[2008/01/04 00:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STVEF[2008/06/13 14:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\superhudeditor[2008/10/16 21:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab[2009/01/09 22:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tremulous[2009/02/10 16:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent[2009/10/23 05:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint[2008/02/02 22:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wormux[2008/08/24 19:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\X-Chat 2[2010/02/17 10:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\guadvtom.job[2010/02/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\lwfmvlmg.job========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2004/04/02 03:03:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT[2008/01/03 20:32:46 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK[2008/01/11 18:52:56 | 000,000,283 | RHS- | M] () -- C:\boot.ini[2008/03/29 19:14:23 | 000,007,866 | ---- | M] () -- C:\caavsetup.log[2004/02/11 23:25:00 | 000,245,920 | RHS- | M] () -- C:\cmldr[2004/04/02 03:03:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2010/02/05 18:33:16 | 000,008,090 | ---- | M] () -- C:\hijackthis.log[2007/12/06 21:19:13 | 000,107,503 | ---- | M] () -- C:\hpfr3600.log[2004/04/02 03:03:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2009/08/03 09:23:32 | 000,000,927 | -H-- | M] () -- C:\IPH.PH[2004/04/02 03:03:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2008/01/11 18:49:23 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2008/01/11 18:49:23 | 000,250,032 | RHS- | M] () -- C:\ntldr[2010/02/17 11:05:11 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys[2010/02/16 22:54:07 | 000,000,482 | ---- | M] () -- C:\rkill.log[1 C:\*.tmp files -> C:\*.tmp -> ]< MD5 for: AGP440.SYS >[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys< MD5 for: ATAPI.SYS >[2004/02/12 06:07:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys[2004/02/11 23:07:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys[2004/02/11 23:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys< MD5 for: EVENTLOG.DLL >[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll[2004/02/12 20:06:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll< MD5 for: NETLOGON.DLL >[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll[2004/02/12 20:11:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll< MD5 for: SCECLI.DLL >[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll[2004/02/11 22:56:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll< %systemroot%\*. /mp /s >< %systemroot%\System32\config\*.sav >[2004/04/01 18:55:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav[2004/04/01 18:55:44 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav[2004/04/01 18:55:44 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav< %systemroot%\system32\*.dll /lockedfiles >[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]< %systemroot%\Tasks\*.job /lockedfiles >========== Alternate Data Streams ==========@Alternate Data Stream - 502 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF< End of report > Link to post Share on other sites More sharing options...
kahdah Posted February 18, 2010 ID:201857 Share Posted February 18, 2010 Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:OTLO2 - BHO: () - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\PROGRA~1\Crawler\Shared\CShared.dll File not foundO4 - HKLM..\Run: [rupahebey] C:\WINDOWS\System32\lonobori.DLL ()O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()O4 - HKCU..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe (Security Essentials)O4 - HKCU..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()O9 - Extra Button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL File not foundO9 - Extra Button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\EKV1lDWDjj.dll ()O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\EKV1lDWDjj.dll ()O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKCU\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: download-software-package.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)O20 - AppInit_DLLs: (c:\windows\system32\rumikegu.dll) - C:\WINDOWS\System32\rumikegu.dll File not foundO20 - AppInit_DLLs: (nehukene.dll) - File not foundO20 - AppInit_DLLs: (c:\windows\system32\lonobori.dll) - C:\WINDOWS\system32\lonobori.dll ()O21 - SSODL: gomisuhoz - {afbcb342-da52-402c-ad57-8c761fcaf5bc} - C:\WINDOWS\system32\lonobori.dll ()O21 - SSODL: hiyenipuk - {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - CLSID or File not found.O21 - SSODL: liruromuv - {a603907c-8e08-4d5e-8f57-aca2e011fa18} - CLSID or File not found.O21 - SSODL: nugovumat - {dffaf43e-902d-4826-909e-d98ea55c3267} - CLSID or File not found.O21 - SSODL: pomutewam - {34cab3ab-c5a2-4e32-8954-ac88f5c783f7} - C:\WINDOWS\System32\rumikegu.dll File not foundO22 - SharedTaskScheduler: {34cab3ab-c5a2-4e32-8954-ac88f5c783f7} - jugezatag - C:\WINDOWS\System32\rumikegu.dll File not foundO22 - SharedTaskScheduler: {3ca58a4f-0894-4c9a-9336-3c444a8854ac} - gahurihor - Reg Error: Key error. File not foundO22 - SharedTaskScheduler: {a603907c-8e08-4d5e-8f57-aca2e011fa18} - gahurihor - Reg Error: Key error. File not foundO22 - SharedTaskScheduler: {afbcb342-da52-402c-ad57-8c761fcaf5bc} - jugezatag - C:\WINDOWS\system32\lonobori.dll ()O22 - SharedTaskScheduler: {dffaf43e-902d-4826-909e-d98ea55c3267} - kupuhivus - Reg Error: Key error. File not found[2010/02/16 09:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Securityessentials2010[2099/01/01 12:00:00 | 000,096,768 | -HS- | M] () -- C:\WINDOWS\System32\lonobori.dll[2099/01/01 12:00:00 | 000,043,520 | -HS- | M] () -- C:\WINDOWS\System32\gibedevo.dll[2010/02/17 10:56:49 | 000,004,278 | ---- | M] () -- C:\WINDOWS\System32\warnings.html[2010/02/17 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\lwfmvlmg.job[2010/02/17 10:00:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\guadvtom.job[2010/02/17 09:14:17 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vedibewu[2010/02/16 17:38:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe[2010/02/16 17:18:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe[2010/02/16 16:58:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe[2010/02/16 16:38:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe[2010/02/16 16:18:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe[2010/02/16 15:58:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe[2010/02/16 15:38:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe[2010/02/16 15:18:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe[2010/02/16 14:58:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe[2010/02/16 14:38:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe[2010/02/16 14:18:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe[2010/02/16 13:58:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe[2010/02/16 13:38:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe[2010/02/16 13:18:01 | 000,036,864 | ---- | M] () -- C:\WINDOWS\System32\EKV1lDWDjj.dll[2010/02/16 13:18:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\28145.exe[2010/02/16 12:57:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe[2010/02/16 12:37:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe[2010/02/16 12:17:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe[2010/02/16 11:57:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe[2010/02/16 11:37:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe[2010/02/16 11:17:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe[2010/02/16 10:57:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe[2010/02/16 10:37:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe[2010/02/16 10:17:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe[2010/02/16 09:57:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe[2010/02/16 09:16:21 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\helpers32.dll[2010/02/16 09:16:13 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe[2010/02/16 09:16:13 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe[2007/07/27 14:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1280132:Commands[emptytemp]Then click the Run Fix button at the topLet the program run unhindered, reboot when it is doneIt will produce a log for you on reboot, please post that log in your next reply.===============Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 2, 2010 ID:208516 Share Posted March 2, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts