Can not install Malware

kjoamo · July 7, 2010

I can not install Malware. Help is greatly appreciated. I ran the hijackthis and below is the log. Thanks!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:44:17 PM, on 7/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O1 - Hosts: ::1 localhost

O1 - Hosts: 91.212.65.122 browser-security.microsoft.com

O1 - Hosts: 91.212.65.122 spyware-protector-2009.com

O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com

O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com

O1 - Hosts: 91.212.65.122 knocker

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

O4 - HKLM\..\Run: [uvpwyrox] C:\Documents and Settings\Main\Local Settings\Application Data\rfxapa\vgltsftav.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uvpwyrox] C:\Documents and Settings\Main\Local Settings\Application Data\rfxapa\vgltsftav.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab

O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://mt202.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145755096125

O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...=javadl.sun.com

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53083.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...128/mcfscan.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://store01.prostores.com/storeadmin/ut...es/pssbedit.cab

O18 - Filter hijack: text/html - {8f07f059-10f6-4e4a-9387-6b1cb42be028} - (no file)

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Defender Pro Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--

End of file - 12567 bytes

Maniac · July 7, 2010

Hello kjoamo! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

The process of cleaning your system may take some time, so please be patient.
Follow my instructions step by step if there is a problem somewhere, stop and tell me.
Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
If you don't know or can't understand something please ask.
Do not install or uninstall any software or hardware, while work on.
Keep me informed about any changes.

Please follow these instructions:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post all logs if you can.

kjoamo · July 8, 2010

Hello kjoamo! Welcome to Malwarebytes' Anti-Malware Forums!
My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:
The process of cleaning your system may take some time, so please be patient.
Follow my instructions step by step if there is a problem somewhere, stop and tell me.
Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
If you don't know or can't understand something please ask.
Do not install or uninstall any software or hardware, while work on.
Keep me informed about any changes.
Please follow these instructions:
http://forums.malwarebytes.org/index.php?showtopic=9573
Post all logs if you can.

Thanks, I followed the steps in the instructions. I still can not run the mbam file. I receive the run time error code 0 and run time error code 440.

Installed the Avira and did not have any infections.

Ran the DeFogger Disable - I was not prompted to restart my computer, but I did restart.

Ran the DDS have have the 2 logs.

Ran the GMER Scanner and have the log.

My computer does not have an option to zip/archive the attach.txt file or the ark.txt file. Do you want me to send them as an unzipped attachment? When I right click on the file (saved on my desktop) Compressed is not an option. I have pasted the contents below for the DDS.txt and the ark.txt, the attach.txt states not to upload unless requested or to zip and since I can not zip, I didn't know what to do.

Thanks for the help. Let me know what to do next.

-----------------------

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86

Run by Main at 18:04:25.14 on Wed 07/07/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.799 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Main\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} -

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [uvpwyrox] c:\documents and settings\main\local settings\application data\rfxapa\vgltsftav.exe

mRun: [Conime] %windir%\system32\conime.exe

mRun: [uvpwyrox] c:\documents and settings\main\local settings\application data\rfxapa\vgltsftav.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

uPolicies-system: Wallpaper =

mPolicies-explorer: <NO NAME> =

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: Yahoo! Gin - hxxp://download.games.yahoo.com/games/clients/y/nt1_x.cab

DPF: Yahoo! Klondike Solitaire - hxxp://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab

DPF: Yahoo! Pyramids - hxxp://download.games.yahoo.com/games/clients/y/pyt1_x.cab

DPF: Yahoo! Word Racer - hxxp://download.games.yahoo.com/games/clients/y/wt0_x.cab

DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://mt202.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} - hxxp://download.mcafee.com/molbin/Shared/MGBrwFld.cab

DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab

DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - hxxp://mediaplayer.walmart.com/installer/install.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145755096125

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1232595064_0fe862ac42ad18762b4ec930f2d4e4c0&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab

DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab

DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/default/gf.cab

DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab53083.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} - hxxp://zone.msn.com/bingame/rmcb/default/RumbleCube.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5128/mcfscan.cab

DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://store01.prostores.com/storeadmin/utilities/pssbedit.cab

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

LSA: Notification Packages = :\windows\system32\srrstr.dll cecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

Hosts: 91.212.65.122 browser-security.microsoft.com

Hosts: 91.212.65.122 spyware-protector-2009.com

Hosts: 91.212.65.122 www.spyware-protector-2009.com

Hosts: 91.212.65.122 secure.spyware-protector-2009.com

Hosts: 91.212.65.122 knocker

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-6 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-6 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-6 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-6 60936]

S2 BDVEDISK;BDVEDISK;\??\c:\program files\bitdefender\bitdefender 2009\bdvedisk.sys --> c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [?]

S3 Arrakis3;Defender Pro Arrakis Server;"c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe" --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [?]

S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-16 108864]

S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2004-12-11 32000]

S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2004-12-11 28057]

S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2004-12-11 21081]

S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960]

S4 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-1-19 38296]

=============== Created Last 30 ================

2010-07-07 21:58:22 0 ----a-w- c:\documents and settings\main\defogger_reenable

2010-07-07 01:44:01 0 d-----w- c:\program files\Trend Micro

2010-07-07 01:43:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-07 01:43:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-06 22:30:20 0 d-----w- c:\docume~1\main\applic~1\Avira

2010-07-06 22:23:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-07-06 22:23:00 0 d-----w- c:\program files\Avira

2010-07-06 22:23:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-07-02 18:46:04 0 d-----w- c:\windows\system32\NtmsData

2010-07-02 15:46:19 850 ----a-w- c:\windows\system32\ProductTweaks.xml

2010-06-30 18:18:11 385 ----a-w- c:\windows\system32\user_gensett.xml

2010-06-16 01:48:41 3246 ----a-w- c:\windows\system32\wbem\Outlook_01cb0cf60c06963c.mof

2010-06-11 18:11:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-07-02 17:35:17 81984 ----a-w- c:\windows\system32\bdod.bin

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll

2004-11-19 12:20:57 45495 -csha-w- c:\windows\system\lrulld.bak2

============= FINISH: 18:06:01.92 ===============

ARK.TXT

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-07-07 22:44:01

Windows 5.1.2600 Service Pack 2

Running: 4jejil7d.exe; Driver: C:\DOCUME~1\Main\LOCALS~1\Temp\pxtdypod.sys

---- System - GMER 1.0.15 ----

SSDT F7A9E13E ZwCreateKey

SSDT F7A9E134 ZwCreateThread

SSDT F7A9E143 ZwDeleteKey

SSDT F7A9E14D ZwDeleteValueKey

SSDT F7A9E152 ZwLoadKey

SSDT F7A9E120 ZwOpenProcess

SSDT F7A9E125 ZwOpenThread

SSDT F7A9E15C ZwReplaceKey

SSDT F7A9E157 ZwRestoreKey

SSDT F7A9E148 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

LOCKcode

desktop.doc

Maniac · July 8, 2010

Okay, no problem. Please post Attach.txt .

kjoamo · July 8, 2010

Okay, no problem. Please post Attach.txt .

ok here is the attach.txt. thanks

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 3/9/2006 7:45:09 PM

System Uptime: 7/7/2010 6:00:10 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 02Y832

Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2394/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 4.081 GiB free.

E: is CDROM ()

F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ROOT\SW_BDFNDISFMP\0002

Manufacturer: BitDefender

Name: BitDefender Firewall NDIS Filter Miniport #3

PNP Device ID: ROOT\SW_BDFNDISFMP\0002

Service:

==== System Restore Points ===================

RP1: 7/6/2010 6:11:47 PM - System Checkpoint

==== Installed Programs ======================

Acey Deucy Backgammon

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

aiofw

aioprnt

aioscnnr

America Online

AOL Coach Version 1.0(Build:20020823.1)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Banctec Service Agreement

Bonjour

C4USelfUpdater

CardRd81

CCleaner

CCScore

center

Centra Client

CentraOne

Compatibility Pack for the 2007 Office system

Conexant SmartHSFi V92 56K DF PCI Modem

CR2

Critical Update for Windows Media Player 11 (KB959772)

DAO

Dell Networking Guide

Dell Picture Studio - Dell Image Expert

Dell Solution Center

DellSupport

Digital Line Detect

DVDSentry

Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present

Easy-WebPrint

Easy CD Creator 5 Basic

ELNKInst

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

Facebook Plug-In

Google Toolbar for Internet Explorer

GoToAssist 8.0.0.514

H&R Block Basic + Efile 2009

H&R Block West Virginia 2009

Help and Support Customization

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB945060-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImageMixer

Intel® PRO Network Adapters and Drivers

Intel® PROSet

InterActual Player

iPod for Windows 2005-09-23

iTunes

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_06

Java 6 Update 11

KODAK All-in-One Printer Software

Kodak EasyShare software

ksDIP

Macromedia Shockwave Player

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Access 2003

Microsoft Office Standard Edition 2003

Microsoft Office XP Media Content

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works 6-9 Converter

MicroStaff WINASPI

MobileMe Control Panel

MSN Music Assistant

MSN Toolbar

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

MyDVD

netbrdg

NVIDIA Windows 2000/XP Display Drivers

OfotoXMI

Paint Shop Pro 7

Pdf995

PreReq

QuickBooks Pro 2007

QuickBooks Product Listing Service

Quicken 2005

QuickTime

QuickTime for Windows (32-bit)

Quik 21

Secure Game Player

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

SFR

SHASTA

Shipping Assistant 3.6

skin0001

SKINXSDK

Sound Blaster Live!

Stalla Exam Review and PassMaster for Level I 2010 Edition

Stalla Mock Exam and Review - Level I 2010 Edition

staticcr

SupportSoft Assisted Service

TaxCut 2003

TaxCut Premium 2007

tooltips

UC Wage Reporter 3.0

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB894391)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925720)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VPRINTOL

WD Diagnostics

WebFldrs XP

WexTech AnswerWorks

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

WIRELESS

Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/7/2010 6:01:00 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer4.

7/7/2010 5:41:16 PM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 0007E97471CA has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).

7/2/2010 4:40:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error

7/2/2010 3:43:12 PM, error: VolSnap [24] - There was insufficient disk space on volume C: to persist the shadow copy of volume C:. Diff area file growth failed.

7/2/2010 3:03:26 PM, error: PlugPlayManager [12] - The device 'SAMSUNG CD-ROM SC-148C' (IDE\CdRomSAMSUNG_CD-ROM_SC-148C__________________B105____\5&a20f9fe&0&0.0.0) disappeared from the system without first being prepared for removal.

7/2/2010 3:03:26 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.

7/2/2010 3:02:57 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.

7/2/2010 2:36:34 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .

7/2/2010 2:36:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Main\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .

7/2/2010 2:36:34 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

7/2/2010 1:39:15 PM, error: Service Control Manager [7000] - The BDVEDISK service failed to start due to the following error: The system cannot find the path specified.

7/2/2010 1:35:44 PM, error: Service Control Manager [7034] - The Defender Pro Desktop Update Service service terminated unexpectedly. It has done this 1 time(s).

7/1/2010 11:33:22 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

7/1/2010 11:28:58 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C4D5642F-5688-435B-8569. The master browser is stopping or an election is being forced.

7/1/2010 11:20:02 AM, error: Service Control Manager [7000] - The BDVEDISK service failed to start due to the following error: The system cannot find the file specified.

7/1/2010 11:17:35 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

6/30/2010 9:16:31 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C4D5642F-5688-435B-85. The master browser is stopping or an election is being forced.

6/30/2010 11:59:36 AM, error: Print [19] - Sharing printer failed + 1722, Printer KODAK ESP-3 AiO share name KODAKESP.

==== End Of File ===========================

kjoamo · July 13, 2010

What do I need to do now?

Thanks

Maniac · July 13, 2010

Step 1

Please, uninstall the following applications:

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)

You can read, how to do this here:

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location and post it back when you reply
Then look for the following Java folders and if found delete them.
C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Windows\Sun
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

Please try this version of malwarebytes: Click the link here

Save it on your desktop. You'll see it will have a random name, and will look similar like this:

Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.

In case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest

updates.

In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick

the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a Quick scan and let it remove what it found. Reboot afterwards (important).

After reboot, post the malwarebytes log.

In your next reply, please include these log(s):

JavaRa log
MalwareBytes' Anti-Malware log
a new fresh DDS log only

kjoamo · July 14, 2010

ok - I uninstalled Adobe Reader 8.1.2, but I did not have either of the security updates listed in the Control Panel. I removed all versions of Java. I did not have folders under documents and settings\all users (or any user name)\application data. I did not have a folder called application data.

The JavaRa log:

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jul 13 20:06:49 2010

Found and removed: C:\Program Files\Java\j2re1.4.2_06

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142060}

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\JavaPlugin.142_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

I downloaded the version of malwarebytes you linked me to, but when I doubleclick, I still get run time error 0 and run time error 440.

What now?

Thanks

Maniac · July 14, 2010

Everyone have Application Data folder. Enable this one and try again:

http://www.microsoft.com/windowsxp/using/h...iddenfiles.mspx

And please, please, please....: Do not quote my posts because you complicate my job! Use: or

kjoamo · July 14, 2010

ok - I found the application data files and deleted the java folders. I deleted the random generated malwarebytes and saved a new random generated on on my desktop. It still does not load. I still get the run time error 0 and run time error 440. I renamed the filed EXPLORER.EXE and still receive the run time errors.

Now what?

Thanks

Maniac · July 15, 2010

Let's try solution #15:

http://forums.malwarebytes.org/index.php?s...ost&p=49525

kjoamo · July 16, 2010

Honestly, I am not sure what else I can do. I assume you wanted me to try #17 not #15; but I did both. Under #15, I did not see any topic which pertained exactly to my situation, but #17 was my exact situation. When I install and run the .bat file i get the following error "REGSVR32 "is not recognized as an internal or external command, operable program or batch file". The instructions want me to copy from another computer, I don't have any other computer. I did downloand and install the Microsoft Visual Basic Controls. I still receive the error 0 and error 440 when I try to run and install Malwarebytes.

Now what?

Thanks

kjoamo · July 16, 2010

Should I run the malicious removal tool through windows? Or the online scan available through Microsoft?

Thanks

Maniac · July 18, 2010

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Open Tools -> Options -> Main tab
- Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

kjoamo · July 19, 2010

Here is the log from running Combo Fix.

ComboFix 10-07-16.02 - Main 07/18/2010 11:11:53.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.868 [GMT -4:00]

Running from: c:\documents and settings\Main\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator.FAMILY\GoToAssistDownloadHelper.exe

c:\documents and settings\Main\GoToAssistDownloadHelper.exe

c:\program files\Search Toolbar

c:\program files\Search Toolbar\Cursors\cursors.xml

c:\program files\Search Toolbar\rw.wzg

c:\program files\Search Toolbar\xlmurin.wzg

c:\program files\Search Toolbar\xzxsv.wzg

c:\windows\desktop

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\SET4C0.tmp

c:\windows\SET565.tmp

c:\windows\SET658.tmp

c:\windows\SET73E.tmp

c:\windows\SET821.tmp

c:\windows\SET902.tmp

c:\windows\SET9E7.tmp

c:\windows\SETACA.tmp

c:\windows\SETBAD.tmp

c:\windows\SETC94.tmp

c:\windows\SETD76.tmp

c:\windows\SETE5A.tmp

c:\windows\SETF3F.tmp

c:\windows\SYSTEM\lrulld.bak2

c:\windows\system\oeminfo.ini

c:\windows\system32\_000220_.tmp.dll

c:\windows\system32\_002747_.tmp.dll

c:\windows\system32\_002748_.tmp.dll

c:\windows\system32\_002749_.tmp.dll

c:\windows\system32\_002750_.tmp.dll

c:\windows\system32\_002754_.tmp.dll

c:\windows\system32\_002755_.tmp.dll

c:\windows\system32\_002756_.tmp.dll

c:\windows\system32\_002757_.tmp.dll

c:\windows\system32\_002764_.tmp.dll

c:\windows\system32\_002765_.tmp.dll

c:\windows\system32\_002766_.tmp.dll

c:\windows\system32\_002768_.tmp.dll

c:\windows\system32\_002769_.tmp.dll

c:\windows\system32\_002772_.tmp.dll

c:\windows\system32\_002773_.tmp.dll

c:\windows\system32\_002775_.tmp.dll

c:\windows\system32\_002776_.tmp.dll

c:\windows\system32\_002777_.tmp.dll

c:\windows\system32\_002778_.tmp.dll

c:\windows\system32\_002779_.tmp.dll

c:\windows\system32\_002780_.tmp.dll

c:\windows\system32\_002781_.tmp.dll

c:\windows\system32\_002782_.tmp.dll

c:\windows\system32\_002783_.tmp.dll

c:\windows\system32\_002784_.tmp.dll

c:\windows\system32\_002791_.tmp.dll

c:\windows\system32\_002792_.tmp.dll

c:\windows\system32\_002793_.tmp.dll

c:\windows\system32\_002795_.tmp.dll

c:\windows\system32\_002796_.tmp.dll

c:\windows\system32\_002799_.tmp.dll

c:\windows\system32\_002800_.tmp.dll

c:\windows\system32\_002802_.tmp.dll

c:\windows\system32\_002803_.tmp.dll

c:\windows\system32\_002804_.tmp.dll

c:\windows\system32\_002806_.tmp.dll

c:\windows\system32\_002807_.tmp.dll

c:\windows\system32\_002809_.tmp.dll

c:\windows\system32\_002813_.tmp.dll

c:\windows\system32\_002814_.tmp.dll

c:\windows\system32\_002816_.tmp.dll

c:\windows\system32\_002817_.tmp.dll

c:\windows\system32\_002819_.tmp.dll

c:\windows\system32\_002821_.tmp.dll

c:\windows\system32\_002822_.tmp.dll

c:\windows\system32\_002823_.tmp.dll

c:\windows\system32\_002824_.tmp.dll

c:\windows\system32\_002827_.tmp.dll

c:\windows\system32\_002829_.tmp.dll

c:\windows\system32\_002830_.tmp.dll

c:\windows\system32\_002831_.tmp.dll

c:\windows\system32\_002835_.tmp.dll

c:\windows\system32\_002837_.tmp.dll

c:\windows\system32\_003561_.tmp.dll

c:\windows\system32\_003569_.tmp.dll

c:\windows\system32\_003577_.tmp.dll

c:\windows\system32\_003585_.tmp.dll

c:\windows\system32\_003593_.tmp.dll

c:\windows\system32\_003601_.tmp.dll

c:\windows\system32\_003731_.tmp.dll

c:\windows\system32\_003732_.tmp.dll

c:\windows\system32\_003733_.tmp.dll

c:\windows\system32\_003734_.tmp.dll

c:\windows\system32\_003739_.tmp.dll

c:\windows\system32\_003740_.tmp.dll

c:\windows\system32\_003741_.tmp.dll

c:\windows\system32\_003742_.tmp.dll

c:\windows\system32\_003747_.tmp.dll

c:\windows\system32\_003748_.tmp.dll

c:\windows\system32\_003749_.tmp.dll

c:\windows\system32\_003750_.tmp.dll

c:\windows\system32\_003755_.tmp.dll

c:\windows\system32\_003756_.tmp.dll

c:\windows\system32\_003757_.tmp.dll

c:\windows\system32\_003758_.tmp.dll

c:\windows\system32\_003763_.tmp.dll

c:\windows\system32\_003764_.tmp.dll

c:\windows\system32\_003765_.tmp.dll

c:\windows\system32\_003766_.tmp.dll

c:\windows\system32\_003771_.tmp.dll

c:\windows\system32\_003772_.tmp.dll

c:\windows\system32\_003773_.tmp.dll

c:\windows\system32\_003774_.tmp.dll

c:\windows\system32\_003779_.tmp.dll

c:\windows\system32\_003780_.tmp.dll

c:\windows\system32\_003781_.tmp.dll

c:\windows\system32\_003782_.tmp.dll

c:\windows\system32\_003787_.tmp.dll

c:\windows\system32\_003788_.tmp.dll

c:\windows\system32\_003789_.tmp.dll

c:\windows\system32\_003790_.tmp.dll

c:\windows\system32\_003795_.tmp.dll

c:\windows\system32\_003796_.tmp.dll

c:\windows\system32\_003797_.tmp.dll

c:\windows\system32\_003798_.tmp.dll

c:\windows\system32\_003803_.tmp.dll

c:\windows\system32\_003804_.tmp.dll

c:\windows\system32\_003805_.tmp.dll

c:\windows\system32\_003806_.tmp.dll

c:\windows\system32\_003813_.tmp.dll

c:\windows\system32\_003814_.tmp.dll

c:\windows\system32\_003815_.tmp.dll

c:\windows\system32\_003817_.tmp.dll

c:\windows\system32\_003818_.tmp.dll

c:\windows\system32\_003821_.tmp.dll

c:\windows\system32\_003822_.tmp.dll

c:\windows\system32\_003824_.tmp.dll

c:\windows\system32\_003825_.tmp.dll

c:\windows\system32\_003826_.tmp.dll

c:\windows\system32\_003828_.tmp.dll

c:\windows\system32\_003829_.tmp.dll

c:\windows\system32\_003831_.tmp.dll

c:\windows\system32\_003835_.tmp.dll

c:\windows\system32\_003836_.tmp.dll

c:\windows\system32\_003838_.tmp.dll

c:\windows\system32\_003839_.tmp.dll

c:\windows\system32\_003841_.tmp.dll

c:\windows\system32\_003843_.tmp.dll

c:\windows\system32\_003844_.tmp.dll

c:\windows\system32\_003845_.tmp.dll

c:\windows\system32\_003846_.tmp.dll

c:\windows\system32\_003849_.tmp.dll

c:\windows\system32\_003851_.tmp.dll

c:\windows\system32\_003852_.tmp.dll

c:\windows\system32\_003853_.tmp.dll

c:\windows\system32\_003857_.tmp.dll

c:\windows\system32\_004288_.tmp.dll

c:\windows\system32\_004296_.tmp.dll

c:\windows\system32\_004458_.tmp.dll

c:\windows\system32\_004459_.tmp.dll

c:\windows\system32\_004460_.tmp.dll

c:\windows\system32\_004461_.tmp.dll

c:\windows\system32\_004467_.tmp.dll

c:\windows\system32\_004468_.tmp.dll

c:\windows\system32\_004469_.tmp.dll

c:\windows\system32\_004470_.tmp.dll

c:\windows\system32\_004471_.tmp.dll

c:\windows\system32\_004472_.tmp.dll

c:\windows\system32\_004473_.tmp.dll

c:\windows\system32\_004474_.tmp.dll

c:\windows\system32\_004475_.tmp.dll

c:\windows\system32\_004476_.tmp.dll

c:\windows\system32\_004477_.tmp.dll

c:\windows\system32\_004478_.tmp.dll

c:\windows\system32\_004479_.tmp.dll

c:\windows\system32\_004480_.tmp.dll

c:\windows\system32\_004481_.tmp.dll

c:\windows\system32\_004482_.tmp.dll

c:\windows\system32\_004483_.tmp.dll

c:\windows\system32\_004484_.tmp.dll

c:\windows\system32\_004485_.tmp.dll

c:\windows\system32\_004486_.tmp.dll

c:\windows\system32\_004487_.tmp.dll

c:\windows\system32\_004488_.tmp.dll

c:\windows\system32\_004489_.tmp.dll

c:\windows\system32\_004490_.tmp.dll

c:\windows\system32\_004491_.tmp.dll

c:\windows\system32\_004492_.tmp.dll

c:\windows\system32\_004493_.tmp.dll

c:\windows\system32\_004494_.tmp.dll

c:\windows\system32\_004495_.tmp.dll

c:\windows\system32\_004496_.tmp.dll

c:\windows\system32\_004497_.tmp.dll

c:\windows\system32\_004498_.tmp.dll

c:\windows\system32\_004499_.tmp.dll

c:\windows\system32\_004500_.tmp.dll

c:\windows\system32\_004501_.tmp.dll

c:\windows\system32\_004502_.tmp.dll

c:\windows\system32\_004503_.tmp.dll

c:\windows\system32\_004504_.tmp.dll

c:\windows\system32\_004505_.tmp.dll

c:\windows\system32\_004506_.tmp.dll

c:\windows\system32\_004507_.tmp.dll

c:\windows\system32\_004508_.tmp.dll

c:\windows\system32\_004509_.tmp.dll

c:\windows\system32\_004510_.tmp.dll

c:\windows\system32\_004511_.tmp.dll

c:\windows\system32\_004512_.tmp.dll

c:\windows\system32\_004513_.tmp.dll

c:\windows\system32\_004514_.tmp.dll

c:\windows\system32\_004515_.tmp.dll

c:\windows\system32\_004516_.tmp.dll

c:\windows\system32\_004517_.tmp.dll

c:\windows\system32\_004518_.tmp.dll

c:\windows\system32\_004519_.tmp.dll

c:\windows\system32\_004520_.tmp.dll

c:\windows\system32\_004521_.tmp.dll

c:\windows\system32\_004522_.tmp.dll

c:\windows\system32\_004523_.tmp.dll

c:\windows\system32\_004524_.tmp.dll

c:\windows\system32\_004525_.tmp.dll

c:\windows\system32\_004526_.tmp.dll

c:\windows\system32\_004527_.tmp.dll

