Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Antivirus 2010 and Seacurity Tool [Solved]

Started by slugger05 , Oct 17 2009 02:44 AM

This topic is locked

#1
slugger05

Posted 17 October 2009 - 02:44 AM

New Member

Member
8 posts

Hi I"m new to the site but have heard nothing but good things. I am having some serious computer troubles. My subscription to my anti virus expired and I got the ANTIVIRUS 2010 and SEACURITY TOOL. Ive tried everything but every program I run that trys to can my computer it kills.example Spyboy S&D, avg, mbam all of them. I cant use my internet so I am in safe mode right now and was able to get all the logs except for MBAM. someone please help I am in some serious trouble as I need this for college.

RootRepeal
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/17 03:49
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF7E5C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8AB3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP3182
Image Path: \Driver\PCI_PNP3182
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF75D4000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spdg.sys
Image Path: spdg.sys
Address: 0xF8455000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF883F000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF8607000 Size: 61440 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spdg.sys" at address 0xf84560e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spdg.sys" at address 0xf8474ca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spdg.sys" at address 0xf8475032

#: 119 Function Name: NtOpenKey
Status: Hooked by "spdg.sys" at address 0xf84560c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spdg.sys" at address 0xf847510a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spdg.sys" at address 0xf8474f8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spdg.sys" at address 0xf847519c

==EOF==

OTL.txt
OTL logfile created on: 10/17/2009 4:22:13 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 267.64 Mb Available Physical Memory | 52.48% Memory free
1.22 Gb Paging File | 1.05 Gb Available in Paging File | 86.08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 3.52 Gb Free Space | 6.67% Space Free | Partition Type: NTFS
Drive D: | 18.48 Gb Total Space | 8.31 Gb Free Space | 44.95% Space Free | Partition Type: NTFS
Drive E: | 487.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANSROOM
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/17 04:20:17 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL2.exe
PRC - [2009/01/15 03:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (McSysmon [On_Demand | Stopped])
SRV - File not found -- -- (McShield [Unknown | Stopped])
SRV - [2009/10/17 00:34:12 | 00,065,536 | ---- | M] (TG Soft Sas www.tgsoft.it) -- C:\VeXpLite\viritsvc.exe -- (viritsvclite [Auto | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
SRV - [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Auto | Stopped])
SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Stopped])
SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/07/12 10:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device [On_Demand | Stopped])
SRV - [2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:32 | 00,000,000 | ---D | M]

O1 HOSTS File: (302562 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10430 more lines...
O2 - BHO: (C:\WINDOWS\system32\a1ulp4kbz.dll) - {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\System32\a1ulp4kbz.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Antivirus Pro 2010] C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (;qkdfjfsdsgjsdg)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\dell\E-Center\gtb.exe File not found
O4 - HKLM..\Run: [ferayovep] C:\WINDOWS\System32\fuzuhefu.DLL ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VeXpLite\MONLITE.EXE ()
O4 - HKLM..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\Documents and Settings\Administrator\Local Settings\Temp\winlogon.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\cats\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.co...date/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.co...ty4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\ludiyofu.dll) - C:\WINDOWS\System32\ludiyofu.dll ()
O20 - AppInit_DLLs: (c:\DOCUME~1\ALLUSE~1\APPLIC~1\pudaveya\pudaveya.dll) - c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll ()
O20 - AppInit_DLLs: (c:\DOCUME~1\ALLUSE~1\APPLIC~1\zuzofewe\zuzofewe.dll) - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\boruyani.dll) - C:\WINDOWS\System32\boruyani.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\sidehole.dll) - C:\WINDOWS\System32\sidehole.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\kumizodo.dll) - C:\WINDOWS\System32\kumizodo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\yowirubu.dll) - C:\WINDOWS\System32\yowirubu.dll ()
O20 - AppInit_DLLs: (kusumiwi.dll) - C:\WINDOWS\System32\kusumiwi.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\varabefa.dll) - C:\WINDOWS\System32\varabefa.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\yefinuli.dll) - C:\WINDOWS\System32\yefinuli.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\nevokumo.dll) - C:\WINDOWS\System32\nevokumo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\muyiseta.dll) - C:\WINDOWS\System32\muyiseta.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\vewuyati.dll) - C:\WINDOWS\System32\vewuyati.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\yenusapo.dll) - C:\WINDOWS\System32\yenusapo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\fuzuhefu.dll) - C:\WINDOWS\System32\fuzuhefu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: fibuhesuj - {a33a0337-c976-4a62-864c-114fba12bd99} - C:\WINDOWS\System32\fuzuhefu.dll ()
O21 - SSODL: figehoduh - {6df4f4ee-b1b2-41c0-b465-5f5e9646d610} - C:\WINDOWS\System32\yowirubu.dll ()
O21 - SSODL: goyolafim - {bb5cac16-d07c-4d67-9778-12d81a2047f8} - C:\WINDOWS\System32\yefinuli.dll ()
O21 - SSODL: gukodosoz - {f93458ef-0389-4013-9c80-0c84c50b4cc2} - CLSID or File not found.
O21 - SSODL: gulesewik - {1d750f0e-9ca3-4fc3-bfc5-a54cc53c5536} - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O21 - SSODL: hepejezem - {2706bacb-a6bc-44a9-b0f9-411cf8c05a08} - C:\WINDOWS\System32\yenusapo.dll ()
O21 - SSODL: jawosubiv - {40eac9dd-de86-44d3-84af-96394fa25b76} - C:\WINDOWS\System32\kumizodo.dll ()
O21 - SSODL: jigolohef - {03c1d344-ea80-42ec-9082-e10ddee03130} - c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll ()
O21 - SSODL: kederazij - {cacdd594-951d-4d58-975d-75bf64892c47} - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O21 - SSODL: kumusuvab - {6911a698-5649-4e71-bc82-dd448d69c45a} - C:\WINDOWS\System32\nevokumo.dll ()
O21 - SSODL: muyakadah - {dbb2d341-bbe8-441a-916a-80c70566c89c} - C:\WINDOWS\System32\varabefa.dll ()
O21 - SSODL: nividizum - {0627a1d9-1935-482b-a12e-482b405e1824} - C:\WINDOWS\System32\yenusapo.dll ()
O21 - SSODL: niwojebaj - {7fa5aafd-e751-4f3b-87d0-b589d2db206c} - CLSID or File not found.
O21 - SSODL: podarudor - {3b1276a1-7a92-4e29-99ae-20cd000cb439} - C:\WINDOWS\System32\vewuyati.dll ()
O21 - SSODL: ravasizop - {a823b1f0-2b4a-442a-817b-61cb9756f1d3} - C:\WINDOWS\System32\yenusapo.dll ()
O21 - SSODL: rihuguvup - {a3a060da-156e-4f2f-92a5-f1546770b799} - C:\WINDOWS\System32\varabefa.dll ()
O21 - SSODL: rirogovuf - {9b750ad2-b330-4797-bd9c-4136f62cd900} - C:\WINDOWS\System32\yenusapo.dll ()
O21 - SSODL: tomeramom - {44fda548-dcd4-4349-bd76-9624219f8bdd} - CLSID or File not found.
O21 - SSODL: tupegewew - {75ca0af1-a537-435d-850b-fe5bd6c6512b} - C:\WINDOWS\System32\yenusapo.dll ()
O21 - SSODL: vosirifoh - {833c647f-0ff7-496b-ad97-9aae98476c2d} - c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll ()
O21 - SSODL: vowirakoh - {fbf035d2-1401-4b3a-8485-d1b56545c50c} - C:\WINDOWS\System32\sidehole.dll ()
O21 - SSODL: winujiveg - {410d9bda-5516-473b-8553-40b7cac531ef} - C:\WINDOWS\System32\muyiseta.dll ()
O21 - SSODL: wivoluved - {223f1e7e-1063-41c2-b90f-89de76b430d9} - C:\WINDOWS\System32\sidehole.dll ()
O21 - SSODL: wugemeyos - {7da4ec36-e4f1-4490-80f9-7ee6a238ae88} - C:\WINDOWS\System32\yefinuli.dll ()
O21 - SSODL: yodabofep - {baa0a898-66b7-48cd-a6d8-7719815d2f91} - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O21 - SSODL: zalujosez - {b0e28726-6d1e-4f31-ac1a-478d247ba1bb} - C:\WINDOWS\System32\yowirubu.dll ()
O22 - SharedTaskScheduler: {03c1d344-ea80-42ec-9082-e10ddee03130} - gahurihor - c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll ()
O22 - SharedTaskScheduler: {0627a1d9-1935-482b-a12e-482b405e1824} - gahurihor - C:\WINDOWS\System32\yenusapo.dll ()
O22 - SharedTaskScheduler: {1d750f0e-9ca3-4fc3-bfc5-a54cc53c5536} - kupuhivus - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O22 - SharedTaskScheduler: {223f1e7e-1063-41c2-b90f-89de76b430d9} - gahurihor - C:\WINDOWS\System32\sidehole.dll ()
O22 - SharedTaskScheduler: {2706bacb-a6bc-44a9-b0f9-411cf8c05a08} - mujuzedij - C:\WINDOWS\System32\yenusapo.dll ()
O22 - SharedTaskScheduler: {3b1276a1-7a92-4e29-99ae-20cd000cb439} - jugezatag - C:\WINDOWS\System32\vewuyati.dll ()
O22 - SharedTaskScheduler: {40eac9dd-de86-44d3-84af-96394fa25b76} - tokatiluy - C:\WINDOWS\System32\kumizodo.dll ()
O22 - SharedTaskScheduler: {410d9bda-5516-473b-8553-40b7cac531ef} - gahurihor - C:\WINDOWS\System32\muyiseta.dll ()
O22 - SharedTaskScheduler: {44fda548-dcd4-4349-bd76-9624219f8bdd} - jugezatag - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {6911a698-5649-4e71-bc82-dd448d69c45a} - kupuhivus - C:\WINDOWS\System32\ludiyofu.dll ()
O22 - SharedTaskScheduler: {6df4f4ee-b1b2-41c0-b465-5f5e9646d610} - gahurihor - C:\WINDOWS\System32\yowirubu.dll ()
O22 - SharedTaskScheduler: {75ca0af1-a537-435d-850b-fe5bd6c6512b} - kupuhivus - C:\WINDOWS\System32\yenusapo.dll ()
O22 - SharedTaskScheduler: {7da4ec36-e4f1-4490-80f9-7ee6a238ae88} - kupuhivus - C:\WINDOWS\System32\yefinuli.dll ()
O22 - SharedTaskScheduler: {7fa5aafd-e751-4f3b-87d0-b589d2db206c} - gahurihor - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {833c647f-0ff7-496b-ad97-9aae98476c2d} - jugezatag - c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll ()
O22 - SharedTaskScheduler: {9b750ad2-b330-4797-bd9c-4136f62cd900} - gahurihor - C:\WINDOWS\System32\yenusapo.dll ()
O22 - SharedTaskScheduler: {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - iukjsf8w3jirojs9f8u3jruhsf78s3jijdif - C:\WINDOWS\System32\a1ulp4kbz.dll ()
O22 - SharedTaskScheduler: {a33a0337-c976-4a62-864c-114fba12bd99} - gahurihor - C:\WINDOWS\System32\fuzuhefu.dll ()
O22 - SharedTaskScheduler: {a3a060da-156e-4f2f-92a5-f1546770b799} - gahurihor - C:\WINDOWS\System32\varabefa.dll ()
O22 - SharedTaskScheduler: {a823b1f0-2b4a-442a-817b-61cb9756f1d3} - tokatiluy - C:\WINDOWS\System32\yenusapo.dll ()
O22 - SharedTaskScheduler: {b0e28726-6d1e-4f31-ac1a-478d247ba1bb} - tokatiluy - C:\WINDOWS\System32\yowirubu.dll ()
O22 - SharedTaskScheduler: {baa0a898-66b7-48cd-a6d8-7719815d2f91} - jugezatag - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O22 - SharedTaskScheduler: {bb5cac16-d07c-4d67-9778-12d81a2047f8} - jugezatag - C:\WINDOWS\System32\yefinuli.dll ()
O22 - SharedTaskScheduler: {cacdd594-951d-4d58-975d-75bf64892c47} - mujuzedij - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O22 - SharedTaskScheduler: {dbb2d341-bbe8-441a-916a-80c70566c89c} - kupuhivus - C:\WINDOWS\System32\varabefa.dll ()
O22 - SharedTaskScheduler: {f93458ef-0389-4013-9c80-0c84c50b4cc2} - kupuhivus - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {fbf035d2-1401-4b3a-8485-d1b56545c50c} - jugezatag - C:\WINDOWS\System32\sidehole.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 08:53:14 | 00,000,075 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\start.exe -- [2009/06/12 08:53:23 | 04,707,135 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/16 23:39:43 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{3ADA1185-35A8-4B4E-B36B-6392B1DA8C26}
[2009/10/09 03:34:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\71509729
[2009/10/10 03:34:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gijeluhe
[2009/10/10 15:34:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kayufema
[2009/10/16 23:30:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/10 15:34:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pudaveya
[2009/10/10 15:34:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\rolibisu
[2009/10/10 03:34:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\yufatisi
[2009/10/10 03:34:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\zuzofewe
[2009/10/16 18:03:52 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/16 19:15:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/10/17 01:33:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG8
[2009/10/16 18:03:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/10/16 19:17:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/10/16 23:30:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/10/16 18:03:53 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2009/10/16 18:03:52 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch
[2009/10/17 01:00:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent
[2009/10/16 20:21:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/16 23:53:01 | 00,000,000 | ---D | C] -- C:\Program Files\AntivirusPro_2010
[2009/10/17 02:34:30 | 00,000,000 | ---D | C] -- C:\Program Files\cats
[2009/10/17 02:32:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/17 04:20:01 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL2.exe
[2009/10/17 03:35:22 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/10/17 02:34:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/17 02:34:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/17 02:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/17 02:30:51 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint.exe
[2009/10/17 00:06:09 | 00,000,000 | ---D | C] -- C:\VeXpLite
[2009/10/16 23:29:42 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\cats.exe
[2009/10/16 23:26:27 | 00,889,840 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_8_37_cnet.exe
[2009/10/16 20:52:22 | 34,101,504 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
[2009/10/16 18:03:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2009/10/16 18:03:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/17 04:24:22 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\nezumuba
[2009/10/17 04:20:17 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL2.exe
[2009/10/17 03:57:52 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/17 03:56:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/10/17 03:56:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/17 03:55:40 | 02,205,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/17 03:51:11 | 00,521,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/17 03:49:03 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/10/17 03:48:59 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/10/17 03:40:45 | 01,112,447 | -HS- | M] () -- C:\WINDOWS\System32\seyayewi.exe
[2009/10/17 03:40:43 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\fuzuhefu.dll
[2009/10/17 03:40:42 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\wepekigi.dll
[2009/10/17 02:46:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/17 02:38:26 | 00,271,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cak.exe
[2009/10/17 02:34:35 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/17 02:32:02 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/10/17 02:32:02 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/10/17 02:31:07 | 00,075,424 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/17 02:30:58 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint.exe
[2009/10/17 02:29:50 | 00,271,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/10/17 01:33:11 | 00,889,840 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_8_37_cnet.exe
[2009/10/17 01:22:23 | 00,000,478 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vir.IT eXplorer Lite.lnk
[2009/10/16 23:29:46 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\cats.exe
[2009/10/16 20:52:34 | 34,101,504 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
[2009/10/16 20:15:22 | 00,002,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2009/10/16 17:52:31 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/16 17:45:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR09.exe
[2009/10/16 17:45:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/16 17:35:32 | 00,000,831 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/10/16 15:38:28 | 01,111,915 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\ruvigesa.exe
[2009/10/16 15:38:19 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\yenusapo.dll
[2009/10/16 15:38:19 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\susesari.dll
[2009/10/16 03:38:05 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\lovosoja.dll
[2009/10/16 03:38:03 | 01,115,329 | -HS- | M] () -- C:\WINDOWS\System32\sepadima.exe
[2009/10/16 03:38:02 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\lonibeza.dll
[2009/10/15 15:37:48 | 01,114,795 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\rudinubo.exe
[2009/10/15 15:37:45 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\vewuyati.dll
[2009/10/15 15:37:44 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\wufajojo.dll
[2009/10/15 03:37:31 | 01,112,325 | -HS- | M] () -- C:\WINDOWS\System32\leyikire.exe
[2009/10/15 03:37:29 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\muyiseta.dll
[2009/10/15 03:37:28 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\kumababe.dll
[2009/10/15 03:37:28 | 00,025,600 | -HS- | M] () -- C:\WINDOWS\System32\piyetuho.exe
[2009/10/14 15:37:15 | 01,114,220 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\wetohuyo.exe
[2009/10/14 15:37:13 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\nevokumo.dll
[2009/10/14 15:37:12 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\rovezuda.dll
[2009/10/14 03:36:57 | 01,011,604 | -HS- | M] () -- C:\WINDOWS\System32\sokajuji.exe
[2009/10/14 03:36:56 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\yefinuli.dll
[2009/10/14 03:36:55 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\yodogugo.dll
[2009/10/13 15:36:41 | 01,011,606 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\yomajufe.exe
[2009/10/13 15:36:38 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\varabefa.dll
[2009/10/13 15:36:37 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\nonawava.dll
[2009/10/13 03:37:04 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\vozufehi.dll
[2009/10/13 03:36:36 | 01,011,312 | -HS- | M] () -- C:\WINDOWS\System32\muhimese.exe
[2009/10/13 03:36:34 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\yowirubu.dll
[2009/10/13 03:36:34 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zizemehe.dll
[2009/10/12 15:36:41 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\busatehe.dll
[2009/10/12 15:36:16 | 01,011,387 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\pomefeya.exe
[2009/10/12 15:36:11 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\kumizodo.dll
[2009/10/12 15:36:11 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\biyamubu.dll
[2009/10/12 03:35:54 | 01,011,503 | -HS- | M] () -- C:\WINDOWS\System32\wabuyoje.exe
[2009/10/12 03:35:52 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\fuzanamu.dll
[2009/10/12 03:35:52 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\dogebuwe.dll
[2009/10/11 15:35:36 | 01,011,449 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\vuheluji.exe
[2009/10/11 15:35:35 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\sidehole.dll
[2009/10/11 15:35:32 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\yiwuhiso.dll
[2009/10/11 03:35:16 | 01,011,147 | -HS- | M] () -- C:\WINDOWS\System32\zajeyema.exe
[2009/10/11 03:35:15 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\boruyani.dll
[2009/10/11 03:35:12 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\lofuvika.dll
[2009/10/09 15:34:48 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\pahupotu.dll
[2009/10/09 15:34:22 | 01,011,259 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\nopasisi.exe
[2009/10/09 15:34:16 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\ludiyofu.dll
[2009/10/09 15:34:15 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\royifego.dll
[2009/10/09 03:34:19 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\yekotafo.dll
[2009/10/09 03:33:54 | 01,050,147 | -HS- | M] () -- C:\WINDOWS\System32\disolada.exe
[2009/10/09 03:33:52 | 01,011,251 | -HS- | M] () -- C:\WINDOWS\System32\fuzoyalu.exe
[2009/10/09 03:33:52 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\waziroto.dll
[2009/10/09 03:33:50 | 00,194,056 | -HS- | M] () -- C:\WINDOWS\System32\kiyiromu.exe
[2009/10/09 03:33:50 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\vogekomu.dll
[2009/10/09 03:33:49 | 00,028,160 | -HS- | M] () -- C:\WINDOWS\System32\nejejuhi.dll
[2009/10/08 20:38:06 | 00,019,930 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ukaxikote._sy
[2009/10/08 20:38:06 | 00,018,894 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fyponowota.sys
[2009/10/08 20:38:06 | 00,018,745 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\isololebyh._dl
[2009/10/08 20:38:06 | 00,017,052 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pywabugesi.inf
[2009/10/08 20:38:06 | 00,016,479 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\amofodety.reg
[2009/10/08 20:38:06 | 00,014,355 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kyqate.db
[2009/10/08 20:38:06 | 00,012,839 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\acyb.db
[2009/10/08 20:38:06 | 00,011,831 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gizuz.db
[2009/10/08 20:38:05 | 00,018,375 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pozopawyp.exe
[2009/10/07 15:32:07 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\jehuzuru.dll
[2009/10/06 09:37:03 | 00,091,136 | ---- | M] () -- C:\WINDOWS\System32\kolakade.dll
[2009/10/06 09:35:38 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\yedawawo.dll
[2009/10/06 09:35:37 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\demiweso.exe
[2009/10/05 21:45:28 | 00,028,160 | ---- | M] () -- C:\WINDOWS\System32\dunohipo.dll
[2009/10/05 21:36:07 | 01,047,587 | -HS- | M] () -- C:\WINDOWS\System32\rokalodu.exe
[2009/10/05 21:35:49 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\donoheju.dll
[2009/10/05 21:35:49 | 00,028,160 | -HS- | M] () -- C:\WINDOWS\System32\givemeku.dll
[2009/10/05 19:56:12 | 00,166,400 | ---- | M] () -- C:\WINDOWS\System32\_scui.cpl
[2009/10/04 00:18:41 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2009/10/04 00:14:58 | 00,039,936 | ---- | M] () -- C:\anlqrvl.exe
[2009/10/04 00:14:55 | 00,189,841 | ---- | M] () -- C:\hufa.exe
[2009/10/04 00:14:53 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\a1ulp4kbz.dll
[2009/10/04 00:14:51 | 00,051,200 | ---- | M] () -- C:\ehrrg.exe
[2009/10/04 00:14:47 | 00,043,520 | ---- | M] () -- C:\vsoq.exe
[2009/10/04 00:14:47 | 00,019,456 | ---- | M] () -- C:\erupquii.exe
[2009/10/04 00:14:46 | 00,005,632 | ---- | M] () -- C:\efbcmkj.exe
[2009/10/04 00:13:39 | 00,340,992 | ---- | M] () -- C:\WINDOWS\System32\~.exe

========== Files - No Company Name ==========
[2009/10/17 03:51:02 | 00,521,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/17 03:49:03 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/10/17 02:38:23 | 00,271,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cak.exe
[2009/10/17 02:34:35 | 00,000,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/17 02:32:02 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/10/17 02:32:02 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/10/17 02:31:07 | 00,075,424 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/17 02:29:50 | 00,271,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/10/17 00:06:44 | 00,000,478 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vir.IT eXplorer Lite.lnk
[2009/10/16 20:15:22 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2009/10/16 18:04:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/10/16 18:03:57 | 02,205,456 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/08 20:38:06 | 00,019,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ukaxikote._sy
[2009/10/08 20:38:06 | 00,018,894 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fyponowota.sys
[2009/10/08 20:38:06 | 00,018,745 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\isololebyh._dl
[2009/10/08 20:38:06 | 00,017,052 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pywabugesi.inf
[2009/10/08 20:38:06 | 00,016,479 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\amofodety.reg
[2009/10/08 20:38:06 | 00,014,355 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kyqate.db
[2009/10/08 20:38:06 | 00,012,839 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\acyb.db
[2009/10/08 20:38:06 | 00,011,831 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gizuz.db
[2009/10/08 20:38:05 | 00,018,375 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pozopawyp.exe
[2009/10/06 09:35:38 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yedawawo.dll
[2009/10/06 09:35:37 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\demiweso.exe
[2009/10/06 09:28:20 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\kolakade.dll
[2009/10/05 21:36:07 | 01,047,587 | -HS- | C] () -- C:\WINDOWS\System32\rokalodu.exe
[2009/10/05 21:35:49 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\donoheju.dll
[2009/10/05 21:35:49 | 00,028,160 | -HS- | C] () -- C:\WINDOWS\System32\givemeku.dll
[2009/10/05 21:30:05 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\dunohipo.dll
[2009/10/05 19:56:11 | 00,166,400 | ---- | C] () -- C:\WINDOWS\System32\_scui.cpl
[2009/10/04 00:19:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR09.exe
[2009/10/04 00:19:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/04 00:18:41 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2009/10/04 00:17:15 | 00,000,831 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/10/04 00:15:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys
[2009/10/04 00:14:56 | 00,039,936 | ---- | C] () -- C:\anlqrvl.exe
[2009/10/04 00:14:53 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\a1ulp4kbz.dll
[2009/10/04 00:14:50 | 00,051,200 | ---- | C] () -- C:\ehrrg.exe
[2009/10/04 00:14:46 | 00,189,841 | ---- | C] () -- C:\hufa.exe
[2009/10/04 00:14:46 | 00,043,520 | ---- | C] () -- C:\vsoq.exe
[2009/10/04 00:14:46 | 00,019,456 | ---- | C] () -- C:\erupquii.exe
[2009/10/04 00:14:46 | 00,005,632 | ---- | C] () -- C:\efbcmkj.exe
[2009/10/04 00:13:38 | 00,340,992 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2009/07/17 03:40:42 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\fuzuhefu.dll
[2009/07/17 03:40:42 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wepekigi.dll
[2009/07/16 15:38:18 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\yenusapo.dll
[2009/07/16 15:38:18 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\susesari.dll
[2009/07/16 03:38:00 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\lonibeza.dll
[2009/07/16 03:38:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lovosoja.dll
[2009/07/15 15:37:43 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\vewuyati.dll
[2009/07/15 15:37:43 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wufajojo.dll
[2009/07/15 03:37:28 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\muyiseta.dll
[2009/07/15 03:37:28 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kumababe.dll
[2009/07/14 15:37:12 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\nevokumo.dll
[2009/07/14 15:37:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\rovezuda.dll
[2009/07/14 03:36:54 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\yefinuli.dll
[2009/07/14 03:36:54 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yodogugo.dll
[2009/07/13 15:36:37 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\varabefa.dll
[2009/07/13 15:36:37 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nonawava.dll
[2009/07/13 03:37:18 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\nemupazu.dll
[2009/07/13 03:37:18 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\kusumiwi.dll
[2009/07/13 03:37:18 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\godidihu.dll
[2009/07/13 03:36:33 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\yowirubu.dll
[2009/07/13 03:36:33 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\vozufehi.dll
[2009/07/13 03:36:33 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zizemehe.dll
[2009/07/12 15:36:10 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\kumizodo.dll
[2009/07/12 15:36:10 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\busatehe.dll
[2009/07/12 15:36:10 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\biyamubu.dll
[2009/07/12 03:35:51 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\fuzanamu.dll
[2009/07/12 03:35:51 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dogebuwe.dll
[2009/07/11 15:35:31 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\sidehole.dll
[2009/07/11 15:35:31 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yiwuhiso.dll
[2009/07/11 03:35:12 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\boruyani.dll
[2009/07/11 03:35:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lofuvika.dll
[2009/07/09 15:34:12 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\ludiyofu.dll
[2009/07/09 15:34:12 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\pahupotu.dll
[2009/07/09 15:34:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\royifego.dll
[2009/07/09 03:33:49 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\waziroto.dll
[2009/07/09 03:33:48 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\yekotafo.dll
[2009/07/09 03:33:48 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\vogekomu.dll
[2009/07/09 03:33:48 | 00,028,160 | -HS- | C] () -- C:\WINDOWS\System32\nejejuhi.dll
[2009/07/07 15:32:06 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\yohofata.dll
[2009/07/07 15:32:06 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\rewutoha.dll
[2009/07/07 15:32:06 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jehuzuru.dll
[2009/06/06 15:36:09 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/15 22:02:44 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/25 23:07:35 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2007/02/25 23:07:35 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2007/02/25 22:34:27 | 00,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2007/01/07 19:24:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/24 05:26:11 | 00,000,180 | ---- | C] () -- C:\WINDOWS\sclock.ini
[2006/08/13 01:33:08 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/13 01:33:08 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\1F06666578.sys
[2006/08/12 21:52:41 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/08/11 17:21:21 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/09 15:41:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/09 15:31:51 | 00,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/09 15:25:11 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/09 15:18:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/09 14:52:50 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2006/08/09 14:52:50 | 01,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2006/08/09 14:52:50 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2006/08/09 14:52:50 | 00,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2006/08/09 14:52:50 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2006/08/09 14:52:50 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2006/08/09 14:52:50 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2006/08/09 14:52:50 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2006/08/09 14:52:50 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2006/08/09 14:52:50 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2006/08/09 14:52:50 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2006/08/09 14:52:50 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2006/08/09 14:52:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2006/08/09 14:52:50 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2006/08/09 14:52:48 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2006/08/09 14:52:48 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2006/08/09 14:52:48 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2006/08/09 14:52:48 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2006/08/09 14:52:48 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2006/08/09 14:52:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/08/09 14:51:56 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/05 10:34:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/02 15:16:00 | 00,000,618 | ---- | C] () -- C:\WINDOWS\System32\dlcjplc.ini
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 13:51:28 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 13:51:06 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 16:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2002/02/27 17:50:00 | 00,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll

========== LOP Check ==========

[2009/10/17 01:39:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/17 01:46:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/13 18:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/17 00:07:15 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3ADA1185-35A8-4B4E-B36B-6392B1DA8C26}
[2009/06/18 02:51:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/09 03:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\71509729
[2006/08/09 15:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/06 18:25:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/02/13 16:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/10/10 03:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gijeluhe
[2009/10/10 15:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kayufema
[2009/10/10 15:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pudaveya
[2009/07/29 20:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/10/10 15:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rolibisu
[2004/08/10 14:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/03/18 03:08:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/02/13 16:53:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/16 23:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/11/13 02:53:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/09 23:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/10 03:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yufatisi
[2009/10/10 03:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zuzofewe
[2009/10/16 17:52:31 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/08/10 13:51:06 | 00,000,004 | -HS- | M] () -- C:\WINDOWS\Tasks\FOLDER.TSX
[2009/10/17 02:46:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/10/04 00:14:58 | 00,039,936 | ---- | M] () -- C:\anlqrvl.exe
[2009/10/04 00:14:46 | 00,005,632 | ---- | M] () -- C:\efbcmkj.exe
[2009/10/04 00:14:51 | 00,051,200 | ---- | M] () -- C:\ehrrg.exe
[2009/10/04 00:14:47 | 00,019,456 | ---- | M] () -- C:\erupquii.exe
[2009/10/04 00:14:55 | 00,189,841 | ---- | M] () -- C:\hufa.exe
[2005/10/31 11:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2009/10/04 00:14:56 | 00,161,280 | ---- | M] (Microsoft Corporation) -- C:\vgvluqbu.exe
[2009/10/04 00:14:47 | 00,043,520 | ---- | M] () -- C:\vsoq.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Extra.txt
OTL Extras logfile created on: 10/17/2009 4:22:13 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 267.64 Mb Available Physical Memory | 52.48% Memory free
1.22 Gb Paging File | 1.05 Gb Available in Paging File | 86.08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 3.52 Gb Free Space | 6.67% Space Free | Partition Type: NTFS
Drive D: | 18.48 Gb Total Space | 8.31 Gb Free Space | 44.95% Space Free | Partition Type: NTFS
Drive E: | 487.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANSROOM
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Documents\LimeWire\LimeWire.exe" = C:\Documents and Settings\All Users\Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Sierra On-Line\SIGSPat.exe" = C:\Program Files\Sierra On-Line\SIGSPat.exe:*:Enabled:SIGSPat -- (Havas Interactive)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Steam\steamapps\nightwalker420\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\nightwalker420\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"D:\iTunes\iTunes.exe" = D:\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:realsched -- (RealNetworks, Inc.)
"C:\Documents and Settings\Dan Lennon\Local Settings\Temp\avp.exe" = C:\Documents and Settings\Dan Lennon\Local Settings\Temp\avp.exe:*:Enabled:avp -- File not found
"C:\Program Files\iPod\bin\iPodService.exe" = C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService -- (Apple Inc.)
"C:\Program Files\McAfee.com\Agent\mcupdate.exe" = C:\Program Files\McAfee.com\Agent\mcupdate.exe:*:Enabled:McUpdate -- File not found
"C:\Program Files\McAfee\MSM\McSmtFwk.exe" = C:\Program Files\McAfee\MSM\McSmtFwk.exe:*:Enabled:McSmtFwk -- File not found
"C:\Documents and Settings\Dan Lennon\Local Settings\Temp\user.exe" = C:\Documents and Settings\Dan Lennon\Local Settings\Temp\user.exe:*:Enabled:user -- File not found
"C:\Documents and Settings\Dan Lennon\Local Settings\Temp\1774599388.exe" = C:\Documents and Settings\Dan Lennon\Local Settings\Temp\1774599388.exe:*:Enabled:1774599388 -- File not found
"C:\Documents and Settings\Dan Lennon\Local Settings\Temp\914784718.exe" = C:\Documents and Settings\Dan Lennon\Local Settings\Temp\914784718.exe:*:Enabled:914784718 -- File not found
"C:\Documents and Settings\Dan Lennon\Local Settings\Temp\debug.exe" = C:\Documents and Settings\Dan Lennon\Local Settings\Temp\debug.exe:*:Enabled:debug -- File not found
"C:\WINDOWS\system32\logon.scr" = C:\WINDOWS\system32\logon.scr:*:Enabled:logon -- (Microsoft Corporation)
"C:\Documents and Settings\Dan Lennon\Local Settings\Temp\3192422870.exe" = C:\Documents and Settings\Dan Lennon\Local Settings\Temp\3192422870.exe:*:Enabled:3192422870 -- File not found
"C:\Documents and Settings\Dan Lennon\Local Settings\Temp\csrss.exe" = C:\Documents and Settings\Dan Lennon\Local Settings\Temp\csrss.exe:*:Enabled:csrss -- File not found
"C:\Documents and Settings\Dan Lennon\Application Data\6398915029\6398915029.exe" = C:\Documents and Settings\Dan Lennon\Application Data\6398915029\6398915029.exe:*:Enabled:6398915029 -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F5BC8D3-3741-4542-AF00-51202A9FD357}" = VirIT eXplorer Lite
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{427EDD3F-D12A-4DE5-9A36-AC4DE8EBC981}" = ActiveSpeed
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8689A5F3-BEEC-407D-A6EB-B79F636229A3}" = Media Center Alarm Clock
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B06CC379-BA38-4572-9539-CDB0C544AA1E}" = BlackBerry Desktop Software 5.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF311797-7DE8-4770-B16A-6475434E03FB}" = 964plc32
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E33EAB77-A36A-4FBF-BB15-2BBF74C7A796}" = iPhoneBrowser
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"Alarm_is1" = Alarm 2.0.1
"AntivirusPro_2010" = Antivirus Pro 2010
"AOL Instant Messenger" = AOL Instant Messenger
"BlackBerry_{B06CC379-BA38-4572-9539-CDB0C544AA1E}" = BlackBerry Desktop Software 5.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CopySafe Plugin" = CopySafe Plugin
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"ERUNT_is1" = ERUNT 1.1j
"GM LS2 Interface_is1" = GM LS2 Interface 1.0.2.0
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"LimeWire" = LimeWire PRO 4.14.10
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"PROR" = Microsoft Office Professional 2007 Trial
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"Steam" = Steam
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TweakNow RegCleaner Standard_is1" = TweakNow RegCleaner Standard
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirIT eXplorer Lite" = VirIT eXplorer Lite
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.2 beta
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/16/2009 7:11:57 PM | Computer Name = DANSROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/16/2009 7:12:03 PM | Computer Name = DANSROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/16/2009 7:12:03 PM | Computer Name = DANSROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/16/2009 7:46:16 PM | Computer Name = DANSROOM | Source = McLogEvent | ID = 5051
Description =

Error - 10/16/2009 7:46:16 PM | Computer Name = DANSROOM | Source = McLogEvent | ID = 5019
Description =

Error - 10/16/2009 8:51:51 PM | Computer Name = DANSROOM | Source = pctsSvc.exe | ID = 0
Description =

Error - 10/16/2009 11:52:19 PM | Computer Name = DANSROOM | Source = McLogEvent | ID = 5051
Description =

Error - 10/17/2009 12:08:15 AM | Computer Name = DANSROOM | Source = MsiInstaller | ID = 11719
Description = Product: VirIT eXplorer Lite -- Error 1719. The Windows Installer
Service could not be accessed. This can occur if you are running Windows in safe
mode, or if the Windows Installer is not correctly installed. Contact your support
personnel for assistance.

Error - 10/17/2009 1:22:17 AM | Computer Name = DANSROOM | Source = MsiInstaller | ID = 11321
Description = Product: VirIT eXplorer Lite -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\VeXpLite\MONLITE.exe.

Error - 10/17/2009 1:22:22 AM | Computer Name = DANSROOM | Source = MsiInstaller | ID = 11321
Description = Product: VirIT eXplorer Lite -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\VeXpLite\viritexp.exe.

[ System Events ]
Error - 10/17/2009 3:55:07 AM | Computer Name = DANSROOM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/17/2009 3:55:10 AM | Computer Name = DANSROOM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/17/2009 3:55:43 AM | Computer Name = DANSROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/17/2009 3:57:47 AM | Computer Name = DANSROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/17/2009 3:58:07 AM | Computer Name = DANSROOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm mfehidk

Error - 10/17/2009 4:20:01 AM | Computer Name = DANSROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/17/2009 4:22:34 AM | Computer Name = DANSROOM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/17/2009 4:22:37 AM | Computer Name = DANSROOM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/17/2009 4:22:39 AM | Computer Name = DANSROOM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/17/2009 4:22:43 AM | Computer Name = DANSROOM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

< End of report >

#2
Essexboy

Posted 17 October 2009 - 04:51 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets start to kill, please follow these steps in order. If you have any problems then stop and let me know

Please save this file to your desktop.

THEN

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

NEXT

1. Please download The Avenger2 by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

NOW

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (C:\WINDOWS\system32\a1ulp4kbz.dll) - {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\System32\a1ulp4kbz.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Antivirus Pro 2010] C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (;qkdfjfsdsgjsdg)
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [ferayovep] C:\WINDOWS\System32\fuzuhefu.DLL ()
O4 - HKLM..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe File not found
O4 - HKCU..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\Documents and Settings\Administrator\Local Settings\Temp\winlogon.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - AppInit_DLLs: (c:\windows\system32\ludiyofu.dll) - C:\WINDOWS\System32\ludiyofu.dll ()
O20 - AppInit_DLLs: (c:\DOCUME~1\ALLUSE~1\APPLIC~1\pudaveya\pudaveya.dll) - c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll ()
O20 - AppInit_DLLs: (c:\DOCUME~1\ALLUSE~1\APPLIC~1\zuzofewe\zuzofewe.dll) - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\boruyani.dll) - C:\WINDOWS\System32\boruyani.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\sidehole.dll) - C:\WINDOWS\System32\sidehole.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\kumizodo.dll) - C:\WINDOWS\System32\kumizodo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\yowirubu.dll) - C:\WINDOWS\System32\yowirubu.dll ()
O20 - AppInit_DLLs: (kusumiwi.dll) - C:\WINDOWS\System32\kusumiwi.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\varabefa.dll) - C:\WINDOWS\System32\varabefa.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\yefinuli.dll) - C:\WINDOWS\System32\yefinuli.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\nevokumo.dll) - C:\WINDOWS\System32\nevokumo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\muyiseta.dll) - C:\WINDOWS\System32\muyiseta.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\vewuyati.dll) - C:\WINDOWS\System32\vewuyati.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\yenusapo.dll) - C:\WINDOWS\System32\yenusapo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\fuzuhefu.dll) - C:\WINDOWS\System32\fuzuhefu.dll ()
O21 - SSODL: fibuhesuj - {a33a0337-c976-4a62-864c-114fba12bd99} - C:\WINDOWS\System32\fuzuhefu.dll ()
O21 - SSODL: figehoduh - {6df4f4ee-b1b2-41c0-b465-5f5e9646d610} - C:\WINDOWS\System32\yowirubu.dll ()
O21 - SSODL: goyolafim - {bb5cac16-d07c-4d67-9778-12d81a2047f8} - C:\WINDOWS\System32\yefinuli.dll ()
O21 - SSODL: gukodosoz - {f93458ef-0389-4013-9c80-0c84c50b4cc2} - CLSID or File not found.
O21 - SSODL: gulesewik - {1d750f0e-9ca3-4fc3-bfc5-a54cc53c5536} - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O21 - SSODL: hepejezem - {2706bacb-a6bc-44a9-b0f9-411cf8c05a08} - C:\WINDOWS\System32\yenusapo.dll ()
O21 - SSODL: jawosubiv - {40eac9dd-de86-44d3-84af-96394fa25b76} - C:\WINDOWS\System32\kumizodo.dll ()
O21 - SSODL: jigolohef - {03c1d344-ea80-42ec-9082-e10ddee03130} - c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll ()
O21 - SSODL: kederazij - {cacdd594-951d-4d58-975d-75bf64892c47} - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O21 - SSODL: kumusuvab - {6911a698-5649-4e71-bc82-dd448d69c45a} - C:\WINDOWS\System32\nevokumo.dll ()
O21 - SSODL: muyakadah - {dbb2d341-bbe8-441a-916a-80c70566c89c} - C:\WINDOWS\System32\varabefa.dll ()
O21 - SSODL: nividizum - {0627a1d9-1935-482b-a12e-482b405e1824} - C:\WINDOWS\System32\yenusapo.dll ()
O21 - SSODL: niwojebaj - {7fa5aafd-e751-4f3b-87d0-b589d2db206c} - CLSID or File not found.
O21 - SSODL: podarudor - {3b1276a1-7a92-4e29-99ae-20cd000cb439} - C:\WINDOWS\System32\vewuyati.dll ()
O21 - SSODL: ravasizop - {a823b1f0-2b4a-442a-817b-61cb9756f1d3} - C:\WINDOWS\System32\yenusapo.dll ()
O21 - SSODL: rihuguvup - {a3a060da-156e-4f2f-92a5-f1546770b799} - C:\WINDOWS\System32\varabefa.dll ()
O21 - SSODL: rirogovuf - {9b750ad2-b330-4797-bd9c-4136f62cd900} - C:\WINDOWS\System32\yenusapo.dll ()
O21 - SSODL: tomeramom - {44fda548-dcd4-4349-bd76-9624219f8bdd} - CLSID or File not found.
O21 - SSODL: tupegewew - {75ca0af1-a537-435d-850b-fe5bd6c6512b} - C:\WINDOWS\System32\yenusapo.dll ()
O21 - SSODL: vosirifoh - {833c647f-0ff7-496b-ad97-9aae98476c2d} - c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll ()
O21 - SSODL: vowirakoh - {fbf035d2-1401-4b3a-8485-d1b56545c50c} - C:\WINDOWS\System32\sidehole.dll ()
O21 - SSODL: winujiveg - {410d9bda-5516-473b-8553-40b7cac531ef} - C:\WINDOWS\System32\muyiseta.dll ()
O21 - SSODL: wivoluved - {223f1e7e-1063-41c2-b90f-89de76b430d9} - C:\WINDOWS\System32\sidehole.dll ()
O21 - SSODL: wugemeyos - {7da4ec36-e4f1-4490-80f9-7ee6a238ae88} - C:\WINDOWS\System32\yefinuli.dll ()
O21 - SSODL: yodabofep - {baa0a898-66b7-48cd-a6d8-7719815d2f91} - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O21 - SSODL: zalujosez - {b0e28726-6d1e-4f31-ac1a-478d247ba1bb} - C:\WINDOWS\System32\yowirubu.dll ()
O22 - SharedTaskScheduler: {03c1d344-ea80-42ec-9082-e10ddee03130} - gahurihor - c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll ()
O22 - SharedTaskScheduler: {0627a1d9-1935-482b-a12e-482b405e1824} - gahurihor - C:\WINDOWS\System32\yenusapo.dll ()
O22 - SharedTaskScheduler: {1d750f0e-9ca3-4fc3-bfc5-a54cc53c5536} - kupuhivus - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O22 - SharedTaskScheduler: {223f1e7e-1063-41c2-b90f-89de76b430d9} - gahurihor - C:\WINDOWS\System32\sidehole.dll ()
O22 - SharedTaskScheduler: {2706bacb-a6bc-44a9-b0f9-411cf8c05a08} - mujuzedij - C:\WINDOWS\System32\yenusapo.dll ()
O22 - SharedTaskScheduler: {3b1276a1-7a92-4e29-99ae-20cd000cb439} - jugezatag - C:\WINDOWS\System32\vewuyati.dll ()
O22 - SharedTaskScheduler: {40eac9dd-de86-44d3-84af-96394fa25b76} - tokatiluy - C:\WINDOWS\System32\kumizodo.dll ()
O22 - SharedTaskScheduler: {410d9bda-5516-473b-8553-40b7cac531ef} - gahurihor - C:\WINDOWS\System32\muyiseta.dll ()
O22 - SharedTaskScheduler: {44fda548-dcd4-4349-bd76-9624219f8bdd} - jugezatag - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {6911a698-5649-4e71-bc82-dd448d69c45a} - kupuhivus - C:\WINDOWS\System32\ludiyofu.dll ()
O22 - SharedTaskScheduler: {6df4f4ee-b1b2-41c0-b465-5f5e9646d610} - gahurihor - C:\WINDOWS\System32\yowirubu.dll ()
O22 - SharedTaskScheduler: {75ca0af1-a537-435d-850b-fe5bd6c6512b} - kupuhivus - C:\WINDOWS\System32\yenusapo.dll ()
O22 - SharedTaskScheduler: {7da4ec36-e4f1-4490-80f9-7ee6a238ae88} - kupuhivus - C:\WINDOWS\System32\yefinuli.dll ()
O22 - SharedTaskScheduler: {7fa5aafd-e751-4f3b-87d0-b589d2db206c} - gahurihor - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {833c647f-0ff7-496b-ad97-9aae98476c2d} - jugezatag - c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll ()
O22 - SharedTaskScheduler: {9b750ad2-b330-4797-bd9c-4136f62cd900} - gahurihor - C:\WINDOWS\System32\yenusapo.dll ()
O22 - SharedTaskScheduler: {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - iukjsf8w3jirojs9f8u3jruhsf78s3jijdif - C:\WINDOWS\System32\a1ulp4kbz.dll ()
O22 - SharedTaskScheduler: {a33a0337-c976-4a62-864c-114fba12bd99} - gahurihor - C:\WINDOWS\System32\fuzuhefu.dll ()
O22 - SharedTaskScheduler: {a3a060da-156e-4f2f-92a5-f1546770b799} - gahurihor - C:\WINDOWS\System32\varabefa.dll ()
O22 - SharedTaskScheduler: {a823b1f0-2b4a-442a-817b-61cb9756f1d3} - tokatiluy - C:\WINDOWS\System32\yenusapo.dll ()
O22 - SharedTaskScheduler: {b0e28726-6d1e-4f31-ac1a-478d247ba1bb} - tokatiluy - C:\WINDOWS\System32\yowirubu.dll ()
O22 - SharedTaskScheduler: {baa0a898-66b7-48cd-a6d8-7719815d2f91} - jugezatag - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O22 - SharedTaskScheduler: {bb5cac16-d07c-4d67-9778-12d81a2047f8} - jugezatag - C:\WINDOWS\System32\yefinuli.dll ()
O22 - SharedTaskScheduler: {cacdd594-951d-4d58-975d-75bf64892c47} - mujuzedij - c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll ()
O22 - SharedTaskScheduler: {dbb2d341-bbe8-441a-916a-80c70566c89c} - kupuhivus - C:\WINDOWS\System32\varabefa.dll ()
O22 - SharedTaskScheduler: {f93458ef-0389-4013-9c80-0c84c50b4cc2} - kupuhivus - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {fbf035d2-1401-4b3a-8485-d1b56545c50c} - jugezatag - C:\WINDOWS\System32\sidehole.dll ()
[2009/10/09 03:34:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\71509729
[2009/10/10 03:34:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gijeluhe
[2009/10/10 15:34:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kayufema
[2009/10/10 15:34:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pudaveya
[2009/10/10 15:34:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\rolibisu
[2009/10/10 03:34:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\yufatisi
[2009/10/10 03:34:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\zuzofewe
[2009/10/16 23:53:01 | 00,000,000 | ---D | C] -- C:\Program Files\AntivirusPro_2010
[2009/10/17 04:24:22 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\nezumuba
[2009/10/17 03:56:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/10/17 03:40:45 | 01,112,447 | -HS- | M] () -- C:\WINDOWS\System32\seyayewi.exe
[2009/10/17 03:40:43 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\fuzuhefu.dll
[2009/10/17 03:40:42 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\wepekigi.dll
[2009/10/17 02:38:26 | 00,271,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cak.exe
[2009/10/16 17:45:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR09.exe
[2009/10/16 17:45:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/16 17:35:32 | 00,000,831 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/10/16 15:38:28 | 01,111,915 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\ruvigesa.exe
[2009/10/16 15:38:19 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\yenusapo.dll
[2009/10/16 15:38:19 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\susesari.dll
[2009/10/16 03:38:05 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\lovosoja.dll
[2009/10/16 03:38:03 | 01,115,329 | -HS- | M] () -- C:\WINDOWS\System32\sepadima.exe
[2009/10/16 03:38:02 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\lonibeza.dll
[2009/10/15 15:37:48 | 01,114,795 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\rudinubo.exe
[2009/10/15 15:37:45 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\vewuyati.dll
[2009/10/15 15:37:44 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\wufajojo.dll
[2009/10/15 03:37:31 | 01,112,325 | -HS- | M] () -- C:\WINDOWS\System32\leyikire.exe
[2009/10/15 03:37:29 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\muyiseta.dll
[2009/10/15 03:37:28 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\kumababe.dll
[2009/10/15 03:37:28 | 00,025,600 | -HS- | M] () -- C:\WINDOWS\System32\piyetuho.exe
[2009/10/14 15:37:15 | 01,114,220 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\wetohuyo.exe
[2009/10/14 15:37:13 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\nevokumo.dll
[2009/10/14 15:37:12 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\rovezuda.dll
[2009/10/14 03:36:57 | 01,011,604 | -HS- | M] () -- C:\WINDOWS\System32\sokajuji.exe
[2009/10/14 03:36:56 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\yefinuli.dll
[2009/10/14 03:36:55 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\yodogugo.dll
[2009/10/13 15:36:41 | 01,011,606 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\yomajufe.exe
[2009/10/13 15:36:38 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\varabefa.dll
[2009/10/13 15:36:37 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\nonawava.dll
[2009/10/13 03:37:04 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\vozufehi.dll
[2009/10/13 03:36:36 | 01,011,312 | -HS- | M] () -- C:\WINDOWS\System32\muhimese.exe
[2009/10/13 03:36:34 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\yowirubu.dll
[2009/10/13 03:36:34 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zizemehe.dll
[2009/10/12 15:36:41 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\busatehe.dll
[2009/10/12 15:36:16 | 01,011,387 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\pomefeya.exe
[2009/10/12 15:36:11 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\kumizodo.dll
[2009/10/12 15:36:11 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\biyamubu.dll
[2009/10/12 03:35:54 | 01,011,503 | -HS- | M] () -- C:\WINDOWS\System32\wabuyoje.exe
[2009/10/12 03:35:52 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\fuzanamu.dll
[2009/10/12 03:35:52 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\dogebuwe.dll
[2009/10/11 15:35:36 | 01,011,449 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\vuheluji.exe
[2009/10/11 15:35:35 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\sidehole.dll
[2009/10/11 15:35:32 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\yiwuhiso.dll
[2009/10/11 03:35:16 | 01,011,147 | -HS- | M] () -- C:\WINDOWS\System32\zajeyema.exe
[2009/10/11 03:35:15 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\boruyani.dll
[2009/10/11 03:35:12 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\lofuvika.dll
[2009/10/09 15:34:48 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\pahupotu.dll
[2009/10/09 15:34:22 | 01,011,259 | -HS- | M] (Igor Pavlov) -- C:\WINDOWS\System32\nopasisi.exe
[2009/10/09 15:34:16 | 00,090,624 | -HS- | M] () -- C:\WINDOWS\System32\ludiyofu.dll
[2009/10/09 15:34:15 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\royifego.dll
[2009/10/09 03:34:19 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\yekotafo.dll
[2009/10/09 03:33:54 | 01,050,147 | -HS- | M] () -- C:\WINDOWS\System32\disolada.exe
[2009/10/09 03:33:52 | 01,011,251 | -HS- | M] () -- C:\WINDOWS\System32\fuzoyalu.exe
[2009/10/09 03:33:52 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\System32\waziroto.dll
[2009/10/09 03:33:50 | 00,194,056 | -HS- | M] () -- C:\WINDOWS\System32\kiyiromu.exe
[2009/10/09 03:33:50 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\vogekomu.dll
[2009/10/09 03:33:49 | 00,028,160 | -HS- | M] () -- C:\WINDOWS\System32\nejejuhi.dll
[2009/10/08 20:38:06 | 00,019,930 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ukaxikote._sy
[2009/10/08 20:38:06 | 00,018,894 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fyponowota.sys
[2009/10/08 20:38:06 | 00,018,745 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\isololebyh._dl
[2009/10/08 20:38:06 | 00,017,052 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pywabugesi.inf
[2009/10/08 20:38:06 | 00,016,479 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\amofodety.reg
[2009/10/08 20:38:06 | 00,014,355 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kyqate.db
[2009/10/08 20:38:06 | 00,012,839 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\acyb.db
[2009/10/08 20:38:06 | 00,011,831 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gizuz.db
[2009/10/08 20:38:05 | 00,018,375 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pozopawyp.exe
[2009/10/07 15:32:07 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\jehuzuru.dll
[2009/10/06 09:37:03 | 00,091,136 | ---- | M] () -- C:\WINDOWS\System32\kolakade.dll
[2009/10/06 09:35:38 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\yedawawo.dll
[2009/10/06 09:35:37 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\demiweso.exe
[2009/10/05 21:45:28 | 00,028,160 | ---- | M] () -- C:\WINDOWS\System32\dunohipo.dll
[2009/10/05 21:36:07 | 01,047,587 | -HS- | M] () -- C:\WINDOWS\System32\rokalodu.exe
[2009/10/05 21:35:49 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\donoheju.dll
[2009/10/05 21:35:49 | 00,028,160 | -HS- | M] () -- C:\WINDOWS\System32\givemeku.dll
[2009/10/05 19:56:12 | 00,166,400 | ---- | M] () -- C:\WINDOWS\System32\_scui.cpl
[2009/10/04 00:18:41 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2009/10/04 00:14:58 | 00,039,936 | ---- | M] () -- C:\anlqrvl.exe
[2009/10/04 00:14:55 | 00,189,841 | ---- | M] () -- C:\hufa.exe
[2009/10/04 00:14:53 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\a1ulp4kbz.dll
[2009/10/04 00:14:51 | 00,051,200 | ---- | M] () -- C:\ehrrg.exe
[2009/10/04 00:14:47 | 00,043,520 | ---- | M] () -- C:\vsoq.exe
[2009/10/04 00:14:47 | 00,019,456 | ---- | M] () -- C:\erupquii.exe
[2009/10/04 00:14:46 | 00,005,632 | ---- | M] () -- C:\efbcmkj.exe
[2009/10/04 00:13:39 | 00,340,992 | ---- | M] () -- C:\WINDOWS\System32\~.exe
[2009/10/08 20:38:06 | 00,019,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ukaxikote._sy
[2009/10/08 20:38:06 | 00,018,894 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fyponowota.sys
[2009/10/08 20:38:06 | 00,018,745 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\isololebyh._dl
[2009/10/08 20:38:06 | 00,017,052 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pywabugesi.inf
[2009/10/08 20:38:06 | 00,016,479 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\amofodety.reg
[2009/10/08 20:38:06 | 00,014,355 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kyqate.db
[2009/10/08 20:38:06 | 00,012,839 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\acyb.db
[2009/10/08 20:38:06 | 00,011,831 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gizuz.db
[2009/10/08 20:38:05 | 00,018,375 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pozopawyp.exe
[2009/10/06 09:35:38 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yedawawo.dll
[2009/10/06 09:35:37 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\demiweso.exe
[2009/10/06 09:28:20 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\kolakade.dll
[2009/10/05 21:36:07 | 01,047,587 | -HS- | C] () -- C:\WINDOWS\System32\rokalodu.exe
[2009/10/05 21:35:49 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\donoheju.dll
[2009/10/05 21:35:49 | 00,028,160 | -HS- | C] () -- C:\WINDOWS\System32\givemeku.dll
[2009/10/05 21:30:05 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\dunohipo.dll
[2009/10/05 19:56:11 | 00,166,400 | ---- | C] () -- C:\WINDOWS\System32\_scui.cpl
[2009/10/04 00:19:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR09.exe
[2009/10/04 00:19:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/04 00:18:41 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2009/10/04 00:17:15 | 00,000,831 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/10/04 00:15:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys
[2009/10/04 00:14:56 | 00,039,936 | ---- | C] () -- C:\anlqrvl.exe
[2009/10/04 00:14:53 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\a1ulp4kbz.dll
[2009/10/04 00:14:50 | 00,051,200 | ---- | C] () -- C:\ehrrg.exe
[2009/10/04 00:14:46 | 00,189,841 | ---- | C] () -- C:\hufa.exe
[2009/10/04 00:14:46 | 00,043,520 | ---- | C] () -- C:\vsoq.exe
[2009/10/04 00:14:46 | 00,019,456 | ---- | C] () -- C:\erupquii.exe
[2009/10/04 00:14:46 | 00,005,632 | ---- | C] () -- C:\efbcmkj.exe
[2009/10/04 00:13:38 | 00,340,992 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2009/07/17 03:40:42 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\fuzuhefu.dll
[2009/07/17 03:40:42 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wepekigi.dll
[2009/07/16 15:38:18 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\yenusapo.dll
[2009/07/16 15:38:18 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\susesari.dll
[2009/07/16 03:38:00 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\lonibeza.dll
[2009/07/16 03:38:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lovosoja.dll
[2009/07/15 15:37:43 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\vewuyati.dll
[2009/07/15 15:37:43 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wufajojo.dll
[2009/07/15 03:37:28 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\muyiseta.dll
[2009/07/15 03:37:28 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kumababe.dll
[2009/07/14 15:37:12 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\nevokumo.dll
[2009/07/14 15:37:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\rovezuda.dll
[2009/07/14 03:36:54 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\yefinuli.dll
[2009/07/14 03:36:54 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yodogugo.dll
[2009/07/13 15:36:37 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\varabefa.dll
[2009/07/13 15:36:37 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nonawava.dll
[2009/07/13 03:37:18 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\nemupazu.dll
[2009/07/13 03:37:18 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\kusumiwi.dll
[2009/07/13 03:37:18 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\godidihu.dll
[2009/07/13 03:36:33 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\yowirubu.dll
[2009/07/13 03:36:33 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\vozufehi.dll
[2009/07/13 03:36:33 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zizemehe.dll
[2009/07/12 15:36:10 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\kumizodo.dll
[2009/07/12 15:36:10 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\busatehe.dll
[2009/07/12 15:36:10 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\biyamubu.dll
[2009/07/12 03:35:51 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\fuzanamu.dll
[2009/07/12 03:35:51 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dogebuwe.dll
[2009/07/11 15:35:31 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\sidehole.dll
[2009/07/11 15:35:31 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yiwuhiso.dll
[2009/07/11 03:35:12 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\boruyani.dll
[2009/07/11 03:35:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lofuvika.dll
[2009/07/09 15:34:12 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\ludiyofu.dll
[2009/07/09 15:34:12 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\pahupotu.dll
[2009/07/09 15:34:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\royifego.dll
[2009/07/09 03:33:49 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\waziroto.dll
[2009/07/09 03:33:48 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\yekotafo.dll
[2009/07/09 03:33:48 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\vogekomu.dll
[2009/07/09 03:33:48 | 00,028,160 | -HS- | C] () -- C:\WINDOWS\System32\nejejuhi.dll
[2009/07/07 15:32:06 | 00,090,624 | -HS- | C] () -- C:\WINDOWS\System32\yohofata.dll
[2009/07/07 15:32:06 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\rewutoha.dll
[2009/07/07 15:32:06 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jehuzuru.dll
[2009/10/10 03:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gijeluhe
[2009/10/10 15:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kayufema
[2009/10/10 15:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pudaveya
[2009/10/10 03:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yufatisi
[2009/10/10 03:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zuzofewe
[2009/10/04 00:14:58 | 00,039,936 | ---- | M] () -- C:\anlqrvl.exe
[2009/10/04 00:14:46 | 00,005,632 | ---- | M] () -- C:\efbcmkj.exe
[2009/10/04 00:14:51 | 00,051,200 | ---- | M] () -- C:\ehrrg.exe
[2009/10/04 00:14:47 | 00,019,456 | ---- | M] () -- C:\erupquii.exe
[2009/10/04 00:14:55 | 00,189,841 | ---- | M] () -- C:\hufa.exe
[2005/10/31 11:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2009/10/04 00:14:56 | 00,161,280 | ---- | M] (Microsoft Corporation) -- C:\vgvluqbu.exe
[2009/10/04 00:14:47 | 00,043,520 | ---- | M] () -- C:\vsoq.exe

:Commands
[purity]
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

FINALLY

Download Combofix from any of the links below. You must rename it before saving rename it to gobledegook.com before saving it to your desktop.

Link 1
Link 2

==================================

Double click on the renamed ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.

#3
slugger05

Posted 17 October 2009 - 02:31 PM

New Member

Topic Starter
Member
8 posts

Ok so i followed all the steps and once i got to the OTL.exe it gave me an application error. so i skipped that step and ran combofix then after the reboot i tried otl again and it worked. so here are my logs that i was able to get. and thank you so much for the support so far you guys are great!

Win32kdiag
Running from: C:\Documents and Settings\Administrator\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13E5.tmp\ZAP13E5.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13E5.tmp\ZAP13E5.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1487.tmp\ZAP1487.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1487.tmp\ZAP1487.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP158E.tmp\ZAP158E.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP158E.tmp\ZAP158E.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15C4.tmp\ZAP15C4.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15C4.tmp\ZAP15C4.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A3.tmp\ZAP2A3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A3.tmp\ZAP2A3.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41A.tmp\ZAP41A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41A.tmp\ZAP41A.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43A.tmp\ZAP43A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43A.tmp\ZAP43A.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44B.tmp\ZAP44B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44B.tmp\ZAP44B.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44C.tmp\ZAP44C.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44C.tmp\ZAP44C.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\5a0d771158cfd69be5ddd26d8f58c73b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\5a0d771158cfd69be5ddd26d8f58c73b

Found mount point : C:\WINDOWS\solcache\solcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\solcache\solcache

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files

Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files

Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 06:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\system32\_scui.cpl

Attempting to restore permissions of : C:\WINDOWS\system32\_scui.cpl

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Finished!

Avenger.txt
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

OTL.exe
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A249BC15-23F2-42AD-F4E4-00AAC39C0004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A249BC15-23F2-42AD-F4E4-00AAC39C0004}\ not found.
File C:\WINDOWS\System32\a1ulp4kbz.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Antivirus Pro 2010 not found.
File C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\calc not found.
File C:\WINDOWS\System32\calc.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ferayovep not found.
File C:\WINDOWS\System32\fuzuhefu.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yjafosi8kdf98winmdkmnkmfnwe not found.
File C:\Documents and Settings\Administrator\Local Settings\Temp\winlogon.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\ludiyofu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\boruyani.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\sidehole.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\kumizodo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\yowirubu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\kusumiwi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\varabefa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\yefinuli.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\nevokumo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\muyiseta.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\vewuyati.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\fuzuhefu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\fibuhesuj not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a33a0337-c976-4a62-864c-114fba12bd99}\ not found.
File C:\WINDOWS\System32\fuzuhefu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\figehoduh not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6df4f4ee-b1b2-41c0-b465-5f5e9646d610}\ not found.
File C:\WINDOWS\System32\yowirubu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\goyolafim not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb5cac16-d07c-4d67-9778-12d81a2047f8}\ not found.
File C:\WINDOWS\System32\yefinuli.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gukodosoz not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f93458ef-0389-4013-9c80-0c84c50b4cc2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gulesewik not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d750f0e-9ca3-4fc3-bfc5-a54cc53c5536}\ not found.
File c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hepejezem not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2706bacb-a6bc-44a9-b0f9-411cf8c05a08}\ not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\jawosubiv not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40eac9dd-de86-44d3-84af-96394fa25b76}\ not found.
File C:\WINDOWS\System32\kumizodo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\jigolohef not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03c1d344-ea80-42ec-9082-e10ddee03130}\ not found.
File c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\kederazij not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cacdd594-951d-4d58-975d-75bf64892c47}\ not found.
File c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\kumusuvab not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6911a698-5649-4e71-bc82-dd448d69c45a}\ not found.
File C:\WINDOWS\System32\nevokumo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\muyakadah not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb2d341-bbe8-441a-916a-80c70566c89c}\ not found.
File C:\WINDOWS\System32\varabefa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\nividizum not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0627a1d9-1935-482b-a12e-482b405e1824}\ not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\niwojebaj not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa5aafd-e751-4f3b-87d0-b589d2db206c}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\podarudor not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b1276a1-7a92-4e29-99ae-20cd000cb439}\ not found.
File C:\WINDOWS\System32\vewuyati.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\ravasizop not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a823b1f0-2b4a-442a-817b-61cb9756f1d3}\ not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\rihuguvup not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a060da-156e-4f2f-92a5-f1546770b799}\ not found.
File C:\WINDOWS\System32\varabefa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\rirogovuf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b750ad2-b330-4797-bd9c-4136f62cd900}\ not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\tomeramom not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44fda548-dcd4-4349-bd76-9624219f8bdd}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\tupegewew not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75ca0af1-a537-435d-850b-fe5bd6c6512b}\ not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vosirifoh not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{833c647f-0ff7-496b-ad97-9aae98476c2d}\ not found.
File c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vowirakoh not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbf035d2-1401-4b3a-8485-d1b56545c50c}\ not found.
File C:\WINDOWS\System32\sidehole.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\winujiveg not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{410d9bda-5516-473b-8553-40b7cac531ef}\ not found.
File C:\WINDOWS\System32\muyiseta.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\wivoluved not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{223f1e7e-1063-41c2-b90f-89de76b430d9}\ not found.
File C:\WINDOWS\System32\sidehole.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\wugemeyos not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7da4ec36-e4f1-4490-80f9-7ee6a238ae88}\ not found.
File C:\WINDOWS\System32\yefinuli.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\yodabofep not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baa0a898-66b7-48cd-a6d8-7719815d2f91}\ not found.
File c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\zalujosez not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0e28726-6d1e-4f31-ac1a-478d247ba1bb}\ not found.
File C:\WINDOWS\System32\yowirubu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{03c1d344-ea80-42ec-9082-e10ddee03130} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03c1d344-ea80-42ec-9082-e10ddee03130}\ not found.
File c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0627a1d9-1935-482b-a12e-482b405e1824} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0627a1d9-1935-482b-a12e-482b405e1824}\ not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{1d750f0e-9ca3-4fc3-bfc5-a54cc53c5536} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d750f0e-9ca3-4fc3-bfc5-a54cc53c5536}\ not found.
File c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{223f1e7e-1063-41c2-b90f-89de76b430d9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{223f1e7e-1063-41c2-b90f-89de76b430d9}\ not found.
File C:\WINDOWS\System32\sidehole.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2706bacb-a6bc-44a9-b0f9-411cf8c05a08} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2706bacb-a6bc-44a9-b0f9-411cf8c05a08}\ not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3b1276a1-7a92-4e29-99ae-20cd000cb439} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b1276a1-7a92-4e29-99ae-20cd000cb439}\ not found.
File C:\WINDOWS\System32\vewuyati.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{40eac9dd-de86-44d3-84af-96394fa25b76} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40eac9dd-de86-44d3-84af-96394fa25b76}\ not found.
File C:\WINDOWS\System32\kumizodo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{410d9bda-5516-473b-8553-40b7cac531ef} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{410d9bda-5516-473b-8553-40b7cac531ef}\ not found.
File C:\WINDOWS\System32\muyiseta.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{44fda548-dcd4-4349-bd76-9624219f8bdd} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44fda548-dcd4-4349-bd76-9624219f8bdd}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{6911a698-5649-4e71-bc82-dd448d69c45a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6911a698-5649-4e71-bc82-dd448d69c45a}\ not found.
File C:\WINDOWS\System32\ludiyofu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{6df4f4ee-b1b2-41c0-b465-5f5e9646d610} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6df4f4ee-b1b2-41c0-b465-5f5e9646d610}\ not found.
File C:\WINDOWS\System32\yowirubu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{75ca0af1-a537-435d-850b-fe5bd6c6512b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75ca0af1-a537-435d-850b-fe5bd6c6512b}\ not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{7da4ec36-e4f1-4490-80f9-7ee6a238ae88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7da4ec36-e4f1-4490-80f9-7ee6a238ae88}\ not found.
File C:\WINDOWS\System32\yefinuli.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{7fa5aafd-e751-4f3b-87d0-b589d2db206c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa5aafd-e751-4f3b-87d0-b589d2db206c}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{833c647f-0ff7-496b-ad97-9aae98476c2d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{833c647f-0ff7-496b-ad97-9aae98476c2d}\ not found.
File c:\Documents and Settings\All Users\Application Data\pudaveya\pudaveya.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{9b750ad2-b330-4797-bd9c-4136f62cd900} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b750ad2-b330-4797-bd9c-4136f62cd900}\ not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{A249BC15-23F2-42AD-F4E4-00AAC39C0004} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A249BC15-23F2-42AD-F4E4-00AAC39C0004}\ not found.
File C:\WINDOWS\System32\a1ulp4kbz.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{a33a0337-c976-4a62-864c-114fba12bd99} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a33a0337-c976-4a62-864c-114fba12bd99}\ not found.
File C:\WINDOWS\System32\fuzuhefu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{a3a060da-156e-4f2f-92a5-f1546770b799} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3a060da-156e-4f2f-92a5-f1546770b799}\ not found.
File C:\WINDOWS\System32\varabefa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{a823b1f0-2b4a-442a-817b-61cb9756f1d3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a823b1f0-2b4a-442a-817b-61cb9756f1d3}\ not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{b0e28726-6d1e-4f31-ac1a-478d247ba1bb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0e28726-6d1e-4f31-ac1a-478d247ba1bb}\ not found.
File C:\WINDOWS\System32\yowirubu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{baa0a898-66b7-48cd-a6d8-7719815d2f91} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baa0a898-66b7-48cd-a6d8-7719815d2f91}\ not found.
File c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{bb5cac16-d07c-4d67-9778-12d81a2047f8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb5cac16-d07c-4d67-9778-12d81a2047f8}\ not found.
File C:\WINDOWS\System32\yefinuli.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{cacdd594-951d-4d58-975d-75bf64892c47} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cacdd594-951d-4d58-975d-75bf64892c47}\ not found.
File c:\Documents and Settings\All Users\Application Data\zuzofewe\zuzofewe.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{dbb2d341-bbe8-441a-916a-80c70566c89c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb2d341-bbe8-441a-916a-80c70566c89c}\ not found.
File C:\WINDOWS\System32\varabefa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{f93458ef-0389-4013-9c80-0c84c50b4cc2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f93458ef-0389-4013-9c80-0c84c50b4cc2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{fbf035d2-1401-4b3a-8485-d1b56545c50c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbf035d2-1401-4b3a-8485-d1b56545c50c}\ not found.
File C:\WINDOWS\System32\sidehole.dll not found.
Folder C:\Documents and Settings\All Users\Application Data\71509729\ not found.
C:\Documents and Settings\All Users\Application Data\gijeluhe moved successfully.
C:\Documents and Settings\All Users\Application Data\kayufema moved successfully.
C:\Documents and Settings\All Users\Application Data\pudaveya moved successfully.
C:\Documents and Settings\All Users\Application Data\rolibisu moved successfully.
C:\Documents and Settings\All Users\Application Data\yufatisi moved successfully.
C:\Documents and Settings\All Users\Application Data\zuzofewe moved successfully.
Folder C:\Program Files\AntivirusPro_2010\ not found.
C:\WINDOWS\System32\nezumuba moved successfully.
File C:\WINDOWS\win32k.sys not found.
File C:\WINDOWS\System32\seyayewi.exe not found.
File C:\WINDOWS\System32\fuzuhefu.dll not found.
File C:\WINDOWS\System32\wepekigi.dll not found.
C:\Documents and Settings\Administrator\Desktop\cak.exe moved successfully.
File C:\WINDOWS\System32\AVR09.exe not found.
File C:\WINDOWS\System32\winhelper.dll not found.
File C:\WINDOWS\System32\critical_warning.html not found.
File C:\WINDOWS\System32\ruvigesa.exe not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
File C:\WINDOWS\System32\susesari.dll not found.
File C:\WINDOWS\System32\lovosoja.dll not found.
C:\WINDOWS\System32\sepadima.exe moved successfully.
File C:\WINDOWS\System32\lonibeza.dll not found.
C:\WINDOWS\System32\rudinubo.exe moved successfully.
File C:\WINDOWS\System32\vewuyati.dll not found.
File C:\WINDOWS\System32\wufajojo.dll not found.
File C:\WINDOWS\System32\leyikire.exe not found.
File C:\WINDOWS\System32\muyiseta.dll not found.
File C:\WINDOWS\System32\kumababe.dll not found.
C:\WINDOWS\System32\piyetuho.exe moved successfully.
C:\WINDOWS\System32\wetohuyo.exe moved successfully.
File C:\WINDOWS\System32\nevokumo.dll not found.
File C:\WINDOWS\System32\rovezuda.dll not found.
File C:\WINDOWS\System32\sokajuji.exe not found.
File C:\WINDOWS\System32\yefinuli.dll not found.
File C:\WINDOWS\System32\yodogugo.dll not found.
File C:\WINDOWS\System32\yomajufe.exe not found.
File C:\WINDOWS\System32\varabefa.dll not found.
File C:\WINDOWS\System32\nonawava.dll not found.
File C:\WINDOWS\System32\vozufehi.dll not found.
File C:\WINDOWS\System32\muhimese.exe not found.
File C:\WINDOWS\System32\yowirubu.dll not found.
File C:\WINDOWS\System32\zizemehe.dll not found.
File C:\WINDOWS\System32\busatehe.dll not found.
File C:\WINDOWS\System32\pomefeya.exe not found.
File C:\WINDOWS\System32\kumizodo.dll not found.
File C:\WINDOWS\System32\biyamubu.dll not found.
File C:\WINDOWS\System32\wabuyoje.exe not found.
File C:\WINDOWS\System32\fuzanamu.dll not found.
File C:\WINDOWS\System32\dogebuwe.dll not found.
File C:\WINDOWS\System32\vuheluji.exe not found.
File C:\WINDOWS\System32\sidehole.dll not found.
File C:\WINDOWS\System32\yiwuhiso.dll not found.
File C:\WINDOWS\System32\zajeyema.exe not found.
File C:\WINDOWS\System32\boruyani.dll not found.
File C:\WINDOWS\System32\lofuvika.dll not found.
File C:\WINDOWS\System32\pahupotu.dll not found.
File C:\WINDOWS\System32\nopasisi.exe not found.
File C:\WINDOWS\System32\ludiyofu.dll not found.
File C:\WINDOWS\System32\royifego.dll not found.
File C:\WINDOWS\System32\yekotafo.dll not found.
File C:\WINDOWS\System32\disolada.exe not found.
File C:\WINDOWS\System32\fuzoyalu.exe not found.
File C:\WINDOWS\System32\waziroto.dll not found.
File C:\WINDOWS\System32\kiyiromu.exe not found.
File C:\WINDOWS\System32\vogekomu.dll not found.
File C:\WINDOWS\System32\nejejuhi.dll not found.
File C:\Documents and Settings\All Users\Application Data\ukaxikote._sy not found.
File C:\Documents and Settings\All Users\Documents\fyponowota.sys not found.
File C:\Documents and Settings\All Users\Documents\isololebyh._dl not found.
File C:\Documents and Settings\All Users\Documents\pywabugesi.inf not found.
File C:\Documents and Settings\All Users\Documents\amofodety.reg not found.
C:\Documents and Settings\All Users\Application Data\kyqate.db moved successfully.
C:\Documents and Settings\All Users\Documents\acyb.db moved successfully.
C:\Documents and Settings\All Users\Documents\gizuz.db moved successfully.
File C:\Documents and Settings\All Users\Documents\pozopawyp.exe not found.
File C:\WINDOWS\System32\jehuzuru.dll not found.
File C:\WINDOWS\System32\kolakade.dll not found.
File C:\WINDOWS\System32\yedawawo.dll not found.
File C:\WINDOWS\System32\demiweso.exe not found.
File C:\WINDOWS\System32\dunohipo.dll not found.
C:\WINDOWS\System32\rokalodu.exe moved successfully.
File C:\WINDOWS\System32\donoheju.dll not found.
File C:\WINDOWS\System32\givemeku.dll not found.
File C:\WINDOWS\System32\_scui.cpl not found.
File C:\p2hhr.bat not found.
C:\anlqrvl.exe moved successfully.
C:\hufa.exe moved successfully.
File C:\WINDOWS\System32\a1ulp4kbz.dll not found.
C:\ehrrg.exe moved successfully.
C:\vsoq.exe moved successfully.
C:\erupquii.exe moved successfully.
C:\efbcmkj.exe moved successfully.
File C:\WINDOWS\System32\~.exe not found.
File C:\Documents and Settings\All Users\Application Data\ukaxikote._sy not found.
File C:\Documents and Settings\All Users\Documents\fyponowota.sys not found.
File C:\Documents and Settings\All Users\Documents\isololebyh._dl not found.
File C:\Documents and Settings\All Users\Documents\pywabugesi.inf not found.
File C:\Documents and Settings\All Users\Documents\amofodety.reg not found.
File C:\Documents and Settings\All Users\Application Data\kyqate.db not found.
File C:\Documents and Settings\All Users\Documents\acyb.db not found.
File C:\Documents and Settings\All Users\Documents\gizuz.db not found.
File C:\Documents and Settings\All Users\Documents\pozopawyp.exe not found.
File C:\WINDOWS\System32\yedawawo.dll not found.
File C:\WINDOWS\System32\demiweso.exe not found.
File C:\WINDOWS\System32\kolakade.dll not found.
File C:\WINDOWS\System32\rokalodu.exe not found.
File C:\WINDOWS\System32\donoheju.dll not found.
File C:\WINDOWS\System32\givemeku.dll not found.
File C:\WINDOWS\System32\dunohipo.dll not found.
File C:\WINDOWS\System32\_scui.cpl not found.
File C:\WINDOWS\System32\AVR09.exe not found.
File C:\WINDOWS\System32\winhelper.dll not found.
File C:\p2hhr.bat not found.
File C:\WINDOWS\System32\critical_warning.html not found.
File C:\WINDOWS\win32k.sys not found.
File C:\anlqrvl.exe not found.
File C:\WINDOWS\System32\a1ulp4kbz.dll not found.
File C:\ehrrg.exe not found.
File C:\hufa.exe not found.
File C:\vsoq.exe not found.
File C:\erupquii.exe not found.
File C:\efbcmkj.exe not found.
File C:\WINDOWS\System32\~.exe not found.
File C:\WINDOWS\System32\fuzuhefu.dll not found.
File C:\WINDOWS\System32\wepekigi.dll not found.
File C:\WINDOWS\System32\yenusapo.dll not found.
File C:\WINDOWS\System32\susesari.dll not found.
File C:\WINDOWS\System32\lonibeza.dll not found.
File C:\WINDOWS\System32\lovosoja.dll not found.
File C:\WINDOWS\System32\vewuyati.dll not found.
File C:\WINDOWS\System32\wufajojo.dll not found.
File C:\WINDOWS\System32\muyiseta.dll not found.
File C:\WINDOWS\System32\kumababe.dll not found.
File C:\WINDOWS\System32\nevokumo.dll not found.
File C:\WINDOWS\System32\rovezuda.dll not found.
File C:\WINDOWS\System32\yefinuli.dll not found.
File C:\WINDOWS\System32\yodogugo.dll not found.
File C:\WINDOWS\System32\varabefa.dll not found.
File C:\WINDOWS\System32\nonawava.dll not found.
File C:\WINDOWS\System32\nemupazu.dll not found.
File C:\WINDOWS\System32\kusumiwi.dll not found.
File C:\WINDOWS\System32\godidihu.dll not found.
File C:\WINDOWS\System32\yowirubu.dll not found.
File C:\WINDOWS\System32\vozufehi.dll not found.
File C:\WINDOWS\System32\zizemehe.dll not found.
File C:\WINDOWS\System32\kumizodo.dll not found.
File C:\WINDOWS\System32\busatehe.dll not found.
File C:\WINDOWS\System32\biyamubu.dll not found.
File C:\WINDOWS\System32\fuzanamu.dll not found.
File C:\WINDOWS\System32\dogebuwe.dll not found.
File C:\WINDOWS\System32\sidehole.dll not found.
File C:\WINDOWS\System32\yiwuhiso.dll not found.
File C:\WINDOWS\System32\boruyani.dll not found.
File C:\WINDOWS\System32\lofuvika.dll not found.
File C:\WINDOWS\System32\ludiyofu.dll not found.
File C:\WINDOWS\System32\pahupotu.dll not found.
File C:\WINDOWS\System32\royifego.dll not found.
File C:\WINDOWS\System32\waziroto.dll not found.
File C:\WINDOWS\System32\yekotafo.dll not found.
File C:\WINDOWS\System32\vogekomu.dll not found.
File C:\WINDOWS\System32\nejejuhi.dll not found.
File C:\WINDOWS\System32\yohofata.dll not found.
File C:\WINDOWS\System32\rewutoha.dll not found.
File C:\WINDOWS\System32\jehuzuru.dll not found.
Folder C:\Documents and Settings\All Users\Application Data\gijeluhe\ not found.
Folder C:\Documents and Settings\All Users\Application Data\kayufema\ not found.
Folder C:\Documents and Settings\All Users\Application Data\pudaveya\ not found.
Folder C:\Documents and Settings\All Users\Application Data\yufatisi\ not found.
Folder C:\Documents and Settings\All Users\Application Data\zuzofewe\ not found.
File C:\anlqrvl.exe not found.
File C:\efbcmkj.exe not found.
File C:\ehrrg.exe not found.
File C:\erupquii.exe not found.
File C:\hufa.exe not found.
C:\StubInstaller.exe moved successfully.
C:\vgvluqbu.exe moved successfully.
File C:\vsoq.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QPH7TN78\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\94A8OQI3\Antivirus-2010-Seacurity-Tool-t255767[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\94A8OQI3\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\24GR5N65\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3164919 bytes

User: All Users

User: Dan Lennon

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JoAnne and Jim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.03 mb

OTL by OldTimer - Version 3.0.21.0 log created on 10172009_161649

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QPH7TN78\iframe[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\94A8OQI3\Antivirus-2010-Seacurity-Tool-t255767[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\94A8OQI3\iframe[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\24GR5N65\iframe[1].htm moved successfully.

Registry entries deleted on Reboot...

Combofix.exe
ComboFix 09-10-16.09 - Administrator 10/17/2009 15:54.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.319 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\gobledegook.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\csrss.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\services.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\taskmgr.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\winlogon.exe
c:\docume~1\ALLUSE~1\APPLIC~1\pudaveya\pudaveya.dll
c:\docume~1\alluse~1\applic~1\zuzofewe\zuzofewe.dll
c:\documents and settings\All Users\Application Data\71509729
c:\documents and settings\All Users\Application Data\71509729\71509729.bat
c:\documents and settings\All Users\Application Data\71509729\71509729.exe
c:\documents and settings\All Users\Application Data\ukaxikote._sy
c:\documents and settings\All Users\Documents\amofodety.reg
c:\documents and settings\All Users\Documents\fyponowota.sys
c:\documents and settings\All Users\Documents\isololebyh._dl
c:\documents and settings\All Users\Documents\pozopawyp.exe
c:\documents and settings\All Users\Documents\pywabugesi.inf
c:\documents and settings\JoAnne and Jim\Application Data\afinaga.dll
c:\documents and settings\JoAnne and Jim\Application Data\fyvyr.bin
c:\documents and settings\JoAnne and Jim\Application Data\pokad.sys
c:\documents and settings\JoAnne and Jim\Application Data\talajytalo.reg
c:\documents and settings\JoAnne and Jim\Application Data\ufaxijezux.vbs
c:\documents and settings\JoAnne and Jim\Application Data\yqeq.dll
c:\documents and settings\JoAnne and Jim\Cookies\ewyno._sy
c:\documents and settings\JoAnne and Jim\Cookies\rutexubyq.reg
c:\documents and settings\JoAnne and Jim\ntuser.dll
c:\documents and settings\JoAnne and Jim\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\JoAnne and Jim\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\LocalService\ntuser.dll
c:\documents and settings\NetworkService\ntuser.dll
C:\p2hhr.bat
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\windows\system32\_scui.cpl
c:\windows\system32\~.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\biyamubu.dll
c:\windows\system32\boruyani.dll
c:\windows\system32\busatehe.dll
c:\windows\system32\calc.dll
c:\windows\system32\critical_warning.html
c:\windows\system32\demiweso.exe
c:\windows\system32\disolada.exe
c:\windows\system32\dogebuwe.dll
c:\windows\system32\donoheju.dll
c:\windows\system32\dunohipo.dll
c:\windows\system32\fuzanamu.dll
c:\windows\system32\fuzoyalu.exe
c:\windows\system32\fuzuhefu.dll
c:\windows\system32\givemeku.dll
c:\windows\system32\godidihu.dll
c:\windows\system32\jehuzuru.dll
c:\windows\system32\kiyiromu.exe
c:\windows\system32\kolakade.dll
c:\windows\system32\kumababe.dll
c:\windows\system32\kumizodo.dll
c:\windows\system32\kusumiwi.dll
c:\windows\system32\leyikire.exe
c:\windows\system32\lofuvika.dll
c:\windows\system32\logs
c:\windows\system32\logs\{2BF005F9-723E-46CD-81F3-CFD239FBEF1B}.log
c:\windows\system32\lonibeza.dll
c:\windows\system32\lovosoja.dll
c:\windows\system32\ludiyofu.dll
c:\windows\system32\muhimese.exe
c:\windows\system32\muyiseta.dll
c:\windows\system32\nejejuhi.dll
c:\windows\system32\nemupazu.dll
c:\windows\system32\nevokumo.dll
c:\windows\system32\nonawava.dll
c:\windows\system32\nopasisi.exe
c:\windows\system32\pahupotu.dll
c:\windows\system32\pomefeya.exe
c:\windows\system32\rewutoha.dll
c:\windows\system32\rovezuda.dll
c:\windows\system32\royifego.dll
c:\windows\system32\ruvigesa.exe
c:\windows\system32\seyayewi.exe
c:\windows\system32\sidehole.dll
c:\windows\system32\sokajuji.exe
c:\windows\system32\susesari.dll
c:\windows\system32\varabefa.dll
c:\windows\system32\vewuyati.dll
c:\windows\system32\vogekomu.dll
c:\windows\system32\vozufehi.dll
c:\windows\system32\vuheluji.exe
c:\windows\system32\wabuyoje.exe
c:\windows\system32\waziroto.dll
c:\windows\system32\wejuwava.dll
c:\windows\system32\wepekigi.dll
c:\windows\system32\wezewugi.exe
c:\windows\system32\winhelper.dll
c:\windows\system32\wirijepi.dll
c:\windows\system32\wufajojo.dll
c:\windows\system32\yedawawo.dll
c:\windows\system32\yefinuli.dll
c:\windows\system32\yekotafo.dll
c:\windows\system32\yenusapo.dll
c:\windows\system32\yiwuhiso.dll
c:\windows\system32\yodogugo.dll
c:\windows\system32\yohofata.dll
c:\windows\system32\yomajufe.exe
c:\windows\system32\yowirubu.dll
c:\windows\system32\zajeyema.exe
c:\windows\system32\zizemehe.dll
c:\windows\win32k.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.

2009-10-17 19:43 . 2009-10-17 19:43 -------- d-----w- C:\_OTL
2009-10-17 06:34 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 06:34 . 2009-10-17 07:28 -------- d-----w- c:\program files\cats
2009-10-17 06:34 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 06:32 . 2009-10-17 06:32 -------- d-----w- c:\program files\ERUNT
2009-10-17 06:31 . 2009-10-17 06:31 75424 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-17 05:33 . 2009-10-17 05:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-10-17 05:00 . 2009-10-17 05:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PackageAware
2009-10-17 04:06 . 2009-10-17 19:59 -------- d-----w- C:\VeXpLite
2009-10-17 03:39 . 2009-10-17 04:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{3ADA1185-35A8-4B4E-B36B-6392B1DA8C26}
2009-10-17 03:30 . 2009-10-17 03:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-17 03:30 . 2009-10-17 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-17 00:21 . 2009-10-17 03:33 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-16 22:58 . 2009-10-16 22:58 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-16 22:58 . 2009-10-16 22:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-10 19:34 . 2009-10-17 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\pudaveya
2009-10-10 19:34 . 2009-10-10 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\rolibisu
2009-10-10 19:34 . 2009-10-10 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\kayufema
2009-10-10 07:34 . 2009-10-17 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\zuzofewe
2009-10-10 07:34 . 2009-10-10 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\gijeluhe
2009-10-10 07:34 . 2009-10-10 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\yufatisi
2009-10-07 08:03 . 2009-10-07 08:03 25088 --sha-w- C:\ntuser.dll
2009-10-06 01:36 . 2009-10-06 01:36 1047587 --sh--w- c:\windows\system32\rokalodu.exe
2009-10-04 04:14 . 2009-10-04 04:14 39936 ----a-w- C:\anlqrvl.exe
2009-10-04 04:14 . 2009-10-04 04:14 161280 ----a-w- C:\vgvluqbu.exe
2009-10-04 04:14 . 2009-10-04 04:14 51200 ----a-w- C:\ehrrg.exe
2009-10-04 04:14 . 2009-10-04 04:14 189841 ----a-w- C:\hufa.exe
2009-10-04 04:14 . 2009-10-04 04:14 43520 ----a-w- C:\vsoq.exe
2009-10-04 04:14 . 2009-10-04 04:14 19456 ----a-w- C:\erupquii.exe
2009-10-04 04:14 . 2009-10-04 04:14 5632 ----a-w- C:\efbcmkj.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 05:53 . 2006-08-09 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-17 05:51 . 2006-08-09 19:31 -------- d-----w- c:\program files\McAfee
2009-10-17 05:39 . 2007-02-05 21:50 -------- d-----w- c:\program files\SiteAdvisor
2009-10-17 05:39 . 2007-02-05 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-10-17 03:51 . 2009-03-07 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-17 03:21 . 2007-10-22 23:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-17 00:20 . 2009-03-07 03:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-16 21:35 . 2006-08-15 19:13 -------- d-----w- c:\program files\Dl_cats
2009-10-16 07:38 . 2009-07-16 07:38 1115329 --sha-w- c:\windows\system32\sepadima.exe
2009-10-15 19:37 . 2009-07-15 19:37 1114795 --sha-w- c:\windows\system32\rudinubo.exe
2009-10-15 07:37 . 2009-07-15 07:37 25600 --sha-w- c:\windows\system32\piyetuho.exe
2009-10-14 19:37 . 2009-07-14 19:37 1114220 --sha-w- c:\windows\system32\wetohuyo.exe
2009-09-21 00:34 . 2008-05-07 04:28 -------- d-----w- c:\program files\Full Tilt Poker
2009-09-21 00:27 . 2007-06-11 17:45 -------- d-----w- c:\program files\PokerStars
2009-09-15 07:13 . 2009-02-22 02:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-14 12:45 . 2009-09-14 12:45 43264 --s-a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2009-09-10 05:33 . 2009-09-10 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-09 07:03 . 2009-02-23 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-22 07:22 . 2009-08-22 07:22 -------- d-----w- c:\program files\MSBuild
2009-08-22 07:21 . 2009-08-22 07:21 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 01:13 . 2009-08-01 02:12 256 ----a-w- c:\windows\system32\pool.bin
2007-07-19 04:09 . 2006-08-13 05:33 88 --sh--r- c:\windows\system32\1F06666578.sys
2007-07-19 04:09 . 2006-08-13 05:33 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-07 19:32 . 2009-07-07 19:32 1050147 --sha-w- c:\windows\system32\rahunidi.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"dlcjmon.exe"="c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-01 185896]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-06-05 292136]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2009-10-17 274432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-9 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\steamapps\\nightwalker420\\counter-strike\\hl.exe"=
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [9/14/2009 8:45 AM 43264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 11:05 PM 24652]
S2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [9/24/2009 4:55 AM 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

BHO-{84e384eb-9ed0-4f55-9dd9-dae4936315c1} - godidihu.dll
HKLM-Run-ECenter - c:\dell\E-Center\gtb.exe
HKLM-Run-ferayovep - c:\windows\system32\wejuwava.dll
HKLM-Run-peluganoso - nemupazu.dll
SharedTaskScheduler-{7fa5aafd-e751-4f3b-87d0-b589d2db206c} - (no file)
SharedTaskScheduler-{44fda548-dcd4-4349-bd76-9624219f8bdd} - (no file)
SharedTaskScheduler-{f93458ef-0389-4013-9c80-0c84c50b4cc2} - (no file)
SharedTaskScheduler-{03c1d344-ea80-42ec-9082-e10ddee03130} - c:\docume~1\alluse~1\applic~1\pudaveya\pudaveya.dll
SharedTaskScheduler-{baa0a898-66b7-48cd-a6d8-7719815d2f91} - c:\docume~1\alluse~1\applic~1\zuzofewe\zuzofewe.dll
SharedTaskScheduler-{bb5cac16-d07c-4d67-9778-12d81a2047f8} - c:\windows\system32\yefinuli.dll
SharedTaskScheduler-{7da4ec36-e4f1-4490-80f9-7ee6a238ae88} - c:\windows\system32\yefinuli.dll
SharedTaskScheduler-{833c647f-0ff7-496b-ad97-9aae98476c2d} - c:\docume~1\alluse~1\applic~1\pudaveya\pudaveya.dll
SharedTaskScheduler-{40eac9dd-de86-44d3-84af-96394fa25b76} - c:\windows\system32\kumizodo.dll
SharedTaskScheduler-{cacdd594-951d-4d58-975d-75bf64892c47} - c:\docume~1\alluse~1\applic~1\zuzofewe\zuzofewe.dll
SharedTaskScheduler-{410d9bda-5516-473b-8553-40b7cac531ef} - c:\windows\system32\muyiseta.dll
SharedTaskScheduler-{9b750ad2-b330-4797-bd9c-4136f62cd900} - c:\windows\system32\yenusapo.dll
SharedTaskScheduler-{dbb2d341-bbe8-441a-916a-80c70566c89c} - c:\windows\system32\varabefa.dll
SharedTaskScheduler-{a823b1f0-2b4a-442a-817b-61cb9756f1d3} - c:\windows\system32\yenusapo.dll
SharedTaskScheduler-{1d750f0e-9ca3-4fc3-bfc5-a54cc53c5536} - c:\docume~1\alluse~1\applic~1\zuzofewe\zuzofewe.dll
SharedTaskScheduler-{fbf035d2-1401-4b3a-8485-d1b56545c50c} - c:\windows\system32\sidehole.dll
SharedTaskScheduler-{a3a060da-156e-4f2f-92a5-f1546770b799} - c:\windows\system32\varabefa.dll
SharedTaskScheduler-{75ca0af1-a537-435d-850b-fe5bd6c6512b} - c:\windows\system32\yenusapo.dll
SharedTaskScheduler-{3b1276a1-7a92-4e29-99ae-20cd000cb439} - c:\windows\system32\vewuyati.dll
SharedTaskScheduler-{6df4f4ee-b1b2-41c0-b465-5f5e9646d610} - c:\windows\system32\yowirubu.dll
SharedTaskScheduler-{223f1e7e-1063-41c2-b90f-89de76b430d9} - c:\windows\system32\sidehole.dll
SharedTaskScheduler-{b0e28726-6d1e-4f31-ac1a-478d247ba1bb} - c:\windows\system32\yowirubu.dll
SharedTaskScheduler-{0627a1d9-1935-482b-a12e-482b405e1824} - c:\windows\system32\yenusapo.dll
SharedTaskScheduler-{2706bacb-a6bc-44a9-b0f9-411cf8c05a08} - c:\windows\system32\yenusapo.dll
SharedTaskScheduler-{a33a0337-c976-4a62-864c-114fba12bd99} - c:\windows\system32\fuzuhefu.dll
SharedTaskScheduler-{6911a698-5649-4e71-bc82-dd448d69c45a} - c:\docume~1\alluse~1\applic~1\zuzofewe\zuzofewe.dll
SharedTaskScheduler-{e9d0ce36-3d09-420d-aa31-7cba6b6f2222} - c:\windows\system32\wejuwava.dll
SSODL-niwojebaj-{7fa5aafd-e751-4f3b-87d0-b589d2db206c} - (no file)
SSODL-tomeramom-{44fda548-dcd4-4349-bd76-9624219f8bdd} - (no file)
SSODL-gukodosoz-{f93458ef-0389-4013-9c80-0c84c50b4cc2} - (no file)
SSODL-jigolohef-{03c1d344-ea80-42ec-9082-e10ddee03130} - c:\docume~1\alluse~1\applic~1\pudaveya\pudaveya.dll
SSODL-yodabofep-{baa0a898-66b7-48cd-a6d8-7719815d2f91} - c:\docume~1\alluse~1\applic~1\zuzofewe\zuzofewe.dll
SSODL-goyolafim-{bb5cac16-d07c-4d67-9778-12d81a2047f8} - c:\windows\system32\yefinuli.dll
SSODL-wugemeyos-{7da4ec36-e4f1-4490-80f9-7ee6a238ae88} - c:\windows\system32\yefinuli.dll
SSODL-vosirifoh-{833c647f-0ff7-496b-ad97-9aae98476c2d} - c:\docume~1\alluse~1\applic~1\pudaveya\pudaveya.dll
SSODL-jawosubiv-{40eac9dd-de86-44d3-84af-96394fa25b76} - c:\windows\system32\kumizodo.dll
SSODL-kederazij-{cacdd594-951d-4d58-975d-75bf64892c47} - c:\docume~1\alluse~1\applic~1\zuzofewe\zuzofewe.dll
SSODL-winujiveg-{410d9bda-5516-473b-8553-40b7cac531ef} - c:\windows\system32\muyiseta.dll
SSODL-rirogovuf-{9b750ad2-b330-4797-bd9c-4136f62cd900} - c:\windows\system32\yenusapo.dll
SSODL-muyakadah-{dbb2d341-bbe8-441a-916a-80c70566c89c} - c:\windows\system32\varabefa.dll
SSODL-ravasizop-{a823b1f0-2b4a-442a-817b-61cb9756f1d3} - c:\windows\system32\yenusapo.dll
SSODL-gulesewik-{1d750f0e-9ca3-4fc3-bfc5-a54cc53c5536} - c:\docume~1\alluse~1\applic~1\zuzofewe\zuzofewe.dll
SSODL-vowirakoh-{fbf035d2-1401-4b3a-8485-d1b56545c50c} - c:\windows\system32\sidehole.dll
SSODL-rihuguvup-{a3a060da-156e-4f2f-92a5-f1546770b799} - c:\windows\system32\varabefa.dll
SSODL-tupegewew-{75ca0af1-a537-435d-850b-fe5bd6c6512b} - c:\windows\system32\yenusapo.dll
SSODL-podarudor-{3b1276a1-7a92-4e29-99ae-20cd000cb439} - c:\windows\system32\vewuyati.dll
SSODL-figehoduh-{6df4f4ee-b1b2-41c0-b465-5f5e9646d610} - c:\windows\system32\yowirubu.dll
SSODL-wivoluved-{223f1e7e-1063-41c2-b90f-89de76b430d9} - c:\windows\system32\sidehole.dll
SSODL-zalujosez-{b0e28726-6d1e-4f31-ac1a-478d247ba1bb} - c:\windows\system32\yowirubu.dll
SSODL-nividizum-{0627a1d9-1935-482b-a12e-482b405e1824} - c:\windows\system32\yenusapo.dll
SSODL-hepejezem-{2706bacb-a6bc-44a9-b0f9-411cf8c05a08} - c:\windows\system32\yenusapo.dll
SSODL-fibuhesuj-{a33a0337-c976-4a62-864c-114fba12bd99} - c:\windows\system32\fuzuhefu.dll
SSODL-kumusuvab-{6911a698-5649-4e71-bc82-dd448d69c45a} - c:\docume~1\alluse~1\applic~1\zuzofewe\zuzofewe.dll
SSODL-morojikiv-{e9d0ce36-3d09-420d-aa31-7cba6b6f2222} - c:\windows\system32\wejuwava.dll
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 16:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,1d,ab,93,30,47,9e,40,b2,5c,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,1d,ab,93,30,47,9e,40,b2,5c,11,\

[HKEY_USERS\S-1-5-21-3396454753-3732866966-992589496-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,38,ef,f1,aa,de,c4,43,81,45,13,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,38,ef,f1,aa,de,c4,43,81,45,13,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1812)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-10-17 16:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-17 20:13

Pre-Run: 3,632,562,176 bytes free
Post-Run: 3,540,983,808 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

356 --- E O F --- 2009-09-15 07:02

#4
Essexboy

Posted 17 October 2009 - 02:40 PM

GeekU Moderator

Retired Staff
69,964 posts

Not a bad start so far - nice job

So lets continue

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\rokalodu.exe
C:\anlqrvl.exe
C:\vgvluqbu.exe
C:\ehrrg.exe
C:\hufa.exe
C:\vsoq.exe
C:\erupquii.exe
C:\efbcmkj.exe
c:\windows\system32\sepadima.exe
c:\windows\system32\rudinubo.exe
c:\windows\system32\piyetuho.exe
c:\windows\system32\wetohuyo.exe
c:\windows\system32\rahunidi.exe
c:\windows\system32\1F06666578.sys

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new OTListit log.

#5
slugger05

Posted 17 October 2009 - 03:09 PM

New Member

Topic Starter
Member
8 posts

here is the log for combofix. should i just run OTL and do a quick scan and post taht log?

combofix
ComboFix 09-10-16.09 - Administrator 10/17/2009 16:52.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.362 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\gobledegook.com
Command switches used :: c:\docume~1\ADMINI~1\Desktop\CFScript.txt

FILE ::
"C:\anlqrvl.exe"
"C:\efbcmkj.exe"
"C:\ehrrg.exe"
"C:\erupquii.exe"
"C:\hufa.exe"
"C:\vgvluqbu.exe"
"C:\vsoq.exe"
"c:\windows\system32\1F06666578.sys"
"c:\windows\system32\piyetuho.exe"
"c:\windows\system32\rahunidi.exe"
"c:\windows\system32\rokalodu.exe"
"c:\windows\system32\rudinubo.exe"
"c:\windows\system32\sepadima.exe"
"c:\windows\system32\wetohuyo.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\1F06666578.sys
c:\windows\system32\rahunidi.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.

2009-10-17 19:43 . 2009-10-17 19:43 -------- d-----w- C:\_OTL
2009-10-17 06:34 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 06:34 . 2009-10-17 07:28 -------- d-----w- c:\program files\cats
2009-10-17 06:34 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 06:32 . 2009-10-17 06:32 -------- d-----w- c:\program files\ERUNT
2009-10-17 06:31 . 2009-10-17 06:31 75424 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-17 05:33 . 2009-10-17 05:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-10-17 05:00 . 2009-10-17 05:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PackageAware
2009-10-17 04:06 . 2009-10-17 20:58 -------- d-----w- C:\VeXpLite
2009-10-17 03:39 . 2009-10-17 04:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{3ADA1185-35A8-4B4E-B36B-6392B1DA8C26}
2009-10-17 03:30 . 2009-10-17 03:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-17 03:30 . 2009-10-17 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-17 00:21 . 2009-10-17 03:33 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-16 22:58 . 2009-10-16 22:58 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-16 22:58 . 2009-10-16 22:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-07 08:03 . 2009-10-07 08:03 25088 --sha-w- C:\ntuser.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 05:53 . 2006-08-09 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-17 05:51 . 2006-08-09 19:31 -------- d-----w- c:\program files\McAfee
2009-10-17 05:39 . 2007-02-05 21:50 -------- d-----w- c:\program files\SiteAdvisor
2009-10-17 05:39 . 2007-02-05 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-10-17 03:51 . 2009-03-07 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-17 03:21 . 2007-10-22 23:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-17 00:20 . 2009-03-07 03:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-16 21:35 . 2006-08-15 19:13 -------- d-----w- c:\program files\Dl_cats
2009-09-21 00:34 . 2008-05-07 04:28 -------- d-----w- c:\program files\Full Tilt Poker
2009-09-21 00:27 . 2007-06-11 17:45 -------- d-----w- c:\program files\PokerStars
2009-09-15 07:13 . 2009-02-22 02:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-14 12:45 . 2009-09-14 12:45 43264 --s-a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2009-09-10 05:33 . 2009-09-10 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-09 07:03 . 2009-02-23 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-22 07:22 . 2009-08-22 07:22 -------- d-----w- c:\program files\MSBuild
2009-08-22 07:21 . 2009-08-22 07:21 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 01:13 . 2009-08-01 02:12 256 ----a-w- c:\windows\system32\pool.bin
2007-07-19 04:09 . 2006-08-13 05:33 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"dlcjmon.exe"="c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-01 185896]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-06-05 292136]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2009-10-17 274432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-9 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\steamapps\\nightwalker420\\counter-strike\\hl.exe"=
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [9/14/2009 8:45 AM 43264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 11:05 PM 24652]
S2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [9/24/2009 4:55 AM 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 17:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,1d,ab,93,30,47,9e,40,b2,5c,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,1d,ab,93,30,47,9e,40,b2,5c,11,\

[HKEY_USERS\S-1-5-21-3396454753-3732866966-992589496-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,38,ef,f1,aa,de,c4,43,81,45,13,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,38,ef,f1,aa,de,c4,43,81,45,13,\
.
Completion time: 2009-10-17 17:04
ComboFix-quarantined-files.txt 2009-10-17 21:04
ComboFix2.txt 2009-10-17 20:13

Pre-Run: 3,554,328,576 bytes free
Post-Run: 3,511,095,296 bytes free

174 --- E O F --- 2009-09-15 07:02

#6
Essexboy

Posted 17 October 2009 - 03:11 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes please, but select the LOP checkbox as well

#7
slugger05

Posted 17 October 2009 - 03:13 PM

New Member

Topic Starter
Member
8 posts

when i check the box LOP and click quick scan all it does is check both boxes and does nothing. what do i do?

#8
Essexboy

Posted 17 October 2009 - 03:16 PM

GeekU Moderator

Retired Staff
69,964 posts

Just do a quick scan - I have checked the combofix log and it looks goood. Are you experiencing any problems

#9
slugger05

Posted 17 October 2009 - 03:18 PM

New Member

Topic Starter
Member
8 posts

here is my OTL log i am still in safe mode and wasn't sure if i should try opening normal windows.

OTL logfile created on: 10/17/2009 5:12:41 PM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 254.18 Mb Available Physical Memory | 49.84% Memory free
1.22 Gb Paging File | 1.08 Gb Available in Paging File | 88.74% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 3.30 Gb Free Space | 6.26% Space Free | Partition Type: NTFS
Drive D: | 18.48 Gb Total Space | 8.31 Gb Free Space | 44.95% Space Free | Partition Type: NTFS
Drive E: | 487.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANSROOM
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/17 04:20:17 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL2.exe
PRC - [2009/01/15 03:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (McSysmon [On_Demand | Stopped])
SRV - File not found -- -- (McShield [Unknown | Stopped])
SRV - [2009/10/17 00:34:12 | 00,065,536 | ---- | M] (TG Soft Sas www.tgsoft.it) -- C:\VeXpLite\viritsvc.exe -- (viritsvclite [Auto | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
SRV - [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Auto | Stopped])
SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Stopped])
SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/07/12 10:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device [On_Demand | Stopped])
SRV - [2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:32 | 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VeXpLite\MONLITE.EXE ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.co...date/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.co...ty4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 08:53:14 | 00,000,075 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/16 23:39:43 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{3ADA1185-35A8-4B4E-B36B-6392B1DA8C26}
[2009/10/16 23:30:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/16 18:03:52 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/16 19:15:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/10/17 01:33:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG8
[2009/10/16 18:03:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/10/16 19:17:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/10/16 23:30:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/10/16 18:03:53 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2009/10/16 18:03:52 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch
[2009/10/17 01:00:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
[2009/10/16 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent
[2009/10/16 20:21:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/17 02:34:30 | 00,000,000 | ---D | C] -- C:\Program Files\cats
[2009/10/17 02:32:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/17 17:04:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/17 16:50:44 | 00,000,000 | ---D | C] -- C:\gobledegook
[2009/10/17 15:51:44 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/17 15:49:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/17 15:49:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/17 15:49:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/17 15:49:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/17 15:47:30 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/17 15:43:29 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/17 15:33:06 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/10/17 04:20:01 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL2.exe
[2009/10/17 03:35:22 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/10/17 02:34:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/17 02:34:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/17 02:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/17 02:30:51 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint.exe
[2009/10/17 00:06:09 | 00,000,000 | ---D | C] -- C:\VeXpLite
[2009/10/16 23:29:42 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\cats.exe
[2009/10/16 23:26:27 | 00,889,840 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_8_37_cnet.exe
[2009/10/16 20:52:22 | 34,101,504 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
[2009/10/16 18:03:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2009/10/16 18:03:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music

========== Files - Modified Within 14 Days ==========

[2009/10/17 17:00:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/17 16:19:04 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/17 16:18:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/17 16:17:03 | 02,205,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/17 16:06:36 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/17 15:51:58 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/17 15:49:05 | 03,348,750 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\gobledegook.com
[2009/10/17 15:29:02 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avenger.zip
[2009/10/17 15:16:50 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe
[2009/10/17 04:20:17 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL2.exe
[2009/10/17 03:51:11 | 00,521,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/17 03:49:03 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/10/17 03:48:59 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/10/17 02:46:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/17 02:34:35 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/17 02:32:02 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/10/17 02:32:02 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/10/17 02:31:07 | 00,075,424 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/17 02:30:58 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint.exe
[2009/10/17 02:29:50 | 00,271,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/10/17 01:33:11 | 00,889,840 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_8_37_cnet.exe
[2009/10/17 01:22:23 | 00,000,478 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vir.IT eXplorer Lite.lnk
[2009/10/16 23:29:46 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\cats.exe
[2009/10/16 20:52:34 | 34,101,504 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
[2009/10/16 20:15:22 | 00,002,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2009/10/16 17:52:31 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files - No Company Name ==========
[2009/10/17 15:51:58 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/17 15:51:55 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/17 15:49:50 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/17 15:49:50 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/17 15:49:50 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/17 15:49:50 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/17 15:48:42 | 03,348,750 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\gobledegook.com
[2009/10/17 15:30:29 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avenger.exe
[2009/10/17 15:28:58 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avenger.zip
[2009/10/17 15:16:23 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe
[2009/10/17 03:51:02 | 00,521,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/17 03:49:03 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/10/17 02:34:35 | 00,000,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/17 02:32:02 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/10/17 02:32:02 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/10/17 02:31:07 | 00,075,424 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/17 02:29:50 | 00,271,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/10/17 00:06:44 | 00,000,478 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vir.IT eXplorer Lite.lnk
[2009/10/16 20:15:22 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2009/10/16 18:04:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/10/16 18:03:57 | 02,205,456 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/06/06 15:36:09 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/15 22:02:44 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/25 23:07:35 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2007/02/25 23:07:35 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2007/02/25 22:34:27 | 00,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2007/01/07 19:24:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/24 05:26:11 | 00,000,180 | ---- | C] () -- C:\WINDOWS\sclock.ini
[2006/08/13 01:33:08 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/12 21:52:41 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/08/11 17:21:21 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/09 15:41:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/09 15:31:51 | 00,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/09 15:25:11 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/09 15:18:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/09 14:52:50 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2006/08/09 14:52:50 | 01,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2006/08/09 14:52:50 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2006/08/09 14:52:50 | 00,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2006/08/09 14:52:50 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2006/08/09 14:52:50 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2006/08/09 14:52:50 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2006/08/09 14:52:50 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2006/08/09 14:52:50 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2006/08/09 14:52:50 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2006/08/09 14:52:50 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2006/08/09 14:52:50 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2006/08/09 14:52:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2006/08/09 14:52:50 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2006/08/09 14:52:48 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2006/08/09 14:52:48 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2006/08/09 14:52:48 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2006/08/09 14:52:48 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2006/08/09 14:52:48 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2006/08/09 14:52:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/08/09 14:51:56 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/05 10:34:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/02 15:16:00 | 00,000,618 | ---- | C] () -- C:\WINDOWS\System32\dlcjplc.ini
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 13:51:28 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 16:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2002/02/27 17:50:00 | 00,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll

========== LOP Check ==========

[2009/10/17 01:39:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/17 16:16:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/13 18:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/17 00:07:15 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3ADA1185-35A8-4B4E-B36B-6392B1DA8C26}
[2009/06/18 02:51:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/08/09 15:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/06 18:25:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/02/13 16:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/07/29 20:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2004/08/10 14:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/03/18 03:08:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/02/13 16:53:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/16 23:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/11/13 02:53:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/09 23:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/16 17:52:31 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/08/10 13:51:06 | 00,000,004 | -HS- | M] () -- C:\WINDOWS\Tasks\FOLDER.TSX
[2009/10/17 02:46:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

#10
Essexboy

Posted 17 October 2009 - 03:21 PM

GeekU Moderator

Retired Staff
69,964 posts

If you could now return to normal mode please and run MBAM - then post the log and let me know of any problems

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#11
slugger05

Posted 17 October 2009 - 04:12 PM

New Member

Topic Starter
Member
8 posts

i ran the scan and it found all the infected files. after the reboot everything is back to normal. here is the log from mbam. now that i am up and running what free antivirus program do you recommend so that this does not happen again? i thank you so much and will make a donation. i couldnt have done it with out you.

Malwarebytes' Anti-Malware 1.41
Database version: 2976
Windows 5.1.2600 Service Pack 3

10/17/2009 5:58:48 PM
mbam-log-2009-10-17 (17-58-48).txt

Scan type: Quick Scan
Objects scanned: 120857
Time elapsed: 16 minute(s), 3 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 13
Registry Data Items Infected: 9
Folders Infected: 3
Files Infected: 79

Memory Processes Infected:
C:\Documents and Settings\Dan Lennon\Application Data\svcst.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\i9fvi5h.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\Dan Lennon\Application Data\seres.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a249bc15-23f2-42ad-f4e4-00aac39c0004} (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2010 (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Login Software 2009 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yjafosi8kdf98winmdkmnkmfnwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Application Data\6398915029 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Dan Lennon\Application Data\svcst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\i9fvi5h.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Application Data\seres.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Application Data\lizkavd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\nvsvc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\onr359n.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\rundll32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\services.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\spoolsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\system.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\1182840576.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\1223951100.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\1334926362.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\1338469200.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\1352701100.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\1774599388.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\1884955442.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\2082030246.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\3010991032.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\3192422870.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\3304439558.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\3364653924.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\3491103728.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\3683647282.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\4073393140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\4179893790.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\4255235238.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\csrss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\login.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\212201102.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\230994656.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\2358389450.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\2520620504.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\2619882808.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\2654432574.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\2666903076.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\2741514318.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\2784457612.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\287869656.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\2981376166.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\win.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\win16.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\4285783870.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\656928664.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\697023218.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\75126298.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\910896764.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\914784718.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\923582094.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\985609522.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temporary Internet Files\Content.IE5\8IM3S5K0\(SC)[1].(N) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Application Data\6398915029\6398915029.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Application Data\6398915029\6398915029.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ysyzojahot.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Dan Lennon\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Lennon\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

#12
Essexboy

Posted 17 October 2009 - 04:15 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you run one more quick scan with MBAM in normal mode to ensure that all is gone. The dangerous ones were taken out on the first run and those were leftovers, but I would like to be sure

Whilst you are doing that I will prepare the next part

#13
Essexboy

Posted 17 October 2009 - 04:23 PM

GeekU Moderator

Retired Staff
69,964 posts

OK antivirus - I will give you the download and installation instructions for the Antivirus I use, if at a later stage you do not like it I will also recommend several other free Antivirus programmes.

First you have to download an antivirus. This program is basic for the security of your computer and in todays age not having one will probably lead to disaster for your computer.

Please go HERE and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the @ in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! this can be done at any time that you like, or you can set it to scan as your screensaver,
Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial HERE it may make it easier to you to follow the steps.

Next, choose

Scan all local disks
scan archive files
click on Schedule

On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads. This will take a while so do this when you have the time

#14
slugger05

Posted 17 October 2009 - 04:31 PM

New Member

Topic Starter
Member
8 posts

no infected files were found. here is the log

Malwarebytes' Anti-Malware 1.41
Database version: 2976
Windows 5.1.2600 Service Pack 3

10/17/2009 6:31:05 PM
mbam-log-2009-10-17 (18-31-05).txt

Scan type: Quick Scan
Objects scanned: 120372
Time elapsed: 12 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

#15
Essexboy

Posted 17 October 2009 - 04:36 PM

GeekU Moderator

Retired Staff
69,964 posts

Excellent - it must now be time to say goodbye, run for 24 hours and let me know if you experience any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u16-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586-p.exe and select "Run as an Administrator.")

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

SPRING CLEAN

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

SpywareBlaster to help prevent spyware from installing in the first place.
SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit