Having some issues

[tomn66]

My virus scan found a virus this afternoon. The computer locked up and then I had trouble booting into windows.
Thank you in advance for your help.

Logfile of Trend Micro HijackThis v2.0.2 -Removed for now


DDS Log is posted:

============ Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\9PQ95HZK\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.refdesk.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
uSearch Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
TB: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Xruvetasoyuyebi] rundll32.exe "c:\windows\mqeat8.dll",Startup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Rzeramiroluqo] rundll32.exe "c:\windows\unofopawuqe.dll",Startup
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\sysrda32.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: netflix.com\www
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.6.0.6.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - hxxp://rd1.surfernetwork.com/surferplugin.ocx
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160778582500
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5205/mcfscan.cab
DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} - hxxp://www.kiddonet.com/kiddonet/GtekPrt.ocx
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
IFEO: image file execution options - svchost.exe

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-7 64160]
R0 XMS1563K;XMS1563K;c:\windows\system32\drivers\XMS1563K.SYS [2005-11-12 49692]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-24 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-12-16 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-24 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-24 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-24 56816]
R2 LF30FS;LF30FS;c:\program files\everstrike software\lock folder xp 3.6\LF30XP.sys [2004-11-19 101488]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-9 38224]
S0 MFX;MFX; [x]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 12872]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S4 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2008-1-13 73472]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]

=============== Created Last 30 ================

2010-08-28 18:53:50 120 ----a-w- c:\windows\Imowo.dat
2010-08-28 18:53:50 0 ----a-w- c:\windows\Iqatofiboqa.bin
2010-08-28 18:38:27 757248 ----a-w- c:\windows\system32\drivers\gohaylnj.sys
2010-08-28 18:38:13 47616 ---ha-w- c:\windows\system32\noteutou.dll
2010-08-28 18:38:03 4 ----a-w- c:\docume~1\hp_adm~1\applic~1\avdrn.dat
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-31 17:44:41 0 d-----w- c:\program files\iPod
2010-07-31 17:44:34 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-27 18:09:15 12254384 ----a-w- c:\documents and settings\hp_administrator\Moyea FLV Downloader-3.1.2.26-Setup.exe
2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2005-11-30 01:47:39 876408 ----a-w- c:\program files\InstallDVRMSToolbox.zip
2005-11-30 01:33:00 2217472 ----a-w- c:\program files\dcut.msi
2005-11-25 10:15:56 1316026 ----a-w- c:\program files\DVDFabDecrypter29.exe
2005-10-28 02:29:11 251 ----a-w- c:\program files\wt3d.ini
2002-07-26 22:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2005-10-31 03:07:15 22 --sha-w- c:\windows\sminst\HPCD.sys
2008-08-31 23:58:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 23:30:38.60 ===============

[peku006]

Hello and to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

• If you don't know or understand something please don't hesitate to ask
• Please DO NOT run any other tools or scans whilst I am helping you.
• It is important that you reply to this thread. Do not start a new topic.
• DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Absence of symptoms does not mean that everything is clear.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006

[tomn66]

Hello Peku,
Thank you for the help.

ComboFix 10-09-03.01 - HP_Administrator 09/03/2010 16:29:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2358 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Local Settings\Application Data\{3F1C0747-C4D7-43BE-AB0C-BFAA9826F9E0}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{3F1C0747-C4D7-43BE-AB0C-BFAA9826F9E0}\chrome.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{3F1C0747-C4D7-43BE-AB0C-BFAA9826F9E0}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{3F1C0747-C4D7-43BE-AB0C-BFAA9826F9E0}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{3F1C0747-C4D7-43BE-AB0C-BFAA9826F9E0}\install.rdf
c:\documents and settings\HP_Administrator\My Documents\Java.exe
c:\program files\RegGenie
c:\program files\RegGenie\RegGenie.ini
c:\program files\UNWISE.EXE
C:\Thumbs.db
c:\windows\ali.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\noteutou.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 )))))))))))))))))))))))))))))))
.

2010-08-29 03:14 . 2010-08-29 03:14 -------- d-----w- c:\program files\ERUNT
2010-08-28 18:53 . 2010-08-29 01:08 120 ----a-w- c:\windows\Imowo.dat
2010-08-28 18:53 . 2010-08-28 18:53 0 ----a-w- c:\windows\Iqatofiboqa.bin
2010-08-28 18:38 . 2010-08-28 18:48 757248 ----a-w- c:\windows\system32\drivers\gohaylnj.sys
2010-08-28 18:27 . 2010-08-28 18:28 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 20:35 . 2010-04-13 23:08 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-03 17:32 . 2008-01-30 16:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WeatherBug
2010-09-02 01:35 . 2010-05-08 15:22 63488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-02 01:35 . 2009-12-21 09:07 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-28 18:38 . 2010-08-28 18:38 24 ----a-w- c:\windows\system32\config\systemprofile\Application Data\hngmfc.dat
2010-08-28 14:08 . 2008-01-07 23:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 17:45 . 2010-07-31 17:44 -------- d-----w- c:\program files\iTunes
2010-07-31 17:44 . 2010-07-31 17:44 -------- d-----w- c:\program files\iPod
2010-07-31 17:44 . 2008-02-05 22:53 -------- d-----w- c:\program files\Common Files\Apple
2010-07-31 17:39 . 2010-07-31 17:39 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-26 18:39 . 2010-07-26 18:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\UltraGet
2010-07-26 16:36 . 2010-07-26 16:36 -------- d-----w- c:\program files\FLV Player
2010-07-26 16:28 . 2010-07-26 16:21 -------- d-----w- c:\program files\Save Flash
2010-07-26 15:57 . 2010-07-26 15:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Neoretix
2010-07-26 15:50 . 2010-07-26 15:50 -------- d-----w- c:\program files\GeoVid
2010-07-25 15:07 . 2010-07-25 15:07 -------- d-----w- c:\program files\UnH Solutions
2010-07-25 14:54 . 2009-02-16 00:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 14:54 . 2010-07-25 14:54 53632 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-07-25 14:51 . 2010-07-25 14:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-19 00:26 . 2005-12-23 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-15 21:37 . 2010-07-15 21:37 711168 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...080-0-main.dll
2010-07-11 14:59 . 2009-10-10 22:48 -------- d-----w- c:\program files\CCleaner
2010-06-30 12:31 . 2004-08-10 05:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 18:09 . 2010-06-27 18:09 12254384 ----a-w- c:\documents and settings\HP_Administrator\Moyea FLV Downloader-3.1.2.26-Setup.exe
2010-06-24 12:22 . 2004-08-10 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 05:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 05:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 05:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-10 05:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 05:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2005-11-30 01:47 . 2005-11-30 01:47 876408 ----a-w- c:\program files\InstallDVRMSToolbox.zip
2005-11-30 01:33 . 2005-11-10 00:47 2217472 ----a-w- c:\program files\dcut.msi
2005-11-25 10:15 . 2005-11-25 10:15 1316026 ----a-w- c:\program files\DVDFabDecrypter29.exe
2005-10-28 02:29 . 2005-10-28 02:29 251 ----a-w- c:\program files\wt3d.ini
2005-10-31 03:07 . 2005-10-31 03:07 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^dCut Service.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\dCut Service.lnk
backup=c:\windows\pss\dCut Service.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^JMicron Button Manager.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\JMicron Button Manager.lnk
backup=c:\windows\pss\JMicron Button Manager.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apdproxy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DirectCD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep 0 -k]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep 0 -u]
c:\windows\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDesktop
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleToolbarNotifier

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDtemp4]
c:\program files\BinarySense\HDDTemp4\\hddtemp4 [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\whagent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\whsurvey
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Protection Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ypager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2006-11-07 15:29 50736 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 12:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-02 23:19 77312 ----a-w- c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ARPWRMSG]
2005-08-02 23:19 77312 ----a-w- c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-10 07:33 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bandmon]
2008-06-01 22:05 1529856 ----a-w- c:\program files\Rokario\Bandwidth Monitor\bandmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cli]
2005-08-10 07:33 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
2005-10-31 16:18 101888 ----a-w- c:\program files\ESPNRunTime\DIGServices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
2005-10-31 16:05 278528 ----a-w- c:\program files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLV Downloader]
2010-05-12 17:56 5873872 ----a-w- c:\program files\Moyea\YouTube FLV Downloader\FLVDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLVDownloader]
2010-05-12 17:56 5873872 ----a-w- c:\program files\Moyea\YouTube FLV Downloader\FLVDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-25 22:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpcmpmgr]
2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 20:44 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocationFinder]
2006-05-15 19:24 101136 ----a-w- c:\program files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsburnwatcher]
2005-05-10 17:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2005-05-10 17:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
2006-05-15 19:24 101136 ----a-w- c:\program files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSASCui]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLECoInst]
2005-12-21 15:14 73728 ----a-w- c:\windows\system32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-11 06:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
2005-03-17 16:10 536576 ----a-w- c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2004-10-25 19:17 90112 ----a-w- c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
2004-03-11 06:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSFree]
2005-03-17 16:10 536576 ----a-w- c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader_sl]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched]
2010-04-17 17:49 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-02-03 13:32 18085888 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-24 01:41 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-28 14:08 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-17 17:49 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2005-12-21 15:14 73728 ----a-w- c:\windows\system32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBTip]
2006-01-23 20:42 196608 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2006-01-23 20:42 196608 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2006-04-07 20:02 1343488 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouTube FLV Downloader]
2010-05-12 17:56 5873872 ----a-w- c:\program files\Moyea\YouTube FLV Downloader\FLVDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BOCore"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"LightScribeService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\dCut\\DCutService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/7/2009 11:25 AM 64160]
R0 XMS1563K;XMS1563K;c:\windows\system32\drivers\XMS1563K.SYS [11/12/2005 12:06 PM 49692]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/16/2009 5:26 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 5:26 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 1:00 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/24/2009 2:21 AM 108289]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [11/19/2004 7:07 PM 101488]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S0 MFX;MFX; [x]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 5:27 PM 12872]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [1/13/2008 6:57 AM 73472]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2010-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-09-03 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2005-10-28 13:03]

2010-09-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-09-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3241921697-945589079-2639526779-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3241921697-945589079-2639526779-501.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3241921697-945589079-2639526779-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3241921697-945589079-2639526779-501.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-03 c:\windows\Tasks\User_Feed_Synchronization-{42067EFD-962B-4169-8193-05B965D98D12}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.refdesk.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: intuit.com\ttlc
Trusted Zone: netflix.com\www
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-NavLogon - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-svcWRSSSDK
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DesktopWeather - c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
MSConfigStartUp-DW4 - c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
MSConfigStartUp-Launcher - c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Rzeramiroluqo - c:\windows\unofopawuqe.dll
MSConfigStartUp-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE
MSConfigStartUp-SNDMon - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-UniblueSpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
MSConfigStartUp-VPTray - c:\progra~1\SYMANT~1\VPTray.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 16:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP000000CC165C8CAABA017CE0 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-03 16:47:16
ComboFix-quarantined-files.txt 2010-09-03 20:47

Pre-Run: 138,768,314,368 bytes free
Post-Run: 150,215,204,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - EA89D46B8407887CF16D64CA686233DE

[peku006]

Hi tomn66

TFC (Temp File Cleaner)

• Please download TFC to your desktop
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Check files for Viruses

• Go to VirusTotal or Jotti's

c:\windows\Iqatofiboqa.bin
c:\windows\system32\drivers\gohaylnj.sys

• Copy/Paste the first file on the list into the white Upload a file box.
• Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
• After a while, a window will open, with details of what the scans found.
• Note details of any viruses found.
• Repeat for all files on the list, and post me the details please

Thanks peku006

[tomn66]

Hi Peku006,
I wasn't able to copy and paste but I browsed for the files and then submitted .
The top one on the list was an empty file.
Results of the second using Jotti:
Scanners
2010-09-04 Found nothing 2010-09-04 Gen:Variant.Bubnix.1
2010-09-03 Win32:Bubak 2010-09-04 Trojan.WinNT.Bubnix
2010-09-04 Generic19.AGP 2010-09-04 Rootkit.Win32.Bubnix.aem
2010-09-03 RKit/Bubnix.aem 2010-09-04 Win32/Bubnix.AZ
2010-09-04 Gen:Variant.Bubnix.1 2010-09-03 Found nothing
2010-09-04 Found nothing 2010-09-04 Found nothing
2010-09-04 Found nothing 2010-09-04 Mal/Bubnix-B
2010-09-04 Trojan.Bubnix.1 2010-09-03 Found nothing
2010-09-03 Found nothing 2010-09-03 Found nothing
2010-09-03 Gen:Variant.Bubnix.1


Additional info
File size: 757248 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 2859c4445d9de48937ceed3941cd32c3
SHA1: f30c148ba29b0209aed475c6f2a0f04bf406ece4

[tomn66]

I also had the file analyzed at Virus Total:

File name: file-1364055_sys
Submission date: 2010-09-04 12:47:09 (UTC)
Current status: finished
Result: 24 /43 (55.8%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 Backdoor/Win32.Bubnix
AntiVir 8.2.4.50 2010.09.03 RKit/Bubnix.aem
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.04 -
Avast 4.8.1351.0 2010.09.03 Win32:Bubak
Avast5 5.0.594.0 2010.09.03 Win32:Bubak
AVG 9.0.0.851 2010.09.04 Generic19.AGP
BitDefender 7.2 2010.09.04 Gen:Variant.Bubnix.1
CAT-QuickHeal 11.00 2010.09.03 -
ClamAV 0.96.2.0-git 2010.09.04 -
Comodo 5963 2010.09.04 -
DrWeb 5.0.2.03300 2010.09.04 Trojan.Bubnix.1
Emsisoft 5.0.0.37 2010.09.04 Trojan.WinNT.Bubnix!IK
eSafe 7.0.17.0 2010.09.01 -
eTrust-Vet 36.1.7835 2010.09.03 Win32/Bubnix!generic
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.04 Gen:Variant.Bubnix.1
Fortinet 4.1.143.0 2010.09.04 -
GData 21 2010.09.04 Gen:Variant.Bubnix.1
Ikarus T3.1.1.88.0 2010.09.04 Trojan.WinNT.Bubnix
Jiangmin 13.0.900 2010.09.04 Rootkit.Bubnix.la
K7AntiVirus 9.63.2436 2010.09.03 -
Kaspersky 7.0.0.125 2010.09.04 Rootkit.Win32.Bubnix.aem
McAfee 5.400.0.1158 2010.09.04 Generic.dx!tpl
McAfee-GW-Edition 2010.1B 2010.09.04 Generic.dx!tpl
Microsoft 1.6103 2010.09.03 Trojan:WinNT/Bubnix.gen!A
NOD32 5422 2010.09.04 a variant of Win32/Bubnix.AZ
Norman 6.05.11 2010.09.03 -
nProtect 2010-09-04.01 2010.09.04 Gen:Variant.Bubnix.1
Panda 10.0.2.7 2010.09.03 Trj/CI.A
PCTools 7.0.3.5 2010.09.04 -
Prevx 3.0 2010.09.04 Medium Risk Malware
Rising 22.63.05.01 2010.09.04 -
Sophos 4.57.0 2010.09.04 Mal/Bubnix-B
Sunbelt 6827 2010.09.03 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.09.04 -
Symantec 20101.1.1.7 2010.09.04 -
TheHacker 6.5.2.1.364 2010.09.04 Trojan/Bubnix.aem
TrendMicro 9.120.0.1004 2010.09.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.04 -
VBA32 3.12.14.0 2010.09.03 -
ViRobot 2010.8.31.4017 2010.09.04 -
VirusBuster 12.64.16.1 2010.09.03 -
Additional informationShow all
MD5 : 2859c4445d9de48937ceed3941cd32c3
SHA1 : f30c148ba29b0209aed475c6f2a0f04bf406ece4
SHA256: bafa97f64f0606b2dcffdf7df362dfc0a4b1b337510c7e1e790226f971868f1d
ssdeep: 12288:wf/4GHp2frF9LfWfL3XCaa+OXCRdhqeXM32S+jJ3EgseBk8uhyy:04GHwz/L+nC3+lEe8
32S+u/efuhy
File size : 757248 bytes
First seen: 2010-08-29 21:59:04
Last seen : 2010-09-04 12:47:09
Magic: PE32 executable for MS Windows (native) Intel 80386 32-bit
TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x10A0
timedatestamp....: 0x4C79493E (Sat Aug 28 17:37:02 2010)
machinetype......: 0x14C (Intel I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x532F4, 0x53400, 8.0, 2d91786f15678d58c8a12e976d7f6664
.rdata, 0x55000, 0x13C, 0x200, 3.07, 31142cb0d307b1c99dadd7a1c1287b43
.data, 0x56000, 0x6534, 0x2A00, 7.81, 85042c0585a709701af59116227a2a10
INIT, 0x5D000, 0x81A, 0xA00, 4.89, 56980acdffbf2275066b5c57622dc818
.reloc, 0x5E000, 0x61FE0, 0x62000, 8.0, 945b56c4e9ad53ad8cb6968eedf44c88

[[ 1 import(s) ]]
ntoskrnl.exe: sprintf, ZwQuerySystemInformation, ExAllocatePoolWithTag, ExFreePoolWithTag, _stricmp, RtlSetDaclSecurityDescriptor, FsRtlLegalAnsiCharacterArray, KeQueryTickCount, RtlFindNextForwardRunClear, RtlNextUnicodePrefix, ZwDeleteFile, DbgBreakPointWithStatus, KeSynchronizeExecution, _allshr, IoCreateSymbolicLink, KeWaitForMultipleObjects, RtlCompressChunks, FsRtlMdlWriteComplete, IoDeleteDevice, PsReturnPoolQuota, SeReleaseSecurityDescriptor, KeQuerySystemTime, RtlAnsiStringToUnicodeString, RtlFindFirstRunClear, KeResetEvent, MmMapLockedPages, MmAllocateContiguousMemory, _wcsrev, IoReportTargetDeviceChange, ObInsertObject, RtlGetFirstRange, KeDelayExecutionThread, READ_REGISTER_BUFFER_UCHAR, IoWriteErrorLogEntry, RtlLargeIntegerShiftRight, ObCreateObject, ZwSetInformationFile, RtlFindSetBits, LsaRegisterLogonProcess, IoCreateDevice, RtlIntegerToUnicodeString, RtlEnlargedUnsignedMultiply, SeReleaseSubjectContext, RtlNumberOfClearBits, RtlGetElementGenericTable, IoUnregisterFsRegistrationChange, FsRtlPrepareMdlWriteDev, RtlFreeHeap, KeGetCurrentThread, ObReferenceObjectByName, ExfInterlockedInsertHeadList, RtlAddRange, FsRtlDeleteTunnelCache, InbvNotifyDisplayOwnershipLost, IoFreeWorkItem, IoRegisterDeviceInterface, _allrem, IoReadOperationCount, memcpy, NlsAnsiCodePage, IoSetDeviceToVerify, ExAcquireResourceSharedLite, KeQueryActiveProcessors, InbvSolidColorFill, RtlFindLeastSignificantBit, MmAllocatePagesForMdl, MmCreateSection, KeSetTimer, MmFreeContiguousMemorySpecifyCache, KeInitializeEvent, IoSetHardErrorOrVerifyDevice, InbvInstallDisplayStringFilter, IoRegisterFsRegistrationChange

Prevx Info:
http://info.prevx.com/aboutprogramte...E9B900F2991B0A
Symantec reputation:Suspicious.Insight


VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team

[peku006]

Hi tomn66

Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code:

File::
c:\windows\Iqatofiboqa.bin
c:\windows\system32\drivers\gohaylnj.sys

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Malwarebytes' Anti-Malware

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.

1. Make sure you are connected to the Internet.
2. Double-click on mbam-setup.exe to install the application.
3. When the installation begins, follow the prompts and do not make any changes to default settings.
4. When installation has finished, make sure you leave both of these checked:
   • Update Malwarebytes' Anti-Malware
   • Launch Malwarebytes' Anti-Malware
   • Then click Finish.
   MBAM will automatically start and you will be asked to update the program before performing a scan.
   • If an update is found, the program will automatically update itself.
   • Press the OK button to close that box and continue.
   • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.

On the Scanner tab:

1. Make sure the "Perform full scan" option is selected.
2. Then click on the Scan button.
3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
6. Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

1. Click on the Show Results button to see a list of any malware that was found.
2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
   We will take care of the System Volume Information items later.
3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
   The log can also be found here:
   C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006

[tomn66]

Good morning Peku006,

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4550

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/5/2010 11:08:40 AM
mbam-log-2010-09-05 (11-08-40).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 320246
Time elapsed: 3 hour(s), 19 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 10-09-04.06 - HP_Administrator 09/05/2010 7:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2389 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-04 18:31 . 2010-09-04 18:31 -------- d-----w- c:\program files\iPod
2010-09-04 18:31 . 2010-09-04 18:32 -------- d-----w- c:\program files\iTunes
2010-09-04 18:24 . 2010-09-04 18:24 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-29 03:14 . 2010-08-29 03:14 -------- d-----w- c:\program files\ERUNT
2010-08-28 18:53 . 2010-08-29 01:08 120 ----a-w- c:\windows\Imowo.dat
2010-08-28 18:53 . 2010-08-28 18:53 0 ----a-w- c:\windows\Iqatofiboqa.bin
2010-08-28 18:38 . 2010-08-28 18:48 757248 ----a-w- c:\windows\system32\drivers\gohaylnj.sys
2010-08-28 18:27 . 2010-08-28 18:28 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 10:46 . 2010-04-13 23:08 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-04 18:31 . 2008-02-05 22:53 -------- d-----w- c:\program files\Common Files\Apple
2010-09-03 17:32 . 2008-01-30 16:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WeatherBug
2010-09-02 01:35 . 2010-05-08 15:22 63488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-02 01:35 . 2009-12-21 09:07 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-28 18:38 . 2010-08-28 18:38 24 ----a-w- c:\windows\system32\config\systemprofile\Application Data\hngmfc.dat
2010-08-28 14:08 . 2008-01-07 23:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-26 18:39 . 2010-07-26 18:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\UltraGet
2010-07-26 16:36 . 2010-07-26 16:36 -------- d-----w- c:\program files\FLV Player
2010-07-26 16:28 . 2010-07-26 16:21 -------- d-----w- c:\program files\Save Flash
2010-07-26 15:57 . 2010-07-26 15:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Neoretix
2010-07-26 15:50 . 2010-07-26 15:50 -------- d-----w- c:\program files\GeoVid
2010-07-25 15:07 . 2010-07-25 15:07 -------- d-----w- c:\program files\UnH Solutions
2010-07-25 14:54 . 2009-02-16 00:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 14:51 . 2010-07-25 14:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-19 00:26 . 2005-12-23 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-11 14:59 . 2009-10-10 22:48 -------- d-----w- c:\program files\CCleaner
2010-06-30 12:31 . 2004-08-10 05:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 18:09 . 2010-06-27 18:09 12254384 ----a-w- c:\documents and settings\HP_Administrator\Moyea FLV Downloader-3.1.2.26-Setup.exe
2010-06-24 12:22 . 2004-08-10 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 05:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 05:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 05:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-10 05:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 05:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2005-11-30 01:47 . 2005-11-30 01:47 876408 ----a-w- c:\program files\InstallDVRMSToolbox.zip
2005-11-30 01:33 . 2005-11-10 00:47 2217472 ----a-w- c:\program files\dcut.msi
2005-11-25 10:15 . 2005-11-25 10:15 1316026 ----a-w- c:\program files\DVDFabDecrypter29.exe
2005-10-28 02:29 . 2005-10-28 02:29 251 ----a-w- c:\program files\wt3d.ini
2005-10-31 03:07 . 2005-10-31 03:07 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^dCut Service.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\dCut Service.lnk
backup=c:\windows\pss\dCut Service.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^JMicron Button Manager.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\JMicron Button Manager.lnk
backup=c:\windows\pss\JMicron Button Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep 0 -k]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep 0 -u]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDtemp4]
c:\program files\BinarySense\HDDTemp4\\hddtemp4 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2006-11-07 15:29 50736 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 12:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-02 23:19 77312 ----a-w- c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ARPWRMSG]
2005-08-02 23:19 77312 ----a-w- c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-10 07:33 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bandmon]
2008-06-01 22:05 1529856 ----a-w- c:\program files\Rokario\Bandwidth Monitor\bandmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cli]
2005-08-10 07:33 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
2005-10-31 16:18 101888 ----a-w- c:\program files\ESPNRunTime\DIGServices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
2005-10-31 16:05 278528 ----a-w- c:\program files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLV Downloader]
2010-05-12 17:56 5873872 ----a-w- c:\program files\Moyea\YouTube FLV Downloader\FLVDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLVDownloader]
2010-05-12 17:56 5873872 ----a-w- c:\program files\Moyea\YouTube FLV Downloader\FLVDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-25 22:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpcmpmgr]
2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 20:44 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocationFinder]
2006-05-15 19:24 101136 ----a-w- c:\program files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsburnwatcher]
2005-05-10 17:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2005-05-10 17:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
2006-05-15 19:24 101136 ----a-w- c:\program files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSASCui]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLECoInst]
2005-12-21 15:14 73728 ----a-w- c:\windows\system32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-11 06:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
2005-03-17 16:10 536576 ----a-w- c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2004-10-25 19:17 90112 ----a-w- c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
2004-03-11 06:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSFree]
2005-03-17 16:10 536576 ----a-w- c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader_sl]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched]
2010-04-17 17:49 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-02-03 13:32 18085888 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-24 01:41 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-28 14:08 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-17 17:49 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2005-12-21 15:14 73728 ----a-w- c:\windows\system32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBTip]
2006-01-23 20:42 196608 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2006-01-23 20:42 196608 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2006-04-07 20:02 1343488 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouTube FLV Downloader]
2010-05-12 17:56 5873872 ----a-w- c:\program files\Moyea\YouTube FLV Downloader\FLVDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BOCore"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"LightScribeService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\dCut\\DCutService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/7/2009 11:25 AM 64160]
R0 XMS1563K;XMS1563K;c:\windows\system32\drivers\XMS1563K.SYS [11/12/2005 12:06 PM 49692]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/16/2009 5:26 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 5:26 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 1:00 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/24/2009 2:21 AM 108289]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [11/19/2004 7:07 PM 101488]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S0 MFX;MFX; [x]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 5:27 PM 12872]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [1/13/2008 6:57 AM 73472]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2010-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-09-05 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2005-10-28 13:03]

2010-09-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3241921697-945589079-2639526779-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3241921697-945589079-2639526779-501.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3241921697-945589079-2639526779-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3241921697-945589079-2639526779-501.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{42067EFD-962B-4169-8193-05B965D98D12}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.refdesk.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: intuit.com\ttlc
Trusted Zone: netflix.com\www
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 07:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-09-05 07:40:15
ComboFix-quarantined-files.txt 2010-09-05 11:40
ComboFix2.txt 2010-09-03 20:47

Pre-Run: 149,645,778,944 bytes free
Post-Run: 150,037,090,304 bytes free

- - End Of File - - 40AE596300322C13C41B0117E290DB83

[peku006]

Hi

Good morning

almost bedtime in Norway........

Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.

• Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.

• Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
• Double click the gmer.exe file
• The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
• After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply

Thanks peku006

[tomn66]

Hi Peku006,

I had some problems doing the scan which is why it took me so long to post back.
I started scanning yesterday afternoon and when I came home a few hours later the scan was an hourglass that wouldn't do anything. The computer wasn't locked up but unresponsive. I turned it off and then restarted the scan. It took around 12 hours and when finished wouldn't give the option to save as text only a log file. I then resaved it as a text file.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-06 08:46:29
Windows 5.1.2600 Service Pack 3
Running: kjlj8ptl.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwwyypod.sys


---- System - GMER 1.0.15 ----

SSDT BA7FA676 ZwCreateKey
SSDT BA7FA66C ZwCreateThread
SSDT BA7FA67B ZwDeleteKey
SSDT BA7FA685 ZwDeleteValueKey
SSDT BA7FA68A ZwLoadKey
SSDT BA7FA658 ZwOpenProcess
SSDT BA7FA65D ZwOpenThread
SSDT BA7FA694 ZwReplaceKey
SSDT BA7FA68F ZwRestoreKey
SSDT BA7FA680 ZwSetValueKey
SSDT BA7FA667 ZwTerminateProcess

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32@ c:\Program Files\Common Files\HP\Memories Disc\2.0\hpodae.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32@InprocServer32 uSiM*whG=?LDyEe5uzk1DocViewerExe>OhfvK{U{2A~2,G1RD0J(?h6w3$o}}19&o=.=l*Ww^GalleryExe>OhfvK{U{2A~2,G1RD0J(?
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ProgID@ hpodae.HPODEECrop.1
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\TypeLib@ {6FF279DD-740F-429D-990A-1BFAE3511B5B}
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\VersionIndependentProgID@ hpodae.HPODEECrop
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06}\Microsoft\Outlook Express 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06}\Microsoft\Outlook Express\alt.binaries.pictures.readheads.dbx 76500 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06}\Microsoft\Outlook Express\Deleted Items.dbx 4522096 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06}\Microsoft\Outlook Express\Folders.dbx 12131172 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06}\Microsoft\Outlook Express\Inbox.dbx 722672 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06}\Microsoft\Outlook Express\Offline.dbx 9656 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06}\Microsoft\Outlook Express\Outbox.dbx 60116 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06}\Microsoft\Outlook Express\Pop3uidl.dbx 9404 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06}\Microsoft\Outlook Express\Sent Items.dbx 202736 bytes
File C:\Documents and Settings\HP_Administrator\My Documents\Converted Videos 0 bytes

---- EOF - GMER 1.0.15 ----