c:\windows\system32\_004528_.tmp.dll

c:\windows\system32\_004529_.tmp.dll

c:\windows\system32\_004530_.tmp.dll

c:\windows\system32\_004531_.tmp.dll

c:\windows\system32\_004532_.tmp.dll

c:\windows\system32\_004533_.tmp.dll

c:\windows\system32\_004534_.tmp.dll

c:\windows\system32\_004535_.tmp.dll

c:\windows\system32\_004536_.tmp.dll

c:\windows\system32\_004537_.tmp.dll

c:\windows\system32\_004538_.tmp.dll

c:\windows\system32\_004539_.tmp.dll

c:\windows\system32\_004540_.tmp.dll

c:\windows\system32\_004541_.tmp.dll

c:\windows\system32\_004542_.tmp.dll

c:\windows\system32\_004543_.tmp.dll

c:\windows\system32\_004544_.tmp.dll

c:\windows\system32\_004545_.tmp.dll

c:\windows\system32\_004546_.tmp.dll

c:\windows\system32\_004547_.tmp.dll

c:\windows\system32\_004548_.tmp.dll

c:\windows\system32\_004549_.tmp.dll

c:\windows\system32\_004550_.tmp.dll

c:\windows\system32\_004551_.tmp.dll

c:\windows\system32\_004552_.tmp.dll

c:\windows\system32\_004553_.tmp.dll

c:\windows\system32\_004554_.tmp.dll

c:\windows\system32\_004555_.tmp.dll

c:\windows\system32\_004556_.tmp.dll

c:\windows\system32\_004557_.tmp.dll

c:\windows\system32\_004558_.tmp.dll

c:\windows\system32\_004559_.tmp.dll

c:\windows\system32\_004560_.tmp.dll

c:\windows\system32\_004561_.tmp.dll

c:\windows\system32\_004562_.tmp.dll

c:\windows\system32\_004563_.tmp.dll

c:\windows\system32\_004564_.tmp.dll

c:\windows\system32\_004565_.tmp.dll

c:\windows\system32\_004566_.tmp.dll

c:\windows\system32\_004567_.tmp.dll

c:\windows\system32\_004568_.tmp.dll

c:\windows\system32\_004570_.tmp.dll

c:\windows\system32\_004571_.tmp.dll

c:\windows\system32\_004572_.tmp.dll

c:\windows\system32\_004573_.tmp.dll

c:\windows\system32\_004574_.tmp.dll

c:\windows\system32\_004575_.tmp.dll

c:\windows\system32\_004576_.tmp.dll

c:\windows\system32\_004578_.tmp.dll

c:\windows\system32\_004579_.tmp.dll

c:\windows\system32\_004580_.tmp.dll

c:\windows\system32\_004581_.tmp.dll

c:\windows\system32\_004582_.tmp.dll

c:\windows\system32\_004583_.tmp.dll

c:\windows\system32\_004584_.tmp.dll

c:\windows\system32\_004585_.tmp.dll

c:\windows\system32\_004586_.tmp.dll

c:\windows\system32\_004587_.tmp.dll

c:\windows\system32\_004588_.tmp.dll

c:\windows\system32\_004589_.tmp.dll

c:\windows\system32\_004590_.tmp.dll

c:\windows\system32\_004591_.tmp.dll

c:\windows\system32\_004592_.tmp.dll

c:\windows\system32\_004593_.tmp.dll

c:\windows\system32\_004594_.tmp.dll

c:\windows\system32\_004596_.tmp.dll

c:\windows\system32\_004597_.tmp.dll

c:\windows\system32\_004598_.tmp.dll

c:\windows\system32\_004599_.tmp.dll

c:\windows\system32\_004601_.tmp.dll

c:\windows\system32\_004603_.tmp.dll

c:\windows\system32\_004604_.tmp.dll

c:\windows\system32\_004605_.tmp.dll

c:\windows\system32\_004606_.tmp.dll

c:\windows\system32\_004607_.tmp.dll

c:\windows\system32\_004608_.tmp.dll

c:\windows\system32\_004609_.tmp.dll

c:\windows\system32\_004611_.tmp.dll

c:\windows\system32\_004612_.tmp.dll

c:\windows\system32\_004613_.tmp.dll

c:\windows\system32\_004614_.tmp.dll

c:\windows\system32\_004615_.tmp.dll

c:\windows\system32\_004616_.tmp.dll

c:\windows\system32\_004617_.tmp.dll

c:\windows\system32\_004618_.tmp.dll

c:\windows\system32\_004619_.tmp.dll

c:\windows\system32\_004620_.tmp.dll

c:\windows\system32\_004621_.tmp.dll

c:\windows\system32\_004622_.tmp.dll

c:\windows\system32\_004623_.tmp.dll

c:\windows\system32\_004624_.tmp.dll

c:\windows\system32\_004625_.tmp.dll

c:\windows\system32\_004626_.tmp.dll

c:\windows\system32\_004627_.tmp.dll

c:\windows\system32\_004629_.tmp.dll

c:\windows\system32\_004630_.tmp.dll

c:\windows\system32\_004631_.tmp.dll

c:\windows\system32\_004632_.tmp.dll

c:\windows\system32\_004634_.tmp.dll

c:\windows\system32\_004636_.tmp.dll

c:\windows\system32\_004637_.tmp.dll

c:\windows\system32\_004638_.tmp.dll

c:\windows\system32\_004639_.tmp.dll

c:\windows\system32\_004640_.tmp.dll

c:\windows\system32\_004641_.tmp.dll

c:\windows\system32\_004642_.tmp.dll

c:\windows\system32\_004644_.tmp.dll

c:\windows\system32\_004645_.tmp.dll

c:\windows\system32\_004646_.tmp.dll

c:\windows\system32\_004647_.tmp.dll

c:\windows\system32\_004648_.tmp.dll

c:\windows\system32\_004649_.tmp.dll

c:\windows\system32\_004650_.tmp.dll

c:\windows\system32\_004651_.tmp.dll

c:\windows\system32\_004653_.tmp.dll

c:\windows\system32\_004654_.tmp.dll

c:\windows\system32\_004655_.tmp.dll

c:\windows\system32\_004656_.tmp.dll

c:\windows\system32\_004657_.tmp.dll

c:\windows\system32\_004659_.tmp.dll

c:\windows\system32\_004660_.tmp.dll

c:\windows\system32\_004664_.tmp.dll

c:\windows\system32\_004665_.tmp.dll

c:\windows\system32\_004667_.tmp.dll

c:\windows\system32\_004670_.tmp.dll

c:\windows\system32\_004672_.tmp.dll

c:\windows\system32\_004673_.tmp.dll

c:\windows\system32\_004674_.tmp.dll

c:\windows\system32\_004675_.tmp.dll

c:\windows\system32\_004678_.tmp.dll

c:\windows\system32\_004679_.tmp.dll

c:\windows\system32\_004680_.tmp.dll

c:\windows\system32\_004681_.tmp.dll

c:\windows\system32\_004682_.tmp.dll

c:\windows\system32\_004687_.tmp.dll

c:\windows\system32\_004689_.tmp.dll

c:\windows\system32\_004690_.tmp.dll

c:\windows\system32\_004835_.tmp.dll

c:\windows\system32\_004836_.tmp.dll

c:\windows\system32\_004837_.tmp.dll

c:\windows\system32\_004838_.tmp.dll

c:\windows\system32\_004839_.tmp.dll

c:\windows\system32\_004840_.tmp.dll

c:\windows\system32\_004841_.tmp.dll

c:\windows\system32\_004842_.tmp.dll

c:\windows\system32\_004845_.tmp.dll

c:\windows\system32\_004846_.tmp.dll

c:\windows\system32\_004847_.tmp.dll

c:\windows\system32\_004849_.tmp.dll

c:\windows\system32\_004850_.tmp.dll

c:\windows\system32\_004853_.tmp.dll

c:\windows\system32\_004854_.tmp.dll

c:\windows\system32\_004856_.tmp.dll

c:\windows\system32\_004857_.tmp.dll

c:\windows\system32\_004858_.tmp.dll

c:\windows\system32\_004859_.tmp.dll

c:\windows\system32\_004860_.tmp.dll

c:\windows\system32\_004861_.tmp.dll

c:\windows\system32\_004862_.tmp.dll

c:\windows\system32\_004863_.tmp.dll

c:\windows\system32\_004864_.tmp.dll

c:\windows\system32\_004866_.tmp.dll

c:\windows\system32\_004867_.tmp.dll

c:\windows\system32\_004868_.tmp.dll

c:\windows\system32\_004869_.tmp.dll

c:\windows\system32\_004871_.tmp.dll

c:\windows\system32\_004873_.tmp.dll

c:\windows\system32\_004874_.tmp.dll

c:\windows\system32\_004875_.tmp.dll

c:\windows\system32\_004876_.tmp.dll

c:\windows\system32\_004877_.tmp.dll

c:\windows\system32\_004878_.tmp.dll

c:\windows\system32\_004879_.tmp.dll

c:\windows\system32\_004881_.tmp.dll

c:\windows\system32\_004882_.tmp.dll

c:\windows\system32\_004883_.tmp.dll

c:\windows\system32\_004884_.tmp.dll

c:\windows\system32\_004885_.tmp.dll

c:\windows\system32\_004886_.tmp.dll

c:\windows\system32\_004887_.tmp.dll

c:\windows\system32\_004888_.tmp.dll

c:\windows\system32\_004890_.tmp.dll

c:\windows\system32\_004891_.tmp.dll

c:\windows\system32\_004892_.tmp.dll

c:\windows\system32\_004893_.tmp.dll

c:\windows\system32\_004894_.tmp.dll

c:\windows\system32\_004896_.tmp.dll

c:\windows\system32\_004897_.tmp.dll

c:\windows\system32\_004901_.tmp.dll

c:\windows\system32\_004902_.tmp.dll

c:\windows\system32\_004904_.tmp.dll

c:\windows\system32\_004907_.tmp.dll

c:\windows\system32\_004909_.tmp.dll

c:\windows\system32\_004910_.tmp.dll

c:\windows\system32\_004911_.tmp.dll

c:\windows\system32\_004912_.tmp.dll

c:\windows\system32\_004915_.tmp.dll

c:\windows\system32\_004916_.tmp.dll

c:\windows\system32\_004917_.tmp.dll

c:\windows\system32\_004918_.tmp.dll

c:\windows\system32\_004919_.tmp.dll

c:\windows\system32\_004924_.tmp.dll

c:\windows\system32\_004926_.tmp.dll

c:\windows\system32\_004927_.tmp.dll

c:\windows\system32\Data

c:\windows\system32\fonts

c:\windows\system32\fonts\ACADEMY_.PFB

c:\windows\system32\fonts\ACADEMY_.PFM

c:\windows\system32\fonts\ACADEMY_.TTF

c:\windows\system32\logs

c:\windows\system32\Temp

c:\windows\system32\uacinit.dll.vir

.

((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))

.

2010-07-14 22:02 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-07 01:44 . 2010-07-07 01:44 -------- d-----w- c:\program files\Trend Micro

2010-07-06 22:30 . 2010-07-06 22:30 -------- d-----w- c:\documents and settings\Main\Application Data\Avira

2010-07-06 22:23 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-07-06 22:23 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-07-06 22:23 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-07-06 22:23 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-07-06 22:23 . 2010-07-06 22:23 -------- d-----w- c:\program files\Avira

2010-07-06 22:23 . 2010-07-06 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-07-06 21:52 . 2010-07-06 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2010-07-06 21:52 . 2010-07-06 21:52 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo!

2010-07-02 18:46 . 2010-07-12 19:13 -------- d-----w- c:\windows\system32\NtmsData

2010-06-30 16:32 . 2010-07-06 21:13 -------- d-----w- c:\windows\BDOSCAN8

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-14 22:00 . 2009-03-30 23:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-12 04:44 . 2009-03-18 02:37 -------- d-----w- c:\documents and settings\Main\Application Data\Temp

2010-07-02 17:35 . 2009-04-13 19:13 81984 ----a-w- c:\windows\system32\bdod.bin

2010-07-01 15:16 . 2010-03-21 15:31 -------- d-----w- c:\program files\Defender Pro

2010-07-01 15:14 . 2010-03-21 16:18 132 ----a-w- c:\windows\system32\rezumatenoi.dat

2010-06-30 16:12 . 2009-09-12 20:02 -------- d-----w- c:\documents and settings\Main\Application Data\Move Networks

2010-06-29 04:04 . 2003-07-20 16:14 -------- d-----w- c:\program files\QUICKENW

2010-06-06 15:31 . 2008-12-15 01:55 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-02 18:11 . 2007-01-12 23:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-05-22 18:10 . 2003-07-20 16:10 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:56 . 2009-04-02 03:15 1850880 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:51 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Conime"="c:\windows\system32\conime.exe" [2004-08-04 27648]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-03-31 22:23 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]

2004-08-04 12:00 27648 ----a-w- c:\windows\SYSTEM32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 12:00 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]

2002-04-03 06:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

2002-08-14 23:22 28672 ----a-r- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]

2008-10-22 10:54 1310720 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-06-16 11:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-09-05 03:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 06:00 90112 ----a-w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"VSSERV"=2 (0x2)

"QBFCService"=3 (0x3)

"ose"=3 (0x3)

"NVSvc"=2 (0x2)

"NetSvc"=3 (0x3)

"LIVESRV"=2 (0x2)

"KodakSvc"=2 (0x2)

"Kodak AiO Network Discovery Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"IDriverT"=3 (0x3)

"DSBrokerService"=3 (0x3)

"Creative Service for CDROM Access"=2 (0x2)

"Bonjour Service"=2 (0x2)

"Arrakis3"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\CentraOne\\bin\\launcher.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9322:TCP"= 9322:TCP:EKDiscovery

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/6/2010 6:23 PM 135336]

S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]

S3 Arrakis3;Defender Pro Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" --> c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [?]

S3 bdfm;BDFM;c:\windows\SYSTEM32\DRIVERS\bdfm.sys [9/16/2008 10:10 AM 108864]

S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\SYSTEM32\DRIVERS\pixmcvc.sys [12/11/2004 2:37 PM 32000]

S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\SYSTEM32\DRIVERS\pixmcva.sys [12/11/2004 2:39 PM 28057]

S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\SYSTEM32\DRIVERS\pixmcvv.sys [12/11/2004 2:38 PM 21081]

S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [1/19/2009 5:01 PM 279960]

S4 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [1/19/2009 5:02 PM 38296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

fcqwhxik

.

Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\AiO Home Center Registration Remind Task.job

- c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe [2009-03-18 21:47]

2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://mt202.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab

DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - hxxp://mediaplayer.walmart.com/installer/install.cab

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://store01.prostores.com/storeadmin/utilities/pssbedit.cab

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-uvpwyrox - c:\documents and settings\Main\Local Settings\Application Data\rfxapa\vgltsftav.exe

HKLM-Run-uvpwyrox - c:\documents and settings\Main\Local Settings\Application Data\rfxapa\vgltsftav.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-BDAgent - c:\program files\BitDefender\BitDefender 2009\bdagent.exe

MSConfigStartUp-BitDefender Antiphishing Helper - c:\program files\BitDefender\BitDefender 2009\IEShow.exe

MSConfigStartUp-oylkojwt - c:\documents and settings\Main\Local Settings\Application Data\nbrbml\ggrjsysguard.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe

AddRemove-Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Uninst.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-18 11:27

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(2868)

c:\windows\system32\WININET.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-07-18 11:48:36 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-18 15:48

Pre-Run: 3,817,230,336 bytes free

Post-Run: 3,649,658,880 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - EB1FFB543EDA423693524CA9F4D0CFE4

Maniac · July 19, 2010

Open Notepad and copy and paste the text in the code box below into it:

NetSvc::
fcqwhxik

Driver::
BDVEDISK

Folder::
c:\program files\BitDefender

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

kjoamo · July 19, 2010

Here is the new log.

Thanks

ComboFix 10-07-19.01 - Main 07/19/2010 17:58:15.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.844 [GMT -4:00]

Running from: c:\documents and settings\Main\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BDVEDISK

-------\Service_BDVEDISK

((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))