Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vundo h, virtumonde, zlob viruses

Started by annej55 , Mar 24 2009 12:59 PM

  • Please log in to reply

#1
annej55
Posted 24 March 2009 - 12:59 PM

annej55

    New Member

  • Member
  • Pip
  • 1 posts
Hi, I am new to this forum and I found this site while trying to figure out how to get rid of these viruses. I hope someone will be able to help me, I got the virus a couple of days ago and nothing seems to work. I read through your Malware Removal Guide and followed the procedures there and I still have some registry items I am not able to delete.

I have Webroot Antivirus, this tells me I have the virtumonde virus and it keeps coming up and it gets quarantined and is on my always quarantine list, but comes up everytime i open Webroot.

I also tried downloading SpyHunter and that tells me I have the zlob virus and I can't manually delete the registry files that this tells me are infected.

I have run Malwarebytes Anti Malware which tells me I have the Trojan.Vundo.H virus and it deletes all the files except for about 4 or 5 registry files that I can't manually delete either.

I ran the OTListIt and only the OTListIT.txt came up, I did not get the extras.txt

Here is the rooter.exe log and the OTListIT.txt log I ran

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:95385 Mo/Free:3942 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 03/24/2009|13:43

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
---------- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\HPQ\SHARED\HPQWMI.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 03/24/2009|12:10
2 - "C:\Rooter$\Rooter_2.txt" - Tue 03/24/2009|13:45

----------------------\\ Scan completed at 13:45



OTListIt logfile created on: 3/24/2009 1:47:40 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 193.85 Mb Available Physical Memory | 37.97% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 35.85 Gb Free Space | 38.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANITA
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Documents and Settings\user\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Running]) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NwSapAgent [Auto | Stopped]) -- C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation)
SRV - (PCLEPCI [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\pclepci.sys (Pinnacle Systems GmbH)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (sdAuxService [Auto | Stopped]) -- File not found
SRV - (sdCoreService [Auto | Stopped]) -- File not found
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\drivers\EABFiltr.sys (Hewlett-Packard Company)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\eabusb.sys (Hewlett-Packard Company)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWATI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (MarvinBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (NuidFltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (NwlnkIpx [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (Point32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC)
DRV - (ssfs0bbc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssidrv [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (USBCM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Sacm2A.sys ( )
DRV - (vrskbdft [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\vrskbdft.sys (HAURI)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Startpage = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Pink Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.08
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4
FF - prefs.js..extensions.enabledItems: {6e00410e-1176-11dc-8314-0800200c9a66}:1.3

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/18 03:45:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/06 11:35:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/05 22:12:56 | 00,000,000 | ---D | M]

[2009/01/16 03:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions
[2009/01/16 03:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/24 11:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\prsu2jmj.default\extensions
[2009/02/08 11:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\prsu2jmj.default\extensions\{6e00410e-1176-11dc-8314-0800200c9a66}
[2009/01/16 04:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\prsu2jmj.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/01/16 04:07:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\prsu2jmj.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2009/03/05 18:54:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\prsu2jmj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/16 04:07:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\prsu2jmj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/01/28 20:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\prsu2jmj.default\extensions\[email protected]
[2009/01/20 05:16:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\prsu2jmj.default\extensions\[email protected]
[2009/01/16 04:07:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\prsu2jmj.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}\chrome\mozapps\extensions
[2009/01/16 04:23:57 | 00,001,142 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\prsu2jmj.default\searchplugins\pink-search.xml
[2009/03/22 09:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/01/16 03:44:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/05 22:12:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/19 22:57:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/05 22:12:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/05 22:12:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 01:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 01:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/09 15:05:22 | 00,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2008/12/02 01:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 01:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 01:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 01:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 01:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (687 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {f700871f-a33c-401e-bd55-e13db59756e9} - C:\WINDOWS\system32\vosukaso.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [bofinamima] Rundll32.exe "C:\WINDOWS\system32\murevalo.dll",s File not found
O4 - HKLM..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray (Webroot Software, Inc.)
O4 - HKCU..\Run: [Active Desktop Calendar] "C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" (XemiComputers ltd.)
O4 - HKCU..\Run: [igndlm.exe] "C:\Program Files\Download Manager\DLM.exe" /windowsstart /startifwork (IGN Entertainment)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Sites: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.8.110.cab (CDownloadCtrl Object)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1226932566796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://bmm.imgag.com.../crusher-mx.cab (Creative Toolbox Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\nusuzefa.dll) - c:\windows\system32\nusuzefa.dll ()
O20 - AppInit_DLLs: () - File not found
O20 - AppInit_DLLs: () - File not found
O20 - AppInit_DLLs: (bvjqpe.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (4/13) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (RA) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{1c686660-3b87-11dc-ad49-0014a519fc99}\Shell\AutoRun\command - "" = tsystemanalyzer.exe
O33 - MountPoints2\{5e412aac-b3da-11dc-adc2-0014a519fc99}\Shell - "" = AutoRun
O33 - MountPoints2\{5e412aac-b3da-11dc-adc2-0014a519fc99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e412aac-b3da-11dc-adc2-0014a519fc99}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/03/24 12:11:03 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\user\Desktop\OTListIt2.exe
[2009/03/24 12:08:20 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/24 12:07:53 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\user\Desktop\Rooter.exe
[2009/03/24 11:47:09 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/03/24 11:47:07 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\user\Desktop\NTREGOPT.lnk
[2009/03/24 11:47:06 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/24 11:36:37 | 00,004,096 | -HS- | C] () -- C:\WINDOWS\System32\nomifeyi.dll
[2009/03/24 11:36:17 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vuzofafu.dll
[2009/03/24 11:09:07 | 53,535,1296 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/24 05:24:16 | 00,000,708 | ---- | C] () -- C:\DOCUME~1\user\Desktop\Malwarebytes' Anti-Malware (2).lnk
[2009/03/23 14:49:34 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/03/23 02:28:05 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/03/23 00:44:05 | 00,001,669 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Spy Sweeper.lnk
[2009/03/23 00:43:16 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/03/22 17:32:39 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/22 02:25:37 | 00,129,024 | -HS- | C] (Simple Software Solutions, Inc.) -- C:\WINDOWS\System32\dkhhfc.dll
[2009/03/19 14:28:53 | 00,000,705 | ---- | C] () -- C:\DOCUME~1\user\Desktop\World of Warcraft Trial.lnk
[2009/03/19 14:27:03 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Trial
[2009/03/19 14:17:15 | 01,754,696 | ---- | C] (Blizzard Entertainment) -- C:\DOCUME~1\user\Desktop\TryWoW.exe
[2009/03/19 12:04:51 | 00,000,000 | ---D | C] -- C:\DOCUME~1\user\Desktop\WoW
[2009/03/19 11:45:14 | 00,000,000 | ---D | C] -- C:\DOCUME~1\user\My Documents\My Downloads
[2009/03/19 11:45:00 | 00,000,707 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Download Manager.lnk
[2009/03/19 11:44:57 | 00,000,000 | ---D | C] -- C:\Program Files\Download Manager
[2009/03/19 11:43:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\IGN_DLM
[2009/03/19 02:31:29 | 00,302,928 | ---- | C] (Microsoft Corporation) -- C:\DOCUME~1\user\Desktop\dxwebsetup.exe
[2009/03/19 02:28:27 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/03/19 02:28:27 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/03/19 02:28:23 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/03/19 02:28:19 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/03/19 02:28:19 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/03/19 02:28:14 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/03/19 02:28:12 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/03/19 02:28:07 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/03/19 02:28:07 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/03/19 02:28:03 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/03/19 02:27:58 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/03/19 02:27:58 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/03/19 02:27:54 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/03/19 02:27:49 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/03/19 02:27:49 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/03/19 02:27:46 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/03/19 02:27:43 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/03/19 02:27:39 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/03/19 02:27:39 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/03/19 02:27:35 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/03/19 02:27:31 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/03/19 02:27:28 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/03/19 02:27:26 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/03/19 02:27:20 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/03/19 02:27:20 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/03/19 02:27:16 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/03/19 02:27:12 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/03/19 02:27:04 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/03/19 02:27:03 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/03/19 02:27:01 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/03/19 02:26:56 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/03/19 02:26:53 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/03/19 02:26:53 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/03/19 02:26:49 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/03/19 02:26:44 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/03/19 02:26:44 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/03/19 02:26:38 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/03/19 02:26:38 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/03/19 02:26:33 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/03/19 02:26:29 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/03/19 02:26:20 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/03/19 02:26:16 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/03/19 02:26:16 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/03/19 02:26:05 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/03/19 02:26:01 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/03/19 02:25:56 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/03/19 02:25:54 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/03/19 02:25:47 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/03/19 02:25:47 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/03/19 02:25:44 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/03/19 02:25:41 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/03/19 02:25:39 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/03/19 02:25:37 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/03/19 02:25:35 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/03/19 02:25:30 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/03/19 02:25:15 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/03/19 02:25:08 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/03/19 02:25:08 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/03/19 02:25:05 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/03/19 02:25:01 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/03/19 02:24:57 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/03/19 02:24:54 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/03/19 02:24:49 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/03/19 02:24:45 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/03/19 02:24:39 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/03/19 02:18:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/03/19 02:18:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/03/19 02:12:06 | 00,000,022 | ---- | C] () -- C:\DOCUME~1\user\Desktop\Repair.zip
[2009/03/18 23:40:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2009/03/18 18:51:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\XemiComputers
[2009/03/18 18:51:10 | 00,000,790 | ---- | C] () -- C:\DOCUME~1\user\Desktop\Active Desktop Calendar.lnk
[2009/03/18 18:50:50 | 00,000,000 | ---D | C] -- C:\Program Files\XemiComputers
[2009/03/18 10:29:34 | 00,000,104 | ---- | C] () -- C:\WINDOWS\tasks\Low Battery Alarm Program.job
[2009/03/17 16:00:17 | 00,010,752 | ---- | C] () -- C:\DOCUME~1\user\My Documents\manuels income as of 3-17-09.xlr
[2009/03/17 15:10:37 | 00,010,752 | ---- | C] () -- C:\DOCUME~1\user\My Documents\jennas income as of 3-17-09.xlr
[2009/03/16 15:19:29 | 00,001,176 | ---- | C] () -- C:\DOCUME~1\user\My Documents\twilight.xspf
[2009/02/25 15:24:48 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/02/25 15:24:40 | 00,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/03/24 13:48:27 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\supavaye
[2009/03/24 13:21:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/24 13:21:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/24 13:21:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/24 13:20:59 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/24 13:19:53 | 05,384,288 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2009/03/24 12:11:05 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\user\Desktop\OTListIt2.exe
[2009/03/24 12:08:08 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\user\Desktop\Rooter.exe
[2009/03/24 11:47:09 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/03/24 11:47:07 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\user\Desktop\NTREGOPT.lnk
[2009/03/24 11:36:37 | 00,004,096 | -HS- | M] () -- C:\WINDOWS\System32\nomifeyi.dll
[2009/03/24 11:36:17 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vuzofafu.dll
[2009/03/24 11:20:36 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CDF6C4AB-1449-4641-AC6A-D00E8107575A}.job
[2009/03/24 05:24:16 | 00,000,708 | ---- | M] () -- C:\DOCUME~1\user\Desktop\Malwarebytes' Anti-Malware (2).lnk
[2009/03/24 05:00:32 | 00,001,608 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L81315FADBEA0428ABBEB09BAE8A592C3.job
[2009/03/24 04:10:29 | 00,000,349 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Documents\PCLECHAL.INI
[2009/03/23 10:08:37 | 00,001,632 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LCAEAB8A7980B43ECA5DD3F0DB79BD71C.job
[2009/03/23 03:30:00 | 00,000,392 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEasy Scheduled Scan.job
[2009/03/23 02:29:57 | 00,000,687 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/03/23 00:44:05 | 00,001,669 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Spy Sweeper.lnk
[2009/03/22 02:25:36 | 00,129,024 | -HS- | M] (Simple Software Solutions, Inc.) -- C:\WINDOWS\System32\dkhhfc.dll
[2009/03/22 02:25:36 | 00,129,024 | -HS- | M] (Simple Software Solutions, Inc.) -- C:\WINDOWS\System32\deyogisu.dll
[2009/03/22 01:54:58 | 00,000,576 | ---- | M] () -- C:\DOCUME~1\user\My Documents\My Sharing Folders.lnk
[2009/03/20 22:50:47 | 00,190,464 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/20 15:15:09 | 00,005,224 | ---- | M] () -- C:\Documents and Settings\user\Application Data\wklnhst.dat
[2009/03/19 14:28:53 | 00,000,705 | ---- | M] () -- C:\DOCUME~1\user\Desktop\World of Warcraft Trial.lnk
[2009/03/19 14:17:37 | 01,754,696 | ---- | M] (Blizzard Entertainment) -- C:\DOCUME~1\user\Desktop\TryWoW.exe
[2009/03/19 11:45:01 | 00,000,707 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Download Manager.lnk
[2009/03/19 02:31:35 | 00,302,928 | ---- | M] (Microsoft Corporation) -- C:\DOCUME~1\user\Desktop\dxwebsetup.exe
[2009/03/19 02:12:48 | 00,000,022 | ---- | M] () -- C:\DOCUME~1\user\Desktop\Repair.zip
[2009/03/18 18:51:10 | 00,000,790 | ---- | M] () -- C:\DOCUME~1\user\Desktop\Active Desktop Calendar.lnk
[2009/03/18 10:29:34 | 00,000,104 | ---- | M] () -- C:\WINDOWS\tasks\Low Battery Alarm Program.job
[2009/03/17 16:00:17 | 00,010,752 | ---- | M] () -- C:\DOCUME~1\user\My Documents\manuels income as of 3-17-09.xlr
[2009/03/17 15:10:38 | 00,010,752 | ---- | M] () -- C:\DOCUME~1\user\My Documents\jennas income as of 3-17-09.xlr
[2009/03/16 15:19:29 | 00,001,176 | ---- | M] () -- C:\DOCUME~1\user\My Documents\twilight.xspf
[2009/03/14 14:45:56 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2009/03/14 03:45:21 | 00,302,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/05 17:10:10 | 01,553,784 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/03/03 16:49:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/25 15:24:56 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2009/02/25 15:24:56 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2009/02/25 15:24:54 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[2009/02/25 15:24:48 | 00,031,088 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/02/25 15:24:40 | 00,016,240 | ---- | M] () -- C:\WINDOWS\System32\SsiEfr.exe
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP