1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

stubborn rootkit behavior

Discussion in 'Virus & Other Malware Removal' started by fulani77, Dec 20, 2010.

Thread Status:
Not open for further replies.
  1. fulani77

    fulani77 Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    1
    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft® Windows Vista™ Business , Service Pack 1, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 3 Stepping 3
    Processor Count: 2
    RAM: 2046 Mb
    Graphics Card: RADEON 9200 SE Family (Microsoft Corporation - XDDM), 2 Mb
    Hard Drives: C: Total - 476929 MB, Free - 395810 MB; D: Total - 476929 MB, Free - 476225 MB; G: Total - 953867 MB, Free - 843974 MB;
    Motherboard: , 848P-ICH5, ,
    Antivirus: None

    a virus in my email is sending various miscellaneaous emails to friends and family.
    It wont let me use combo fix no more
    and some of the programs is hard to get into. I have ran the following programs and the results are below

    heres the copy of hijackthis.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:37:27 PM, on 12/20/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18975)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Gamevance\gamevance32.exe
    C:\Windows\System32\CtHelper.exe
    C:\Windows\lsass.exe
    C:\Windows\user.exe
    C:\Windows\winamp.exe
    C:\Windows\gdi32.exe
    C:\Windows\avp.exe
    C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\lsass.exe
    C:\Windows\winamp.exe
    C:\Windows\avp.exe
    C:\Windows\user.exe
    C:\Windows\gdi32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\cmd.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\cmd.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winlogon.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winlogon.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\services.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\services.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\lsass.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\lsass.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\wininst.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\csrss.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\csrss.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\smss.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Ant.com\IE add-on\AntMaintainer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\sdclt.exe
    C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55Q8IXIY\HijackThis[1].exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.j...YYUS&ptb=71976232-BFF6-4AD5-8AA1-65A969248AC8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {d664042c-ca70-48b6-afc9-24a4212d5e43} - C:\Program Files\WebfettiIE\bar\1.bin\ybSrcAs.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Ant.com Toolbars browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.antplugin
    O2 - BHO: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Search Assistant BHO - {a504d73b-32d5-4b53-9dfc-0891be7653f0} - C:\Program Files\WebfettiIE\bar\1.bin\ybSrcAs.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Toolbar BHO - {d826715f-a629-4613-a641-5ca18e8b2f7a} - C:\PROGRA~1\WEBFET~2\bar\1.bin\ybbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Tango - {F2E959A9-E0B0-48EA-B4B4-BF05F0F3AEE1} - C:\Windows\system32\ad78.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O3 - Toolbar: Ant.com Download Toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll
    O3 - Toolbar: Webfetti - {94fc3fb2-3e5c-4b8f-aaee-17090ce800bc} - C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Tango - {F2E959A8-E0B0-48EA-B4B4-BF05F0F3AEE1} - C:\Windows\system32\ad78.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [uPc+kt0NpaJsiv] rundll32.exe C:\Windows\system32\qlkxa.dll, SystemServer
    O4 - HKLM\..\Run: [Mqsuc] C:\Windows\lsass.exe
    O4 - HKLM\..\Run: [MqmPiA] C:\Windows\TEMP\wi5v87e.exe
    O4 - HKLM\..\Run: [MqmPrc] C:\Windows\TEMP\winamp.exe
    O4 - HKLM\..\Run: [Mque] C:\Windows\user.exe
    O4 - HKLM\..\Run: [MqmPxc] C:\Windows\TEMP\smss.exe
    O4 - HKLM\..\Run: [MqmPeP] C:\Windows\TEMP\avp32.exe
    O4 - HKLM\..\Run: [Mqvpe] C:\Windows\winamp.exe
    O4 - HKLM\..\Run: [MqmPusc] C:\Windows\TEMP\winlogon.exe
    O4 - HKLM\..\Run: [MqrMc] C:\Windows\gdi32.exe
    O4 - HKLM\..\Run: [Mqpe] C:\Windows\avp.exe
    O4 - HKLM\..\Run: [Dcunivi] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\izobeyeyo.dll",Startup
    O4 - HKLM\..\Run: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\lsass.exe
    O4 - HKLM\..\Run: [WebfettiIE Browser Plugin Loader] C:\PROGRA~1\WEBFET~2\bar\1.bin\ybbrmon.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [{05F56CA1-3653-C92E-73DD-E00241B3B5C1}] "C:\Users\ZAPP COMPUTER\AppData\Roaming\Lufui\faefi.exe"
    O4 - HKCU\..\Run: [{197A4896-E395-2C96-B947-B2880C87150A}] "C:\Users\ZAPP COMPUTER\AppData\Roaming\Ysucty\uqlut.exe"
    O4 - HKCU\..\Run: [{796F6833-9A7A-5AF8-6202-BA847A4BE804}] "C:\Users\ZAPP COMPUTER\AppData\Roaming\Tyzyog\zece.exe"
    O4 - HKCU\..\Run: [Mqsuc] C:\Windows\lsass.exe
    O4 - HKCU\..\Run: [Mqvpe] C:\Windows\winamp.exe
    O4 - HKCU\..\Run: [uPc+kt0NpaJsiv] rundll32.exe C:\Windows\system32\qlkxa.dll, SystemServer
    O4 - HKCU\..\Run: [Mqpe] C:\Windows\avp.exe
    O4 - HKCU\..\Run: [Mque] C:\Windows\user.exe
    O4 - HKCU\..\Run: [MqrMc] C:\Windows\gdi32.exe
    O4 - HKCU\..\Run: [LvRYPiejl+0zPCO~1\AppData\Local\Temp\3932186519.exe] C:\Users\ZAPPCO~1\AppData\Local\Temp\3932186519.exe
    O4 - HKCU\..\Run: [LvRYPiejlkc] C:\Users\ZAPPCO~1\AppData\Local\Temp\cmd.exe
    O4 - HKCU\..\Run: [LvRYPiejlqW] C:\Users\ZAPPCO~1\AppData\Local\Temp\drweb.exe
    O4 - HKCU\..\Run: [LvRYPiejlora] C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplarer.exe
    O4 - HKCU\..\Run: [Mquendupper.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
    /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
    AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
    MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
    ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
    mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
    zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
    /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
    AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
    M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
    ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
    mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9
    O4 - HKCU\..\Run: [LvRARNhfngnb] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\cmd.exe
    O4 - HKCU\..\Run: [LvRARNhfngmtd] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
    O4 - HKCU\..\Run: [LvRARNhfngob] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
    O4 - HKCU\..\Run: [LvRYPiejlqse] C:\Users\ZAPPCO~1\AppData\Local\Temp\winlogon.exe
    O4 - HKCU\..\Run: [LvRYPiejlpsc] C:\Users\ZAPPCO~1\AppData\Local\Temp\taskmgr.exe
    O4 - HKCU\..\Run: [LvRYPiejlqvc] C:\Users\ZAPPCO~1\AppData\Local\Temp\svchost.exe
    O4 - HKCU\..\Run: [LvRARNhfngosf] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
    O4 - HKCU\..\Run: [LvRARNhfngrsc] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winlogon.exe
    O4 - HKCU\..\Run: [LvRARNhfngtrf] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe
    O4 - HKCU\..\Run: [LvRYPiejlud] C:\Users\ZAPPCO~1\AppData\Local\Temp\system.exe
    O4 - HKCU\..\Run: [LvRYPiejlppf] C:\Users\ZAPPCO~1\AppData\Local\Temp\services.exe
    O4 - HKCU\..\Run: [LvRYPiejlq+] C:\Users\ZAPPCO~1\AppData\Local\Temp\win16.exe
    O4 - HKCU\..\Run: [LvRARNhfngpta] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\services.exe
    O4 - HKCU\..\Run: [LvRARNhfnguuc] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
    O4 - HKCU\..\Run: [LvRARNhfngrA] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
    O4 - HKCU\..\Run: [LvRARNhfngOz1cCOMPUTER\AppData\Local\Temp\3932186519.exe] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
    O4 - HKCU\..\Run: [LvRYPiejlqb] C:\Users\ZAPPCO~1\AppData\Local\Temp\winamp.exe
    O4 - HKCU\..\Run: [LvRYPiejlmc] C:\Users\ZAPPCO~1\AppData\Local\Temp\mdm.exe
    O4 - HKCU\..\Run: [LvRYPiejl+yyPCO~1\AppData\Local\Temp\4273161361.exe] C:\Users\ZAPPCO~1\AppData\Local\Temp\4273161361.exe
    O4 - HKCU\..\Run: [LvRARNhfngrrc] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
    O4 - HKCU\..\Run: [LvRARNhfngne] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
    O4 - HKCU\..\Run: [LvRYPiejlk+] C:\Users\ZAPPCO~1\AppData\Local\Temp\gdi32.exe
    O4 - HKCU\..\Run: [LvRYPiejlotc] C:\Users\ZAPPCO~1\AppData\Local\Temp\hexdump.exe
    O4 - HKCU\..\Run: [LvRYPiejlo+] C:\Users\ZAPPCO~1\AppData\Local\Temp\avp32.exe
    O4 - HKCU\..\Run: [LvRYPiejlqf] C:\Users\ZAPPCO~1\AppData\Local\Temp\user.exe
    O4 - HKCU\..\Run: [LvRYPiejlrxc] C:\Users\ZAPPCO~1\AppData\Local\Temp\spoolsv.exe
    O4 - HKCU\..\Run: [LvRARNhfngl/] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
    O4 - HKCU\..\Run: [LvRARNhfngmve] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
    O4 - HKCU\..\Run: [LvRARNhfngta] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
    O4 - HKCU\..\Run: [LvRARNhfngoA] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
    O4 - HKCU\..\Run: [LvRARNhfngrvg] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
    O4 - HKCU\..\Run: [LvRYPiejlne] C:\Users\ZAPPCO~1\AppData\Local\Temp\lsass.exe
    O4 - HKCU\..\Run: [LvRARNhfngqd] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\lsass.exe
    O4 - HKCU\..\Run: [LvRARNhfngruf] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\wininst.exe
    O4 - HKCU\..\Run: [LvRYPiejlpe] C:\Users\ZAPPCO~1\AppData\Local\Temp\csrss.exe
    O4 - HKCU\..\Run: [LvRARNhfngM0ycCOMPUTER\AppData\Local\Temp\4273161361.exe] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
    O4 - HKCU\..\Run: [LvRYPiejlsPc] C:\Users\ZAPPCO~1\AppData\Local\Temp\nvsvc32.exe
    O4 - HKCU\..\Run: [LvRARNhfngsfP] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
    O4 - HKCU\..\Run: [LvRARNhfngoh] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\csrss.exe
    O4 - HKCU\..\Run: [LvRYPiejlna] C:\Users\ZAPPCO~1\AppData\Local\Temp\login.exe
    O4 - HKCU\..\Run: [LvRYPiejlrf] C:\Users\ZAPPCO~1\AppData\Local\Temp\smss.exe
    O4 - HKCU\..\Run: [LvRARNhfngpb] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
    O4 - HKCU\..\Run: [LvRARNhfngre] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\smss.exe
    O4 - HKCU\..\Run: [LvRYPiejlupc] C:\Users\ZAPPCO~1\AppData\Local\Temp\sysedit.exe
    O4 - HKCU\..\Run: [LvRARNhfngupf] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
    O4 - HKCU\..\Run: [LvRYPiejloc] C:\Users\ZAPPCO~1\AppData\Local\Temp\avp.exe
    O4 - HKCU\..\Run: [LvRARNhfngoe] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
    O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Akodapeqikoda] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Nlicorfg.dll",Startup (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [uPc+kt0NpaJsiv] rundll32.exe C:\Windows\system32\qlkxa.dll, SystemServer (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Mqsuc] C:\Windows\lsass.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MqmPiA] C:\Windows\TEMP\wi5v87e.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MqmPrc] C:\Windows\TEMP\winamp.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Mque] C:\Windows\user.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MqmPxc] C:\Windows\TEMP\smss.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MqmPeP] C:\Windows\TEMP\avp32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Mqvpe] C:\Windows\winamp.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MqmPusc] C:\Windows\TEMP\winlogon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MqrMc] C:\Windows\gdi32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Mqpe] C:\Windows\avp.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [akhlyohk] C:\Windows\TEMP\mynwncllk\boqyrfnaffm.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [hfjavbgi] C:\Windows\TEMP\fpprpcdny\bsudiqbaffm.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\lsass.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
    O4 - .DEFAULT User Startup: kaaf.exe (User 'Default user')
    O4 - .DEFAULT User Startup: qoav.exe (User 'Default user')
    O4 - .DEFAULT User Startup: uvpa.exe (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Launch Whitesmoke Translator.lnk = C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.antplugin
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Webfetti Service (WebfettiIEService) - Webfetti - C:\PROGRA~1\WEBFET~2\bar\1.bin\ybbarsvc.exe
    --
    End of file - 23073 bytes





    DDS (Ver_10-12-12.02) - NTFSx86
    Run by ZAPP COMPUTER at 13:43:16.83 on Mon 12/20/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2047.845 [GMT -6:00]
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Gamevance\gamevance32.exe
    C:\Windows\System32\CtHelper.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\user.exe
    C:\Program Files\iWin Games\iWinTrusted.exe
    C:\Windows\winamp.exe
    C:\Windows\gdi32.exe
    C:\Windows\avp.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\WEBFET~2\bar\1.bin\ybbarsvc.exe
    C:\Windows\winamp.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\avp.exe
    C:\Windows\user.exe
    C:\Windows\gdi32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
    "C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe"
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
    "C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe"
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\wininst.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    "C:\Windows\System32\svchost.exe"
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Ant.com\IE add-on\AntMaintainer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\sdclt.exe
    C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55Q8IXIY\dds[1].scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZKxdm567YYUS&ptb=71976232-BFF6-4AD5-8AA1-65A969248AC8
    uSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
    mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: N/A: {d664042c-ca70-48b6-afc9-24a4212d5e43} - c:\program files\webfettiie\bar\1.bin\ybSrcAs.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
    BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
    BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Assistant BHO: {a504d73b-32d5-4b53-9dfc-0891be7653f0} - c:\program files\webfettiie\bar\1.bin\ybSrcAs.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Toolbar BHO: {d826715f-a629-4613-a641-5ca18e8b2f7a} - c:\progra~1\webfet~2\bar\1.bin\ybbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Tango: {f2e959a9-e0b0-48ea-b4b4-bf05f0f3aee1} - c:\windows\system32\ad78.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
    TB: Tango: {f2e959a8-e0b0-48ea-b4b4-bf05f0f3aee1} - c:\windows\system32\ad78.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
    TB: Webfetti: {94fc3fb2-3e5c-4b8f-aaee-17090ce800bc} - c:\program files\webfettiie\bar\1.bin\ybbar.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    EB: GP Bar: {c3538050-face-11de-8a39-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [{05F56CA1-3653-C92E-73DD-E00241B3B5C1}] "c:\users\zapp computer\appdata\roaming\lufui\faefi.exe"
    uRun: [{197A4896-E395-2C96-B947-B2880C87150A}] "c:\users\zapp computer\appdata\roaming\ysucty\uqlut.exe"
    uRun: [{796F6833-9A7A-5AF8-6202-BA847A4BE804}] "c:\users\zapp computer\appdata\roaming\tyzyog\zece.exe"
    uRun: [Mqsuc] c:\windows\lsass.exe
    uRun: [Mqvpe] c:\windows\winamp.exe
    uRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
    uRun: [Mqpe] c:\windows\avp.exe
    uRun: [Mque] c:\windows\user.exe
    uRun: [MqrMc] c:\windows\gdi32.exe
    uRun: [LvRYPiejl+0zPCO~1\AppData\Local\Temp\3932186519.exe] c:\users\zappco~1\appdata\local\temp\3932186519.exe
    uRun: [LvRYPiejlkc] c:\users\zappco~1\appdata\local\temp\cmd.exe
    uRun: [LvRYPiejlqW] c:\users\zappco~1\appdata\local\temp\drweb.exe
    uRun: [LvRYPiejlora] c:\users\zappco~1\appdata\local\temp\iexplarer.exe
    uRun: [LvRARNhfngnb] c:\users\zapp computer\appdata\local\temp\cmd.exe
    uRun: [LvRARNhfngmtd] c:\users\zapp computer\appdata\local\temp\iexplarer.exe
    uRun: [LvRARNhfngob] c:\users\zapp computer\appdata\local\temp\drweb.exe
    uRun: [LvRYPiejlqse] c:\users\zappco~1\appdata\local\temp\winlogon.exe
    uRun: [LvRYPiejlpsc] c:\users\zappco~1\appdata\local\temp\taskmgr.exe
    uRun: [LvRYPiejlqvc] c:\users\zappco~1\appdata\local\temp\svchost.exe
    uRun: [LvRARNhfngosf] c:\users\zapp computer\appdata\local\temp\taskmgr.exe
    uRun: [LvRARNhfngrsc] c:\users\zapp computer\appdata\local\temp\winlogon.exe
    uRun: [LvRARNhfngtrf] c:\users\zapp computer\appdata\local\temp\svchost.exe
    uRun: [LvRYPiejlud] c:\users\zappco~1\appdata\local\temp\system.exe
    uRun: [LvRYPiejlppf] c:\users\zappco~1\appdata\local\temp\services.exe
    uRun: [LvRYPiejlq+] c:\users\zappco~1\appdata\local\temp\win16.exe
    uRun: [LvRARNhfngpta] c:\users\zapp computer\appdata\local\temp\services.exe
    uRun: [LvRARNhfnguuc] c:\users\zapp computer\appdata\local\temp\system.exe
    uRun: [LvRARNhfngrA] c:\users\zapp computer\appdata\local\temp\win16.exe
    uRun: [LvRARNhfngOz1cCOMPUTER\AppData\Local\Temp\3932186519.exe] c:\users\zapp computer\appdata\local\temp\3932186519.exe
    uRun: [LvRYPiejlqb] c:\users\zappco~1\appdata\local\temp\winamp.exe
    uRun: [LvRYPiejlmc] c:\users\zappco~1\appdata\local\temp\mdm.exe
    uRun: [LvRYPiejl+yyPCO~1\AppData\Local\Temp\4273161361.exe] c:\users\zappco~1\appdata\local\temp\4273161361.exe
    uRun: [LvRARNhfngrrc] c:\users\zapp computer\appdata\local\temp\winamp.exe
    uRun: [LvRARNhfngne] c:\users\zapp computer\appdata\local\temp\mdm.exe
    uRun: [LvRYPiejlk+] c:\users\zappco~1\appdata\local\temp\gdi32.exe
    uRun: [LvRYPiejlotc] c:\users\zappco~1\appdata\local\temp\hexdump.exe
    uRun: [LvRYPiejlo+] c:\users\zappco~1\appdata\local\temp\avp32.exe
    uRun: [LvRYPiejlqf] c:\users\zappco~1\appdata\local\temp\user.exe
    uRun: [LvRYPiejlrxc] c:\users\zappco~1\appdata\local\temp\spoolsv.exe
    uRun: [LvRARNhfngl/] c:\users\zapp computer\appdata\local\temp\gdi32.exe
    uRun: [LvRARNhfngmve] c:\users\zapp computer\appdata\local\temp\hexdump.exe
    uRun: [LvRARNhfngta] c:\users\zapp computer\appdata\local\temp\user.exe
    uRun: [LvRARNhfngoA] c:\users\zapp computer\appdata\local\temp\avp32.exe
    uRun: [LvRARNhfngrvg] c:\users\zapp computer\appdata\local\temp\spoolsv.exe
    uRun: [LvRYPiejlne] c:\users\zappco~1\appdata\local\temp\lsass.exe
    uRun: [LvRARNhfngqd] c:\users\zapp computer\appdata\local\temp\lsass.exe
    uRun: [LvRARNhfngruf] c:\users\zapp computer\appdata\local\temp\wininst.exe
    uRun: [LvRYPiejlpe] c:\users\zappco~1\appdata\local\temp\csrss.exe
    uRun: [LvRARNhfngM0ycCOMPUTER\AppData\Local\Temp\4273161361.exe] c:\users\zapp computer\appdata\local\temp\4273161361.exe
    uRun: [LvRYPiejlsPc] c:\users\zappco~1\appdata\local\temp\nvsvc32.exe
    uRun: [LvRARNhfngsfP] c:\users\zapp computer\appdata\local\temp\nvsvc32.exe
    uRun: [LvRARNhfngoh] c:\users\zapp computer\appdata\local\temp\csrss.exe
    uRun: [LvRYPiejlna] c:\users\zappco~1\appdata\local\temp\login.exe
    uRun: [LvRYPiejlrf] c:\users\zappco~1\appdata\local\temp\smss.exe
    uRun: [LvRARNhfngpb] c:\users\zapp computer\appdata\local\temp\login.exe
    uRun: [LvRARNhfngre] c:\users\zapp computer\appdata\local\temp\smss.exe
    uRun: [LvRYPiejlupc] c:\users\zappco~1\appdata\local\temp\sysedit.exe
    uRun: [LvRARNhfngupf] c:\users\zapp computer\appdata\local\temp\sysedit.exe
    uRun: [LvRYPiejloc] c:\users\zappco~1\appdata\local\temp\avp.exe
    uRun: [LvRARNhfngoe] c:\users\zapp computer\appdata\local\temp\avp.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
    mRun: [Mqsuc] c:\windows\lsass.exe
    mRun: [MqmPiA] c:\windows\temp\wi5v87e.exe
    mRun: [MqmPrc] c:\windows\temp\winamp.exe
    mRun: [Mque] c:\windows\user.exe
    mRun: [MqmPxc] c:\windows\temp\smss.exe
    mRun: [MqmPeP] c:\windows\temp\avp32.exe
    mRun: [Mqvpe] c:\windows\winamp.exe
    mRun: [MqmPusc] c:\windows\temp\winlogon.exe
    mRun: [MqrMc] c:\windows\gdi32.exe
    mRun: [Mqpe] c:\windows\avp.exe
    mRun: [Dcunivi] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\izobeyeyo.dll",Startup
    mRun: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\lsass.exe
    mRun: [WebfettiIE Browser Plugin Loader] c:\progra~1\webfet~2\bar\1.bin\ybbrmon.exe
    dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
    dRun: [Akodapeqikoda] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\Nlicorfg.dll",Startup
    dRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
    dRun: [Mqsuc] c:\windows\lsass.exe
    dRun: [MqmPiA] c:\windows\temp\wi5v87e.exe
    dRun: [MqmPrc] c:\windows\temp\winamp.exe
    dRun: [Mque] c:\windows\user.exe
    dRun: [MqmPxc] c:\windows\temp\smss.exe
    dRun: [MqmPeP] c:\windows\temp\avp32.exe
    dRun: [Mqvpe] c:\windows\winamp.exe
    dRun: [MqmPusc] c:\windows\temp\winlogon.exe
    dRun: [MqrMc] c:\windows\gdi32.exe
    dRun: [Mqpe] c:\windows\avp.exe
    dRun: [akhlyohk] c:\windows\temp\mynwncllk\boqyrfnaffm.exe
    dRun: [hfjavbgi] c:\windows\temp\fpprpcdny\bsudiqbaffm.exe
    dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    dRun: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\lsass.exe
    StartupFolder: c:\users\zappco~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoke translator\WSTrayDictMode.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoFolderOptions = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    ============= SERVICES / DRIVERS ===============
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-16 164048]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-4-21 142648]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-16 19024]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-16 51792]
    R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
    R2 WebfettiIEService;Webfetti Service;c:\progra~1\webfet~2\bar\1.bin\ybbarsvc.exe [2010-12-14 28766]
    R3 swvspser;Sierra VSP using Ethernet;c:\windows\system32\drivers\swvspser.sys [2009-8-13 30080]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-16 133104]
    S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2010-6-5 47360]
    S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2010-6-5 153600]
    S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2010-6-5 13312]
    S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2010-6-5 153472]
    S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2010-6-5 103424]
    S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2010-6-5 153600]
    S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2010-6-5 153472]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    =============== Created Last 30 ================
    2010-12-15 14:38:31 -------- d-----w- c:\users\zappco~1\appdata\roaming\Pyikra
    2010-12-15 14:38:31 -------- d-----w- c:\users\zappco~1\appdata\roaming\Inupas
    2010-12-14 18:00:00 -------- d-----w- c:\program files\WebfettiIE
    2010-12-14 17:59:35 -------- d-----w- c:\program files\WebfettiEI
    2010-12-13 05:58:12 -------- d-----w- c:\users\zappco~1\appdata\roaming\Zasa
    2010-12-13 05:58:12 -------- d-----w- c:\users\zappco~1\appdata\roaming\Unqu
    2010-12-13 05:48:08 -------- d-----w- c:\users\zappco~1\appdata\roaming\WhiteSmokeTranslator
    2010-12-13 02:02:24 -------- d-----w- c:\program files\Whitesmoke Translator
    2010-12-13 02:02:11 -------- d-----w- c:\users\zappco~1\appdata\roaming\Umsa
    2010-12-13 02:02:11 -------- d-----w- c:\users\zappco~1\appdata\roaming\Oqoky
    2010-12-13 02:00:20 -------- d-----w- c:\program files\whitesmoketoolbar
    2010-12-12 14:48:52 -------- d-----w- c:\windows\Temp(1993)
    2010-12-12 14:37:10 -------- d-----w- C:\ComboFix
    2010-12-12 14:35:31 5488976 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{684d06f4-0808-4e18-8aaa-6638f5bac105}\mpengine.dll
    ==================== Find3M ====================
    2010-12-13 01:58:22 21268 ---h--w- c:\windows\gdi32.exe
    2010-12-13 01:58:22 21268 ---h--w- c:\windows\avp.exe
    2010-12-13 01:58:20 21268 ---h--w- c:\windows\winamp.exe
    2010-12-13 01:58:16 60004 ---h--w- c:\windows\user.exe
    2010-12-13 01:58:14 60004 ---h--w- c:\windows\lsass.exe
    2010-12-13 01:58:09 30000 ----a-w- c:\windows\system32\ww4qm7v4g7.dll
    2010-12-13 01:58:09 30000 ----a-w- c:\windows\system32\qlkxa.dll
    2010-12-13 01:58:03 53248 ----a-w- c:\windows\system32\FastUv32.dll
    2010-11-01 19:00:02 409600 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-11-01 19:00:02 114688 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-11-01 18:52:04 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2010-11-01 18:52:01 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2010-10-19 16:41:44 222080 ----a-w- c:\windows\system32\MpSigStub.exe
    =================== ROOTKIT ====================
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6001 Disk: WDC_WD5000AAKB-00H8A0 rev.05.04E05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86499735]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8649f990]; MOV EAX, [0x8649fa0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x8288F13D] -> \Device\Harddisk0\DR0[0x85841520]
    3 CLASSPNP[0x88DAB745] -> nt!IofCallDriver[0x8288F13D] -> [0x855D9F08]
    5 acpi[0x82E306A0] -> nt!IofCallDriver[0x8288F13D] -> [0x85619BA0]
    \Driver\atapi[0x8647EE38] -> IRP_MJ_CREATE -> 0x86499735
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD5000AAKB-00H8A0___________________05.04E05#5&1eda0eb5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 976773166 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    ============= FINISH: 13:44:46.88 ===============

    This is Gamer

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by ZAPP COMPUTER at 13:43:16.83 on Mon 12/20/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2047.845 [GMT -6:00]
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Gamevance\gamevance32.exe
    C:\Windows\System32\CtHelper.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\user.exe
    C:\Program Files\iWin Games\iWinTrusted.exe
    C:\Windows\winamp.exe
    C:\Windows\gdi32.exe
    C:\Windows\avp.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\WEBFET~2\bar\1.bin\ybbarsvc.exe
    C:\Windows\winamp.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\avp.exe
    C:\Windows\user.exe
    C:\Windows\gdi32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
    "C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe"
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
    "C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe"
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\wininst.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    "C:\Windows\System32\svchost.exe"
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Ant.com\IE add-on\AntMaintainer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\sdclt.exe
    C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\ZAPP COMPUTER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55Q8IXIY\dds[1].scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZKxdm567YYUS&ptb=71976232-BFF6-4AD5-8AA1-65A969248AC8
    uSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
    mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: N/A: {d664042c-ca70-48b6-afc9-24a4212d5e43} - c:\program files\webfettiie\bar\1.bin\ybSrcAs.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
    BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
    BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Assistant BHO: {a504d73b-32d5-4b53-9dfc-0891be7653f0} - c:\program files\webfettiie\bar\1.bin\ybSrcAs.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Toolbar BHO: {d826715f-a629-4613-a641-5ca18e8b2f7a} - c:\progra~1\webfet~2\bar\1.bin\ybbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Tango: {f2e959a9-e0b0-48ea-b4b4-bf05f0f3aee1} - c:\windows\system32\ad78.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
    TB: Tango: {f2e959a8-e0b0-48ea-b4b4-bf05f0f3aee1} - c:\windows\system32\ad78.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
    TB: Webfetti: {94fc3fb2-3e5c-4b8f-aaee-17090ce800bc} - c:\program files\webfettiie\bar\1.bin\ybbar.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    EB: GP Bar: {c3538050-face-11de-8a39-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [{05F56CA1-3653-C92E-73DD-E00241B3B5C1}] "c:\users\zapp computer\appdata\roaming\lufui\faefi.exe"
    uRun: [{197A4896-E395-2C96-B947-B2880C87150A}] "c:\users\zapp computer\appdata\roaming\ysucty\uqlut.exe"
    uRun: [{796F6833-9A7A-5AF8-6202-BA847A4BE804}] "c:\users\zapp computer\appdata\roaming\tyzyog\zece.exe"
    uRun: [Mqsuc] c:\windows\lsass.exe
    uRun: [Mqvpe] c:\windows\winamp.exe
    uRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
    uRun: [Mqpe] c:\windows\avp.exe
    uRun: [Mque] c:\windows\user.exe
    uRun: [MqrMc] c:\windows\gdi32.exe
    uRun: [LvRYPiejl+0zPCO~1\AppData\Local\Temp\3932186519.exe] c:\users\zappco~1\appdata\local\temp\3932186519.exe
    uRun: [LvRYPiejlkc] c:\users\zappco~1\appdata\local\temp\cmd.exe
    uRun: [LvRYPiejlqW] c:\users\zappco~1\appdata\local\temp\drweb.exe
    uRun: [LvRYPiejlora] c:\users\zappco~1\appdata\local\temp\iexplarer.exe
    uRun: [LvRARNhfngnb] c:\users\zapp computer\appdata\local\temp\cmd.exe
    uRun: [LvRARNhfngmtd] c:\users\zapp computer\appdata\local\temp\iexplarer.exe
    uRun: [LvRARNhfngob] c:\users\zapp computer\appdata\local\temp\drweb.exe
    uRun: [LvRYPiejlqse] c:\users\zappco~1\appdata\local\temp\winlogon.exe
    uRun: [LvRYPiejlpsc] c:\users\zappco~1\appdata\local\temp\taskmgr.exe
    uRun: [LvRYPiejlqvc] c:\users\zappco~1\appdata\local\temp\svchost.exe
    uRun: [LvRARNhfngosf] c:\users\zapp computer\appdata\local\temp\taskmgr.exe
    uRun: [LvRARNhfngrsc] c:\users\zapp computer\appdata\local\temp\winlogon.exe
    uRun: [LvRARNhfngtrf] c:\users\zapp computer\appdata\local\temp\svchost.exe
    uRun: [LvRYPiejlud] c:\users\zappco~1\appdata\local\temp\system.exe
    uRun: [LvRYPiejlppf] c:\users\zappco~1\appdata\local\temp\services.exe
    uRun: [LvRYPiejlq+] c:\users\zappco~1\appdata\local\temp\win16.exe
    uRun: [LvRARNhfngpta] c:\users\zapp computer\appdata\local\temp\services.exe
    uRun: [LvRARNhfnguuc] c:\users\zapp computer\appdata\local\temp\system.exe
    uRun: [LvRARNhfngrA] c:\users\zapp computer\appdata\local\temp\win16.exe
    uRun: [LvRARNhfngOz1cCOMPUTER\AppData\Local\Temp\3932186519.exe] c:\users\zapp computer\appdata\local\temp\3932186519.exe
    uRun: [LvRYPiejlqb] c:\users\zappco~1\appdata\local\temp\winamp.exe
    uRun: [LvRYPiejlmc] c:\users\zappco~1\appdata\local\temp\mdm.exe
    uRun: [LvRYPiejl+yyPCO~1\AppData\Local\Temp\4273161361.exe] c:\users\zappco~1\appdata\local\temp\4273161361.exe
    uRun: [LvRARNhfngrrc] c:\users\zapp computer\appdata\local\temp\winamp.exe
    uRun: [LvRARNhfngne] c:\users\zapp computer\appdata\local\temp\mdm.exe
    uRun: [LvRYPiejlk+] c:\users\zappco~1\appdata\local\temp\gdi32.exe
    uRun: [LvRYPiejlotc] c:\users\zappco~1\appdata\local\temp\hexdump.exe
    uRun: [LvRYPiejlo+] c:\users\zappco~1\appdata\local\temp\avp32.exe
    uRun: [LvRYPiejlqf] c:\users\zappco~1\appdata\local\temp\user.exe
    uRun: [LvRYPiejlrxc] c:\users\zappco~1\appdata\local\temp\spoolsv.exe
    uRun: [LvRARNhfngl/] c:\users\zapp computer\appdata\local\temp\gdi32.exe
    uRun: [LvRARNhfngmve] c:\users\zapp computer\appdata\local\temp\hexdump.exe
    uRun: [LvRARNhfngta] c:\users\zapp computer\appdata\local\temp\user.exe
    uRun: [LvRARNhfngoA] c:\users\zapp computer\appdata\local\temp\avp32.exe
    uRun: [LvRARNhfngrvg] c:\users\zapp computer\appdata\local\temp\spoolsv.exe
    uRun: [LvRYPiejlne] c:\users\zappco~1\appdata\local\temp\lsass.exe
    uRun: [LvRARNhfngqd] c:\users\zapp computer\appdata\local\temp\lsass.exe
    uRun: [LvRARNhfngruf] c:\users\zapp computer\appdata\local\temp\wininst.exe
    uRun: [LvRYPiejlpe] c:\users\zappco~1\appdata\local\temp\csrss.exe
    uRun: [LvRARNhfngM0ycCOMPUTER\AppData\Local\Temp\4273161361.exe] c:\users\zapp computer\appdata\local\temp\4273161361.exe
    uRun: [LvRYPiejlsPc] c:\users\zappco~1\appdata\local\temp\nvsvc32.exe
    uRun: [LvRARNhfngsfP] c:\users\zapp computer\appdata\local\temp\nvsvc32.exe
    uRun: [LvRARNhfngoh] c:\users\zapp computer\appdata\local\temp\csrss.exe
    uRun: [LvRYPiejlna] c:\users\zappco~1\appdata\local\temp\login.exe
    uRun: [LvRYPiejlrf] c:\users\zappco~1\appdata\local\temp\smss.exe
    uRun: [LvRARNhfngpb] c:\users\zapp computer\appdata\local\temp\login.exe
    uRun: [LvRARNhfngre] c:\users\zapp computer\appdata\local\temp\smss.exe
    uRun: [LvRYPiejlupc] c:\users\zappco~1\appdata\local\temp\sysedit.exe
    uRun: [LvRARNhfngupf] c:\users\zapp computer\appdata\local\temp\sysedit.exe
    uRun: [LvRYPiejloc] c:\users\zappco~1\appdata\local\temp\avp.exe
    uRun: [LvRARNhfngoe] c:\users\zapp computer\appdata\local\temp\avp.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
    mRun: [Mqsuc] c:\windows\lsass.exe
    mRun: [MqmPiA] c:\windows\temp\wi5v87e.exe
    mRun: [MqmPrc] c:\windows\temp\winamp.exe
    mRun: [Mque] c:\windows\user.exe
    mRun: [MqmPxc] c:\windows\temp\smss.exe
    mRun: [MqmPeP] c:\windows\temp\avp32.exe
    mRun: [Mqvpe] c:\windows\winamp.exe
    mRun: [MqmPusc] c:\windows\temp\winlogon.exe
    mRun: [MqrMc] c:\windows\gdi32.exe
    mRun: [Mqpe] c:\windows\avp.exe
    mRun: [Dcunivi] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\izobeyeyo.dll",Startup
    mRun: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\lsass.exe
    mRun: [WebfettiIE Browser Plugin Loader] c:\progra~1\webfet~2\bar\1.bin\ybbrmon.exe
    dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
    dRun: [Akodapeqikoda] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\Nlicorfg.dll",Startup
    dRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
    dRun: [Mqsuc] c:\windows\lsass.exe
    dRun: [MqmPiA] c:\windows\temp\wi5v87e.exe
    dRun: [MqmPrc] c:\windows\temp\winamp.exe
    dRun: [Mque] c:\windows\user.exe
    dRun: [MqmPxc] c:\windows\temp\smss.exe
    dRun: [MqmPeP] c:\windows\temp\avp32.exe
    dRun: [Mqvpe] c:\windows\winamp.exe
    dRun: [MqmPusc] c:\windows\temp\winlogon.exe
    dRun: [MqrMc] c:\windows\gdi32.exe
    dRun: [Mqpe] c:\windows\avp.exe
    dRun: [akhlyohk] c:\windows\temp\mynwncllk\boqyrfnaffm.exe
    dRun: [hfjavbgi] c:\windows\temp\fpprpcdny\bsudiqbaffm.exe
    dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    dRun: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\lsass.exe
    StartupFolder: c:\users\zappco~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoke translator\WSTrayDictMode.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoFolderOptions = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    ============= SERVICES / DRIVERS ===============
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-16 164048]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-4-21 142648]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-16 19024]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-16 51792]
    R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
    R2 WebfettiIEService;Webfetti Service;c:\progra~1\webfet~2\bar\1.bin\ybbarsvc.exe [2010-12-14 28766]
    R3 swvspser;Sierra VSP using Ethernet;c:\windows\system32\drivers\swvspser.sys [2009-8-13 30080]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-16 133104]
    S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2010-6-5 47360]
    S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2010-6-5 153600]
    S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2010-6-5 13312]
    S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2010-6-5 153472]
    S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2010-6-5 103424]
    S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2010-6-5 153600]
    S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2010-6-5 153472]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    =============== Created Last 30 ================
    2010-12-15 14:38:31 -------- d-----w- c:\users\zappco~1\appdata\roaming\Pyikra
    2010-12-15 14:38:31 -------- d-----w- c:\users\zappco~1\appdata\roaming\Inupas
    2010-12-14 18:00:00 -------- d-----w- c:\program files\WebfettiIE
    2010-12-14 17:59:35 -------- d-----w- c:\program files\WebfettiEI
    2010-12-13 05:58:12 -------- d-----w- c:\users\zappco~1\appdata\roaming\Zasa
    2010-12-13 05:58:12 -------- d-----w- c:\users\zappco~1\appdata\roaming\Unqu
    2010-12-13 05:48:08 -------- d-----w- c:\users\zappco~1\appdata\roaming\WhiteSmokeTranslator
    2010-12-13 02:02:24 -------- d-----w- c:\program files\Whitesmoke Translator
    2010-12-13 02:02:11 -------- d-----w- c:\users\zappco~1\appdata\roaming\Umsa
    2010-12-13 02:02:11 -------- d-----w- c:\users\zappco~1\appdata\roaming\Oqoky
    2010-12-13 02:00:20 -------- d-----w- c:\program files\whitesmoketoolbar
    2010-12-12 14:48:52 -------- d-----w- c:\windows\Temp(1993)
    2010-12-12 14:37:10 -------- d-----w- C:\ComboFix
    2010-12-12 14:35:31 5488976 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{684d06f4-0808-4e18-8aaa-6638f5bac105}\mpengine.dll
    ==================== Find3M ====================
    2010-12-13 01:58:22 21268 ---h--w- c:\windows\gdi32.exe
    2010-12-13 01:58:22 21268 ---h--w- c:\windows\avp.exe
    2010-12-13 01:58:20 21268 ---h--w- c:\windows\winamp.exe
    2010-12-13 01:58:16 60004 ---h--w- c:\windows\user.exe
    2010-12-13 01:58:14 60004 ---h--w- c:\windows\lsass.exe
    2010-12-13 01:58:09 30000 ----a-w- c:\windows\system32\ww4qm7v4g7.dll
    2010-12-13 01:58:09 30000 ----a-w- c:\windows\system32\qlkxa.dll
    2010-12-13 01:58:03 53248 ----a-w- c:\windows\system32\FastUv32.dll
    2010-11-01 19:00:02 409600 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-11-01 19:00:02 114688 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-11-01 18:52:04 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2010-11-01 18:52:01 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2010-10-19 16:41:44 222080 ----a-w- c:\windows\system32\MpSigStub.exe
    =================== ROOTKIT ====================
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6001 Disk: WDC_WD5000AAKB-00H8A0 rev.05.04E05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86499735]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8649f990]; MOV EAX, [0x8649fa0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x8288F13D] -> \Device\Harddisk0\DR0[0x85841520]
    3 CLASSPNP[0x88DAB745] -> nt!IofCallDriver[0x8288F13D] -> [0x855D9F08]
    5 acpi[0x82E306A0] -> nt!IofCallDriver[0x8288F13D] -> [0x85619BA0]
    \Driver\atapi[0x8647EE38] -> IRP_MJ_CREATE -> 0x86499735
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD5000AAKB-00H8A0___________________05.04E05#5&1eda0eb5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 976773166 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    ============= FINISH: 13:44:46.88 ===============
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hi fulani77,

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.
    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
    • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
    • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
    • If you are using Cracked or Illegal software your thread will be locked and all help will cease.


    If you have Combofix on your Desktop, delete it then proceed as follows :-

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    Combofix

    Don`t forget Combofix must be saved to your desktop. <--Very important

    Before saving Combofix rename it to Gotcha as follows:

    [​IMG]

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection

    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the Combofix log in your reply,

    Kevin
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - stubborn rootkit behavior
  1. lunarlander
    Replies:
    5
    Views:
    631
  2. ricincalifornia
    Replies:
    2
    Views:
    448
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/969666

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice