[lex1245]

Hi, I'm a little new at this. Thanks in advance for any help.


Avast! Antivirus keeps detecting "Win32:JunkPoly [Cryp]" or something like that, in my files. I try to repair them but it fails, and I have to delete them.

So I ran SuperAntiSpyware in safe mode, detected some stuff and removed them.

When I rebooted, Avast detected a virus, so recommended an Avast boot, which I did. It detected and removed a bunch of "Win32:JunkPoly [Cryp]" files, but there was one file (I don't recall the name) that couldn't be deleted so had to be ignored.

I'm basically back to where I was before, because the "Win32:JunkPoly [Cryp]" files keep popping up still. My internet is also lagging. When I open my browser, it says "Avast has blocked a malicious website from jl.chura.pl/rc" or something like that.


I really would like to avoid having to reformat my hard drive, as I'd like to keep the tons of files I have on here.












This is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:28 AM, on 4/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\WINDOWS\TEMP\sdmgos.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\TEMP\sdmgos.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\1969298881.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {6f97b29c-dc1e-488a-bf61-afee73444b68} - C:\WINDOWS\system32\hudetola.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: C:\WINDOWS\system32\sdfgerfgf3f.dll - {e2ba40a2-74f3-42bd-f434-2604812c8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [emMON] emMON.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [002d7f3c] rundll32.exe "C:\WINDOWS\system32\miyudona.dll",b
O4 - HKLM\..\Run: [CPM031e4ca0] Rundll32.exe "c:\windows\system32\hukawebo.dll",a
O4 - HKLM\..\Run: [mogiluhehe] Rundll32.exe "C:\WINDOWS\system32\sunazona.dll",s
O4 - HKLM\..\Run: [Acuzogoloputuye] rundll32.exe "C:\WINDOWS\uwihogevo.dll",e
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\sdmgos.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\sdmgos.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Alex\LOCALS~1\Temp\1969298881.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.co...InstallAsst.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL cfljna.dll xmvnjf.dll c:\windows\system32\jisufumi.dll c:\windows\system32\hukawebo.dll,C:\WINDOWS\system32\tidabori.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: ocmerg - C:\Program Files\Windows Media Player\Network Sharing\ocmerg.dll (file missing)
O22 - SharedTaskScheduler: sdfg54y54yhhgth6w4efvrg - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Unknown owner - C:\WINDOWS\system32\DVDRAMSV.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe







This virus seems really persistent ! Please help, I would greatly appreciate it! Thanks again.

[Advertisements]

Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.

[Rorschach112]

Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.

[lex1245]

Sorry about that. Came in this forum from an old post that started with a Hijack post.

Here are the steps:




Preparation:

+ERUNT got infected when I tried to run it. I renamed ERUNT to something else, then because it wouldn't run, renamed it back to ERUNT. I ran ERUNT, and it worked fine. After the backup was completed, avast picked up about 5-6 new viruses infecting .exe's, which I deleted.



+The first time I tried to run ATF cleaner, avast picked up a virus on it. I renamed the ATF_cleaner.exe file. It then ran fine.


+I tried to run SysRestorePoint. It said "The application failed to initialize properly (0xc000007b)."



Step One:


+I opened Malwarebytes'. I tried to update it, but it said "Update failed. Make sure you are connected to the Internet and your firewall is set to allow

Malwarebytes' access to the internet." I was connected to the internet, and I turned my firewall off with the same result.





Malwarebytes' Anti-Malware 1.35
Database version: 1942
Windows 5.1.2600 Service Pack 2

4/15/2009 6:36:34 AM
mbam-log-2009-04-15 (06-36-34).txt

Scan type: Quick Scan
Objects scanned: 82862
Time elapsed: 15 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 8
Registry Values Infected: 7
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tidabori.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rahozaye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sunazona.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\jojogude.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hudetola.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f97b29c-dc1e-488a-bf61-afee73444b68} (Trojan.Vundo.H) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f97b29c-dc1e-488a-bf61-afee73444b68} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2ba40a2-74f3-42bd-f434-2604812c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f97b29c-dc1e-488a-bf61-afee73444b68} (Trojan.Vundo.H) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\002d7f3c (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mogiluhehe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm031e4ca0 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{e2ba40a2-74f3-42bd-f434-2604812c8953} (Trojan.Zlob.H) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acuzogoloputuye (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows resurections (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tidabori.dll ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tidabori.dll -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\tidabori.dll -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jojogude.dll -> Delete on

reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jojogude.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted

successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\rahozaye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eyazohar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sunazona.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\jojogude.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hudetola.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sdfgerfgf3f.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\tidabori.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\daruwuho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fudoyobe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\uwihogevo.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Alex\Local Settings\Temp\1174617360.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Temp\sdmgos.exe (Trojan.Agent) -> Delete on reboot.





I screwed up over here. I ran ERUNT again, ironically because the first time I ran it I had ran it out of order of the steps. I deleted my original folder.





+Upon reboot: "Error Loading C:\WINDOWS\uwihogevo.dll
The specified module could not be found."

Browser is running noticeably faster at this point.











Step Two:

+I already have avast antivirus installed.




Step Three:

+The Windows Updates link gives me a page not found. I searched it up on google, and EVERY SINGLE LINK I tried gives me a Page Load Error (interestingly

enough, so does the avast forum). So I can't get my computer updated. Is there any unofficial website that has the official updates? I assume it won't be

blocked if it's not on the virus's radar.




Step Four:

+I had just rebooted from the Malwarebytes' reboot. Nothing had changed so I didn't reboot again.




Step Five:

+Renamed the exe file. One Rootkit was found and deleted.


Rootkit:



Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:114219 Mo/Free:3391 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
I:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Wed 04/15/2009| 6:48

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\eHome\ehRecvr.exe
---------- C:\WINDOWS\eHome\ehSched.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
---------- C:\Program Files\CDBurnerXP\NMSAccessU.exe
---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Pen_Tablet.exe
---------- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
---------- C:\Program Files\VentSrv\ventrilo_svc.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
---------- C:\WINDOWS\system32\Pen_Tablet.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\WINDOWS\system32\dllhost.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
---------- C:\WINDOWS\ehome\ehtray.exe
---------- C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
---------- C:\WINDOWS\eHome\ehmsas.exe
---------- C:\Program Files\Protector Suite QL\psqltray.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\WINDOWS\AGRSMMSG.exe
---------- C:\Program Files\Toshiba\Tvs\TvsTray.exe
---------- C:\WINDOWS\system32\dla\DLACTRLW.exe
---------- C:\Program Files\Synaptics\SynTP\Toshiba.exe
---------- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
---------- C:\WINDOWS\system32\notepad.exe
---------- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\Alwil Software\Avast4\setup\avast.setup
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
---------- C:\Program Files\Logitech\QuickCam\Quickcam.exe
---------- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
---------- C:\Program Files\DNA\btdna.exe
---------- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
---------- C:\Program Files\MagicDisc\MagicDisc.exe
---------- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV


1 - "C:\Rooter$\Rooter_1.txt" - Wed 04/15/2009| 6:50

----------------------\\ Scan completed at 6:50

Edited by lex1245, 15 April 2009 - 08:23 AM.

[lex1245]

Step Six:


+Renamed the .exe file, then ran it.

OTListIt:






OTListIt logfile created on: 4/15/2009 7:01:49 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.11% Memory free
3.84 Gb Paging File | 3.24 Gb Available in Paging File | 84.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 3.25 Gb Free Space | 2.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded


Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On



========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\VentSrv\ventrilo_svc.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\dla\DLACTRLW.exe (Sonic Solutions)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Sharp\Sharpdesk\SharpTray.exe ()
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Alex\Desktop\OTListIt2a.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\setup\avast.setup ()




========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AOL TopSpeedMonitor [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Basics Service [Auto | Running]) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CFSvcs [Disabled | Stopped]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DVD-RAM_Service [Auto | Stopped]) -- File not found
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(Macrovision Europe Ltd.)
SRV - (GoogleDesktopManager-090808-172447 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (javaquickstarterservice [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (McDetect.exe [Disabled | Stopped]) -- c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
SRV - (McrdSvc [Disabled | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (McShield [On_Demand | Stopped]) -- c:\Program Files\McAfee.com\VSO\McShield.exe (McAfee Inc.)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft

Corporation)
SRV - (MSSQL$SONY_MEDIAMGR [Auto | Running]) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft

Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NMSAccessU [Auto | Running]) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (OpenCASE Media Agent [Auto | Stopped]) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe (ExtendMedia Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Unknown | Stopped]) -- File not found
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped]) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft

Corporation)
SRV - (Swupdtmr [Auto | Stopped]) -- File not found
SRV - (TabletServicePen [Auto | Running]) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TAPPSRV [Auto | Running]) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (uploadmgr [Auto | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Ventrilo [Auto | Running]) -- C:\Program Files\VentSrv\ventrilo_svc.exe ()
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)




========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (e1express [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys (Intel Corporation)
DRV - (FdRedir [Auto | Running]) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2 [Auto | Running]) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (KR10N [Boot | Stopped]) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (mcdbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (NaiAvFilter1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PID_PEPI [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and

Asia K.K.)
DRV - (smihlp [Auto | Running]) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tbiosdrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys ()
DRV - (TcUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tcusb.sys (UPEK Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (tosrfec [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (TVALD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NBSMI.sys (Toshiba Corporation)
DRV - (Tvs [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys (TOSHIBA Corporation)
DRV - (USB28xxBGA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emOEM.sys (eMPIA Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)
DRV - (wacmoumonitor [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys (Wacom Technology)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)




========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...pver={SUB_PVER}

&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ninja.com/"
FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.98
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20090119W
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.3.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {8F527F9E-4A45-4054-98F1-54A8F3E08959}:1.0
FF - prefs.js..extensions.enabledItems: {5A51FE0A-D958-4378-8230-BC4AFCEB2C74}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{8F527F9E-4A45-4054-98F1-54A8F3E08959}: C:\DOCUMENTS AND SETTINGS\ALEX\LOCAL SETTINGS\APPLICATION

DATA\{8F527F9E-4A45-4054-98F1-54A8F3E08959} [2009/04/15 04:02:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5A51FE0A-D958-4378-8230-BC4AFCEB2C74}: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION

DATA\{5A51FE0A-D958-4378-8230-BC4AFCEB2C74}\ [2009/04/14 20:03:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/15 00:27:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/29 12:06:38 | 00,000,000 | ---D

| M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/15 00:57:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA SUNBIRD\COMPONENTS [2009/02/09 08:30:11 | 00,000,000 | ---D |

M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA SUNBIRD\PLUGINS [2009/02/09 08:30:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/02/15 21:43:59 |

00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS

[2008/06/19 14:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Extensions
[2008/06/19 14:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/15 02:01:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions
[2009/03/26 18:41:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/30 01:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/01/29 22:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/24 02:31:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/01/29 22:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2008/06/19 17:15:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/02/23 20:29:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/02/23 20:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\[email protected]
[2009/03/30 08:33:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\[email protected]
[2008/01/27 03:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\[email protected]
[2009/02/28 16:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application

Data\mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\[email protected]
[2008/12/15 17:53:03 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Alex\Application

Data\Mozilla\FireFox\Profiles\b2ti9ecf.default\searchplugins\aim-search.xml
[2008/02/24 14:27:30 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Alex\Application

Data\Mozilla\FireFox\Profiles\b2ti9ecf.default\searchplugins\aolsearch.xml
[2009/04/15 06:44:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/02/16 02:22:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/27 23:49:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/01 21:31:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/04/15 00:28:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/27 23:49:32 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/27 23:49:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/13 04:25:49 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/13 04:25:49 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/13 04:25:49 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 04:25:49 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/13 04:25:49 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/13 04:25:49 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/11/13 04:25:49 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (24 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O2 - BHO: (no name) - {e2ba40a2-74f3-42bd-f434-2604812c8953} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh

Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" (Maxtor Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run (TOSHIBA Corporation)
O4 - HKLM..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY File not found
O4 - HKLM..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup (UPEK Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] TDispVol.exe File not found
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe File not found
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UDC Integration] File not found
O4 - HKCU..\Run: [] C:\WINDOWS\TEMP\sdmgos.exe File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe File not found
O4 - HKCU..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" File not found
O4 - Startup: C:\Documents and Settings\Alex\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80

\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-

US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft

Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer

Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft

Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://asp.mathxl.co...InstallAsst.cab (PearsonAsstX Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {cafeefac-0016-0000-0013-abcdeffedcba} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (Reg Error: Key error.)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft

Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft

Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft

Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft

Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft

Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

(Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (cfljna.dll) - File not found
O20 - AppInit_DLLs: (xmvnjf.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\jisufumi.dll) - c:\windows\system32\jisufumi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\hukawebo.dll) - c:\windows\system32\hukawebo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

(SUPERAntiSpyware.com)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ocmerg: DllName - C:\Program Files\Windows Media Player\Network Sharing\ocmerg.dll - C:\Program Files\Windows Media Player\Network

Sharing\ocmerg.dll File not found
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft

Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found




========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[1 C:\DOCUME~1\Alex\My Documents\*.tmp files]
[2009/04/15 06:55:37 | 00,000,000 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\ml50setup(2).zip
[2009/04/15 06:55:35 | 60,907,757 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\ml50setup(2).zip.part
[2009/04/15 06:42:07 | 00,000,000 | R-SD | C] -- C:\DOCUME~1\Alex\My Documents\My Safe
[2009/04/15 06:32:42 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Alex\Desktop\OTListIt2a.exe
[2009/04/15 06:30:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/15 06:30:21 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\Rooterr.exe
[2009/04/15 06:21:30 | 00,225,104 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\112-20062-MT2.pdf
[2009/04/15 06:06:59 | 00,041,472 | ---- | C] (Doug Knox) -- C:\DOCUME~1\Alex\Desktop\SysRestorePoint.exe
[2009/04/15 06:00:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/15 05:57:46 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\Alex\Desktop\erunt_setup.exe
[2009/04/15 05:54:15 | 00,000,000 | ---D | C] -- C:\Program Files\Copy of Malwarebytes' Anti-Malware
[2009/04/15 05:45:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/15 04:02:02 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\Local Settings\Application Data\{8F527F9E-4A45-4054-98F1-54A8F3E08959}
[2009/04/15 03:51:18 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\My Documents\AFTERWARDSSSSSSSSSSSSSSS
[2009/04/15 02:43:55 | 00,000,000 | ---D | C] -- C:\Program Files\MStudio
[2009/04/15 02:34:15 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\Desktop\ml50setup
[2009/04/15 01:16:02 | 87,280,281 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\ml50setup.zip
[2009/04/15 00:41:38 | 00,001,745 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\HijackThis.lnk
[2009/04/15 00:40:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/15 00:15:00 | 00,215,203 | ---- | C] () -- C:\DOCUME~1\Alex\My Documents\WWWWWWWWWWWWWINDOWS PROGRAMSSSSSSSSSSSSSSSS.docx
[2009/04/15 00:03:56 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\Desktop\firefox
[2009/04/14 23:13:42 | 00,000,016 | ---- | C] () -- C:\WINDOWS\Bcune.bin
[2009/04/14 23:13:29 | 00,001,420 | ---- | C] () -- C:\WINDOWS\Tbepujumuqoboxe.dat
[2009/04/14 23:11:20 | 21,370,51136 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/14 14:56:37 | 00,001,747 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\SUPERAntiSpyware Free Edition (2).lnk
[2009/04/14 14:49:21 | 00,088,558 | ---- | C] () -- C:\WINDOWS\System32\drivers\7b7ed347.sys
[2009/04/14 14:49:01 | 00,055,296 | ---- | C] () -- C:\rnvx.exe
[2009/04/14 14:48:52 | 00,000,002 | ---- | C] () -- C:\2981779
[2009/04/14 01:06:50 | 01,404,795 | -HS- | C] () -- C:\WINDOWS\System32\anoduyim.ini
[2009/04/13 05:07:14 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\My Documents\l5r
[2009/04/12 01:03:38 | 00,550,560 | ---- | C] (CACE Technologies) -- C:\DOCUME~1\Alex\Desktop\WinPcap_4_0_2.exe
[2009/04/12 01:03:19 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\Desktop\listchecker
[2009/04/09 11:17:29 | 00,244,224 | ---- | C] () -- C:\DOCUME~1\Alex\Desktop\P780_L6_sp03.ppt
[2009/04/05 23:33:14 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/05 23:32:55 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/05 21:04:17 | 00,000,434 | ---- | C] () -- C:\DOCUME~1\Alex\My Documents\UDC Output Files.lnk
[2009/04/05 21:03:59 | 00,005,632 | ---- | C] (fCoder Group, Inc.) -- C:\WINDOWS\System32\udcpm.dll
[2009/04/05 21:03:53 | 00,000,000 | R--D | C] -- C:\UDC Output Files
[2009/04/05 21:03:53 | 00,000,000 | ---D | C] -- C:\Program Files\Universal Document Converter
[2009/04/05 15:46:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Alex\Application Data\Brother
[2009/04/04 20:13:48 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/04 20:13:47 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2009/04/04 20:10:25 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/04/04 20:10:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/04/04 20:09:48 | 00,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\brlmw03a.dll
[2009/04/04 20:09:48 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/04/04 20:09:47 | 00,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2009/04/04 20:09:47 | 00,000,000 | ---D | C] -- C:\Program Files\Brownie
[2009/04/04 20:06:42 | 00,114,688 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2009/04/04 20:06:41 | 00,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/04/04 20:06:41 | 00,024,223 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
[2009/04/04 20:06:40 | 00,192,512 | ---- | C] (brother) -- C:\WINDOWS\System32\Pdrvinst.dll
[2009/04/04 20:06:40 | 00,000,000 | ---D | C] -- C:\Program Files\Brother
[2009/04/04 20:06:13 | 00,000,232 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/04/02 20:17:42 | 00,000,162 | -H-- | C] () -- C:\DOCUME~1\Alex\My Documents\~$aty3;'.docx
[2009/04/02 20:16:28 | 20,719,2886 | ---- | C] () -- C:\DOCUME~1\Alex\My Documents\whaty3;.docx
[2009/04/02 17:35:38 | 00,000,162 | -H-- | C] () -- C:\DOCUME~1\Alex\My Documents\~$py of whaty3.docx
[2009/03/31 21:17:49 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\Desktop\PHY 129A
[2009/03/30 20:04:16 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\Desktop\CHE 110C
[2009/03/30 20:04:07 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\Desktop\PHY 110B
[2009/03/29 20:49:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\WinRAR
[2009/03/24 02:59:54 | 41,689,899 | ---- | C] () -- C:\DOCUME~1\Alex\My Documents\whaty4.docx
[2009/03/22 19:43:34 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\Desktop\PHY 115A
[2009/03/19 11:49:55 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Alex\My Documents\crayon
[2009/03/17 22:49:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\Sonic
[2009/03/16 20:13:13 | 00,000,000 | ---D | C] -- C:\WTablet
[2008/10/10 19:45:59 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008/09/19 14:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 14:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 14:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 14:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/26 08:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/03/04 03:23:56 | 00,958,464 | ---- | C] () -- C:\WINDOWS\System32\VSFilter.dll
[2008/02/11 10:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/10/12 01:11:58 | 00,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/10/08 20:01:09 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/08/24 06:52:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/07/27 15:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/04/05 00:28:43 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/04/04 12:44:55 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2007/01/18 13:15:23 | 00,000,145 | ---- | C] () -- C:\WINDOWS\StarryNight.ini
[2007/01/16 10:24:32 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/16 10:23:45 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/01/16 10:23:45 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/01/16 10:23:44 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/01/01 14:57:06 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2006/12/21 12:20:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2006/12/21 00:39:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\SDConfig.dll
[2006/12/21 00:37:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2006/12/21 00:33:40 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\usc1.dll
[2006/12/21 00:33:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2006/10/30 17:16:20 | 00,004,246 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2006/09/06 20:45:03 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/06 11:59:42 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/05 14:32:33 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/09/05 12:55:36 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/09/04 22:56:07 | 00,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/09/04 22:56:07 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3677.sys
[2006/09/04 16:08:24 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/09/04 16:08:24 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/05/28 18:14:43 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/24 21:28:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/16 08:07:58 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 02:50:52 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 02:25:21 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 02:25:21 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 02:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 02:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 02:25:21 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 02:25:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 09:41:53 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 09:41:53 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 09:40:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 09:28:50 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 09:28:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 09:28:50 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 09:28:50 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 09:25:00 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 09:25:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/02/15 08:44:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 08:34:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 07:09:00 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/15 07:04:21 | 00,000,911 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/15 07:04:12 | 00,044,544 | ---- | C] () -- C:\WINDOWS\Waumni.dll
[2006/02/15 07:04:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/02/15 07:03:57 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004867_.tmp.dll
[2006/02/15 07:02:59 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004899_.tmp.dll
[2005/12/05 20:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/28 21:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 15:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 16:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 14:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/22 22:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[1997/06/13 17:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll



========== Files - Modified Within 30 Days ==========

[273 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\DOCUME~1\Alex\My Documents\*.tmp files]
[2009/04/15 07:03:17 | 00,088,558 | ---- | M] () -- C:\WINDOWS\System32\drivers\7b7ed347.sys
[2009/04/15 07:00:00 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\ziiuxkdd.job
[2009/04/15 06:55:37 | 61,137,133 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\ml50setup(2).zip.part
[2009/04/15 06:55:37 | 00,000,000 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\ml50setup(2).zip
[2009/04/15 06:42:05 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/15 06:40:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/15 06:40:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/15 06:40:09 | 21,370,51136 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/15 06:39:07 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jinowavu
[2009/04/15 06:32:42 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Alex\Desktop\OTListIt2a.exe
[2009/04/15 06:30:22 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\Rooterr.exe
[2009/04/15 06:21:51 | 00,225,104 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\112-20062-MT2.pdf
[2009/04/15 06:06:59 | 00,041,472 | ---- | M] (Doug Knox) -- C:\DOCUME~1\Alex\Desktop\SysRestorePoint.exe
[2009/04/15 05:57:51 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\Alex\Desktop\erunt_setup.exe
[2009/04/15 05:28:02 | 00,001,420 | ---- | M] () -- C:\WINDOWS\Tbepujumuqoboxe.dat
[2009/04/15 01:38:23 | 00,000,016 | ---- | M] () -- C:\WINDOWS\Bcune.bin
[2009/04/15 01:29:50 | 87,280,281 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\ml50setup.zip
[2009/04/15 00:41:38 | 00,001,745 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\HijackThis.lnk
[2009/04/15 00:15:00 | 00,215,203 | ---- | M] () -- C:\DOCUME~1\Alex\My Documents\WWWWWWWWWWWWWINDOWS PROGRAMSSSSSSSSSSSSSSSS.docx
[2009/04/14 14:56:37 | 00,001,747 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\SUPERAntiSpyware Free Edition (2).lnk
[2009/04/14 14:49:03 | 00,055,296 | ---- | M] () -- C:\rnvx.exe
[2009/04/14 14:48:55 | 00,000,002 | ---- | M] () -- C:\2981779
[2009/04/14 05:56:24 | 00,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/14 01:32:29 | 01,404,795 | -HS- | M] () -- C:\WINDOWS\System32\anoduyim.ini
[2009/04/13 16:13:35 | 00,121,344 | ---- | M] () -- C:\DOCUME~1\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/12 01:04:55 | 00,010,330 | ---- | M] () -- C:\Documents and Settings\Alex\Application Data\wklnhst.dat
[2009/04/12 01:03:40 | 00,550,560 | ---- | M] (CACE Technologies) -- C:\DOCUME~1\Alex\Desktop\WinPcap_4_0_2.exe
[2009/04/10 03:45:22 | 20,719,2886 | ---- | M] () -- C:\DOCUME~1\Alex\My Documents\whaty3;.docx
[2009/04/10 03:16:35 | 41,689,899 | ---- | M] () -- C:\DOCUME~1\Alex\My Documents\whaty4.docx
[2009/04/09 11:17:29 | 00,244,224 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\P780_L6_sp03.ppt
[2009/04/07 16:13:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/05 21:04:17 | 00,000,434 | ---- | M] () -- C:\DOCUME~1\Alex\My Documents\UDC Output Files.lnk
[2009/04/05 15:38:22 | 00,000,232 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2009/04/04 20:13:47 | 00,000,034 | ---- | M] () -- C:\WINDOWS\System32\BD2140.DAT
[2009/04/04 20:10:25 | 00,009,853 | ---- | M] () -- C:\WINDOWS\HL-2140.INI
[2009/04/04 20:10:25 | 00,000,145 | ---- | M] () -- C:\WINDOWS\BRVIDEO.INI
[2009/04/04 20:10:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2009/04/02 20:17:42 | 00,000,162 | -H-- | M] () -- C:\DOCUME~1\Alex\My Documents\~$aty3;'.docx
[2009/04/02 17:35:38 | 00,000,162 | -H-- | M] () -- C:\DOCUME~1\Alex\My Documents\~$py of whaty3.docx
[2009/03/29 04:44:00 | 00,000,719 | ---- | M] () -- C:\DOCUME~1\Alex\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/19 17:13:35 | 00,077,273 | ---- | M] () -- C:\WINDOWS\War3Unin.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\DOCUME~1\ALLUSE~1\Application Data\TEMP:DFC5A2B2
< End of report >







Actually to be honest, everything SEEMS to work fine at this point, after the Malwarebytes' scan, deletion, and reboot (except Windows Update pages still give an error, and Malwarebytes' and Superantispyware aren't allowed to update). But seeming fine has happened before, only the virus would spring up again later. I'm not adept enough at analyzing my computer to be certain.

At any rate, thanks for any help!


Edit: Nevermind, avast picked up more viruses from .exe files upon running a Superantispyware scan (though is it possible they were residual?...)

Edit 2: Some websites I click on bring me to a "Bizrate" website.

Edited by lex1245, 15 April 2009 - 09:44 AM.

[Rorschach112]

hello

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[lex1245]

Immediately before the creation of the log, avast caught an infected .exe; it was moved, and subsequently the message:

"error copying ERDNT.exe to fold"

came up.




Combofix log:


ComboFix 09-04-15.08 - Alex 04/15/2009 15:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1218 [GMT -7:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090415-0] *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\dat.txt
c:\windows\system32\_004856_.tmp.dll
c:\windows\system32\_004857_.tmp.dll
c:\windows\system32\_004858_.tmp.dll
c:\windows\system32\_004859_.tmp.dll
c:\windows\system32\_004866_.tmp.dll
c:\windows\system32\_004867_.tmp.dll
c:\windows\system32\_004868_.tmp.dll
c:\windows\system32\_004869_.tmp.dll
c:\windows\system32\_004871_.tmp.dll
c:\windows\system32\_004872_.tmp.dll
c:\windows\system32\_004875_.tmp.dll
c:\windows\system32\_004876_.tmp.dll
c:\windows\system32\_004878_.tmp.dll
c:\windows\system32\_004879_.tmp.dll
c:\windows\system32\_004880_.tmp.dll
c:\windows\system32\_004882_.tmp.dll
c:\windows\system32\_004885_.tmp.dll
c:\windows\system32\_004886_.tmp.dll
c:\windows\system32\_004890_.tmp.dll
c:\windows\system32\_004891_.tmp.dll
c:\windows\system32\_004893_.tmp.dll
c:\windows\system32\_004896_.tmp.dll
c:\windows\system32\_004898_.tmp.dll
c:\windows\system32\_004899_.tmp.dll
c:\windows\system32\_004900_.tmp.dll
c:\windows\system32\_004901_.tmp.dll
c:\windows\system32\_004902_.tmp.dll
c:\windows\system32\_004905_.tmp.dll
c:\windows\system32\_004906_.tmp.dll
c:\windows\system32\_004907_.tmp.dll
c:\windows\system32\_004908_.tmp.dll
c:\windows\system32\_004909_.tmp.dll
c:\windows\system32\_004914_.tmp.dll
c:\windows\system32\_004916_.tmp.dll
c:\windows\system32\_004917_.tmp.dll
c:\windows\system32\anoduyim.ini
c:\windows\system32\tmp.reg
c:\windows\Tasks\ziiuxkdd.job

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-15 13:30 . 2009-04-15 13:50 -------- d-----w C:\Rooter$
2009-04-15 11:02 . 2009-04-15 11:02 -------- d-----w c:\documents and settings\Alex\Local Settings\Application Data\{8F527F9E-4A45-4054-98F1-54A8F3E08959}
2009-04-15 07:28 . 2009-04-15 07:27 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-15 07:28 . 2009-04-15 07:27 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-15 06:13 . 2009-04-15 08:38 16 ----a-w c:\windows\Bcune.bin
2009-04-15 06:13 . 2009-04-15 12:28 1420 ----a-w c:\windows\Tbepujumuqoboxe.dat
2009-04-15 03:03 . 2009-04-15 03:03 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\{5A51FE0A-D958-4378-8230-BC4AFCEB2C74}
2009-04-14 21:49 . 2009-04-15 22:14 88558 ----a-w c:\windows\system32\drivers\7b7ed347.sys
2009-04-14 21:49 . 2009-04-14 21:49 55296 ----a-w C:\rnvx.exe
2009-04-14 21:48 . 2009-04-14 21:48 2 ----a-w C:\2981779
2009-04-06 06:33 . 2009-01-15 19:19 23848 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-06 06:33 . 2008-04-17 19:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-06 06:32 . 2009-04-06 06:33 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-06 04:03 . 2008-04-05 01:07 5632 ----a-w c:\windows\system32\udcpm.dll
2009-04-06 04:03 . 2009-04-06 04:03 -------- d-----r C:\UDC Output Files
2009-04-05 22:46 . 2009-04-05 22:46 -------- d-----r c:\documents and settings\Alex\Application Data\Brother
2009-04-05 03:13 . 2009-04-14 12:56 426 ----a-w c:\windows\BRWMARK.INI
2009-04-05 03:13 . 2009-04-05 03:13 34 ----a-w c:\windows\system32\BD2140.DAT
2009-04-05 03:10 . 2009-04-05 03:10 145 ----a-w c:\windows\BRVIDEO.INI
2009-04-05 03:10 . 2009-04-05 03:10 0 ----a-w c:\windows\brmx2001.ini
2009-04-05 03:09 . 2004-08-10 08:00 114 ------w c:\windows\system32\brlmw03a.ini
2009-04-05 03:09 . 2004-08-10 07:42 77824 ------w c:\windows\system32\brlmw03a.dll
2009-04-05 03:09 . 2009-04-05 03:10 9853 ----a-w c:\windows\HL-2140.INI
2009-04-05 03:06 . 2007-08-19 16:34 114688 ----a-w c:\windows\system32\BRRBTOOL.EXE
2009-04-05 03:06 . 2006-12-21 02:23 176128 ----a-w c:\windows\system32\BROSNMP.DLL
2009-04-05 03:06 . 2004-09-23 15:00 24223 ----a-w c:\windows\system32\BRLM03A.DLL
2009-04-05 03:06 . 2007-04-24 08:30 192512 ------w c:\windows\system32\Pdrvinst.dll
2009-04-05 03:06 . 2009-04-05 22:38 232 ----a-w c:\windows\Brownie.ini
2009-03-30 06:42 . 2009-03-30 06:42 -------- d-----w c:\documents and settings\Alex\oto
2009-03-18 05:49 . 2009-03-18 05:49 -------- d-----w c:\documents and settings\Alex\Application Data\Sonic
2009-03-17 03:13 . 2009-03-17 03:13 -------- d-----w C:\WTablet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 22:13 . 2009-01-19 01:10 -------- d-----w c:\documents and settings\Alex\Application Data\WTablet
2009-04-15 22:09 . 2008-07-04 20:42 -------- d-----w c:\documents and settings\Alex\Application Data\DNA
2009-04-15 16:38 . 2008-07-04 20:42 -------- d-----w c:\program files\DNA
2009-04-15 15:17 . 2007-12-01 03:07 -------- d-----w c:\program files\sfArk
2009-04-15 15:17 . 2008-03-23 05:16 -------- d-----w c:\program files\MagicISO
2009-04-15 15:13 . 2009-04-05 03:09 -------- d-----w c:\program files\Brownie
2009-04-15 15:05 . 2007-02-10 10:43 -------- d-----w c:\program files\Warcraft III
2009-04-15 13:50 . 2009-04-15 13:50 4876 ----a-w C:\Rooter.txt
2009-04-15 13:47 . 2009-04-15 12:45 -------- d-----w c:\program files\ERUNT
2009-04-15 12:54 . 2009-04-15 12:54 -------- d-----w c:\program files\Copy of Malwarebytes' Anti-Malware
2009-04-15 12:52 . 2006-05-29 01:09 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-15 09:43 . 2009-04-15 09:43 -------- d-----w c:\program files\MStudio
2009-04-15 07:40 . 2009-04-15 07:40 -------- d-----w c:\program files\Trend Micro
2009-04-15 07:27 . 2006-02-16 09:28 -------- d-----w c:\program files\Java
2009-04-15 07:20 . 2006-09-05 07:16 -------- d-----w c:\documents and settings\Alex\Application Data\BitTorrent
2009-04-14 23:23 . 2006-09-04 23:08 -------- d-----w c:\program files\XviD
2009-04-14 23:16 . 2006-09-21 17:37 -------- d-----w c:\program files\Starcraft
2009-04-14 23:10 . 2006-09-05 20:23 -------- d-----w c:\program files\PowerISO
2009-04-14 23:04 . 2008-10-17 20:52 -------- d-----w c:\program files\MagicDisc
2009-04-14 23:03 . 2006-02-15 16:28 -------- d-----w c:\program files\ltmoh
2009-04-14 22:51 . 2009-03-06 23:32 -------- d-----w c:\program files\CodeBlocks
2009-04-14 22:51 . 2007-03-16 03:08 -------- d-----w c:\program files\Citrus Alarm Clock
2009-04-14 11:47 . 2008-12-15 06:07 435 ----a-w C:\VundoFix.txt
2009-04-12 08:04 . 2006-09-03 23:55 10330 ----a-w c:\documents and settings\Alex\Application Data\wklnhst.dat
2009-04-09 10:25 . 2007-04-03 04:20 -------- d--h--w c:\documents and settings\Alex\Application Data\Move Networks
2009-04-06 06:33 . 2008-09-22 06:19 -------- d-----w c:\program files\iTunes
2009-04-06 06:33 . 2009-04-06 06:33 -------- d-----w c:\program files\iPod
2009-04-06 06:33 . 2007-07-06 07:12 -------- d-----w c:\program files\Common Files\Apple
2009-04-06 06:30 . 2007-07-20 05:19 -------- d-----w c:\program files\Bonjour
2009-04-06 04:04 . 2009-04-06 04:03 -------- d-----w c:\program files\Universal Document Converter
2009-04-05 03:37 . 2007-11-18 08:41 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-05 03:09 . 2009-04-05 03:06 -------- d-----w c:\program files\Brother
2009-04-05 03:06 . 2006-02-15 16:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 11:44 . 2008-12-14 12:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-29 11:42 . 2008-12-15 07:16 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-28 06:48 . 2009-01-13 06:05 -------- d-----w c:\program files\Last.fm
2009-03-26 23:49 . 2008-12-14 12:14 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 23:49 . 2008-12-14 12:14 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-11 06:28 . 2007-03-03 22:36 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-10 21:37 . 2008-08-22 23:10 -------- d-----w c:\program files\Common Files\logishrd
2009-03-06 23:38 . 2009-03-06 23:33 -------- d-----w c:\documents and settings\Alex\Application Data\codeblocks
2009-03-06 23:35 . 2009-03-06 23:35 -------- d-----w c:\program files\New Folder
2009-03-06 23:18 . 2009-03-06 23:18 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-03 04:44 . 2009-03-02 04:32 -------- d-----w c:\documents and settings\Alex\Application Data\Skype
2009-03-03 01:44 . 2009-03-02 04:33 -------- d-----w c:\documents and settings\Alex\Application Data\skypePM
2009-03-02 04:31 . 2009-03-02 04:31 -------- d-----r c:\program files\Skype
2009-03-02 04:31 . 2009-03-02 04:30 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-02 04:31 . 2009-03-02 04:31 -------- d-----w c:\program files\Common Files\Skype
2009-03-01 00:06 . 2009-02-28 07:54 -------- d-----w c:\program files\Steam
2009-02-16 04:44 . 2009-02-16 04:43 -------- d-----w c:\program files\Mozilla Thunderbird
2009-02-16 04:43 . 2009-02-16 04:43 -------- d-----w c:\documents and settings\Alex\Application Data\Thunderbird
2009-02-10 16:02 . 2006-02-16 16:59 130440 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-10 16:01 . 2006-09-03 23:49 130440 ----a-w c:\documents and settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 14:50 . 2006-02-15 14:05 250032 --sha-r C:\ntldr
2009-02-09 10:19 . 2009-02-09 14:33 1846272 ----a-w c:\windows\system32\win32k.sys
2009-01-31 17:53 . 2009-01-31 17:53 604 ---ha-w c:\program files\STLL Notifier
2006-09-04 20:02 . 2006-09-03 23:49 127 ----a-w c:\documents and settings\Alex\Local Settings\Application Data\fusioncache.dat
2006-02-17 09:57 . 2006-02-17 09:57 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2005-05-12 06:04 . 2007-10-23 00:17 287744 ----a-w c:\documents and settings\Alex\Setup-Ease.exe
2005-05-07 00:01 . 2007-10-23 01:01 287744 ----a-w c:\documents and settings\Alex\Setup-Tactics.exe
2008-09-18 03:2008-09-18 03:12 12:26 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2007-06-13 10:23 1053184 1EB29A1335808460021E3C1D1FEAFC11 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1053184 1CED2855CFF4FC5F2CE1BDD776A81F54 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-10 12:00 1052160 8A7B43FCA69BEAA93BE7A242DF91EF57 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1053696 D49F82194DD697743895A8F29DE9B94D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 10:23 1053184 22F86880622FA8126B2BD9BA784159DE c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 00:12 35328 2C4F99C30245CAB962D9696DD59DE0EA c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-10 12:00 35328 CBFE5459B8E11F604CB3E3264413A472 c:\windows\system32\ctfmon.exe
[-] 2004-08-10 12:00 35328 598B5642880890EDD15D171313A770F6 c:\windows\system32\dllcache\ctfmon.exe

[-] 2005-06-11 00:17 77824 DB79E1CF06AC3547112D8636EC2DC894 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-10 12:00 77824 937413E1DB87E5145F9863A908764BE9 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 77824 33551098167AE54EF55573825B6BB285 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-10 23:53 77824 5385628CB389DB6278A892F76FC5B833 c:\windows\system32\spoolsv.exe
[-] 2005-06-10 23:53 77824 3C5CAF371F34FCB4A08DE40AC808FFBD c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 00:12 46080 3F059D6E50129D539C57CC4BCEA87086 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-10 12:00 44544 B929E711B14E94D69037660EBE90867B c:\windows\system32\userinit.exe
[-] 2004-08-10 12:00 44544 5C5AFDE2BE538363E2FE6483123E4DBA c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SharpTray"="c:\program files\Sharp\Sharpdesk\SharpTray.exe" [2004-03-06 49152]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 35328]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-15 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 139264]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 50176]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 84480]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 372736]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 102489]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 782425]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 94208]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 143420]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 172032]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 688198]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 622662]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 229432]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 64000]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 86968]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 475136]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 475136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 185896]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-15 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-15 2407184]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="C:\QTTask.exe" [2009-01-06 434176]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 148888]
"TFncKy"="TFncKy.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"CFSServ.exe"="CFSServ.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15714816]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-10-17 599040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 94788]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-29 11:42 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-22 04:42 40448 ----a-w c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ psqlpwd scecli Waumni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2006-05-10 00:24 50760 ----a-w c:\program files\Common Files\AOL\Launch\aollaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w c:\program files\Common Files\AOL\1140083713\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AresChatServer"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"wscsvc"=2 (0x2)
"Schedule"=2 (0x2)
"McrdSvc"=2 (0x2)
"CFSvcs"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aim6.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\math.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=

R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2007-11-07 831112]
R3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-18 30192]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-29 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2005-12-22 13568]
S2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2005-12-22 33024]
S2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [2005-12-22 3456]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 45132]

.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{e2ba40a2-74f3-42bd-f434-2604812c8953} - (no file)
HKCU-Run-TOSCDSPD - c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe
HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
HKLM-Run-BrStsWnd - c:\program files\Brownie\BrstsWnd.exe
HKLM-Run-TDispVol - TDispVol.exe
HKLM-Run-TPSMain - TPSMain.exe
HKLM-Run-UDC Integration - (no file)
Notify-ocmerg - c:\program files\Windows Media Player\Network Sharing\ocmerg.dll
Notify-dimsntfy - (no file)
SafeBoot-TDSSmqct.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\b2ti9ecf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ninja.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.ftp - 87.117.231.22
FF - prefs.js: network.proxy.gopher - 87.117.231.22
FF - prefs.js: network.proxy.http - 87.117.231.22
FF - prefs.js: network.proxy.socks - 87.117.231.22
FF - prefs.js: network.proxy.ssl - 87.117.231.22
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\b2ti9ecf.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 15:13
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\_av_proI.tm~a03964\dld1.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\7b7ed347]
"ImagePath"="\SystemRoot\System32\drivers\7b7ed347.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\hukawebo.dll"
"ThreadingModel"="Both"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\biokmd.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(1180)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\Waumni.dll

- - - - - - - > 'explorer.exe'(2584)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Altap Salamander 2.5\plugins\salamext.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\Waumni.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\VentSrv\ventrilo_svc.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-15 15:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-15 22:22

Pre-Run: 4,080,406,528 bytes free
Post-Run: 4,393,549,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

457 --- E O F --- 2009-04-13 10:00

[Rorschach112]

hello

you need to uninstall two of these

AV: avast! antivirus 4.8.1335 [VPS 090415-0] *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)



Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo...yp-t235690.html

Collect::
c:\windows\Tbepujumuqoboxe.dat
c:\windows\system32\drivers\7b7ed347.sys
C:\rnvx.exe
C:\2981779

Suspect::

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  • c:\windows\system32\userinit.exe
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

[lex1245]

The VirusSCAN.org site gives me a "Internet Explorer cannot display the webpage", both from the link here and from google.


Firefox is also completely no longer openable.

Should I just post the Combofix log?

[Rorschach112]

try this

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

c:\windows\system32\userinit.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

[lex1245]

Unfortunately, that website also appears to be down for me.

[Rorschach112]

hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[lex1245]

The Kapersky website is down for me as well...

I'd like to take this opportunity to say thanks for your help thus far, this thing is quite annoying lol

[Rorschach112]

do this but don't fix anything with it

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left unneutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

[lex1245]

Again, the Kaspersky site is down for me, I can't download the file or find the latest version online.

[Rorschach112]

hi

Download RootRepeal.zip and unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post