stubborn rootkit behavior

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

fulani77

Thread Starter
Joined
Dec 20, 2010
Messages
1
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista™ Business , Service Pack 1, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 3 Stepping 3
Processor Count: 2
RAM: 2046 Mb
Graphics Card: RADEON 9200 SE Family (Microsoft Corporation - XDDM), 2 Mb
Hard Drives: C: Total - 476929 MB, Free - 395810 MB; D: Total - 476929 MB, Free - 476225 MB; G: Total - 953867 MB, Free - 843974 MB;
Motherboard: , 848P-ICH5, ,
Antivirus: None

a virus in my email is sending various miscellaneaous emails to friends and family.
It wont let me use combo fix no more
and some of the programs is hard to get into. I have ran the following programs and the results are below

heres the copy of hijackthis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:37:27 PM, on 12/20/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\lsass.exe
C:\Windows\user.exe
C:\Windows\winamp.exe
C:\Windows\gdi32.exe
C:\Windows\avp.exe
C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\lsass.exe
C:\Windows\winamp.exe
C:\Windows\avp.exe
C:\Windows\user.exe
C:\Windows\gdi32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\cmd.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\cmd.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winlogon.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winlogon.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\services.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\services.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\lsass.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\lsass.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\wininst.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\csrss.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\csrss.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\smss.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ant.com\IE add-on\AntMaintainer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\sdclt.exe
C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55Q8IXIY\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.j...YYUS&ptb=71976232-BFF6-4AD5-8AA1-65A969248AC8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {d664042c-ca70-48b6-afc9-24a4212d5e43} - C:\Program Files\WebfettiIE\bar\1.bin\ybSrcAs.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Ant.com Toolbars browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.antplugin
O2 - BHO: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Assistant BHO - {a504d73b-32d5-4b53-9dfc-0891be7653f0} - C:\Program Files\WebfettiIE\bar\1.bin\ybSrcAs.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Toolbar BHO - {d826715f-a629-4613-a641-5ca18e8b2f7a} - C:\PROGRA~1\WEBFET~2\bar\1.bin\ybbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Tango - {F2E959A9-E0B0-48EA-B4B4-BF05F0F3AEE1} - C:\Windows\system32\ad78.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Ant.com Download Toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll
O3 - Toolbar: Webfetti - {94fc3fb2-3e5c-4b8f-aaee-17090ce800bc} - C:\Program Files\WebfettiIE\bar\1.bin\ybbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Tango - {F2E959A8-E0B0-48EA-B4B4-BF05F0F3AEE1} - C:\Windows\system32\ad78.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [uPc+kt0NpaJsiv] rundll32.exe C:\Windows\system32\qlkxa.dll, SystemServer
O4 - HKLM\..\Run: [Mqsuc] C:\Windows\lsass.exe
O4 - HKLM\..\Run: [MqmPiA] C:\Windows\TEMP\wi5v87e.exe
O4 - HKLM\..\Run: [MqmPrc] C:\Windows\TEMP\winamp.exe
O4 - HKLM\..\Run: [Mque] C:\Windows\user.exe
O4 - HKLM\..\Run: [MqmPxc] C:\Windows\TEMP\smss.exe
O4 - HKLM\..\Run: [MqmPeP] C:\Windows\TEMP\avp32.exe
O4 - HKLM\..\Run: [Mqvpe] C:\Windows\winamp.exe
O4 - HKLM\..\Run: [MqmPusc] C:\Windows\TEMP\winlogon.exe
O4 - HKLM\..\Run: [MqrMc] C:\Windows\gdi32.exe
O4 - HKLM\..\Run: [Mqpe] C:\Windows\avp.exe
O4 - HKLM\..\Run: [Dcunivi] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\izobeyeyo.dll",Startup
O4 - HKLM\..\Run: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\lsass.exe
O4 - HKLM\..\Run: [WebfettiIE Browser Plugin Loader] C:\PROGRA~1\WEBFET~2\bar\1.bin\ybbrmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [{05F56CA1-3653-C92E-73DD-E00241B3B5C1}] "C:\Users\ZAPP COMPUTER\AppData\Roaming\Lufui\faefi.exe"
O4 - HKCU\..\Run: [{197A4896-E395-2C96-B947-B2880C87150A}] "C:\Users\ZAPP COMPUTER\AppData\Roaming\Ysucty\uqlut.exe"
O4 - HKCU\..\Run: [{796F6833-9A7A-5AF8-6202-BA847A4BE804}] "C:\Users\ZAPP COMPUTER\AppData\Roaming\Tyzyog\zece.exe"
O4 - HKCU\..\Run: [Mqsuc] C:\Windows\lsass.exe
O4 - HKCU\..\Run: [Mqvpe] C:\Windows\winamp.exe
O4 - HKCU\..\Run: [uPc+kt0NpaJsiv] rundll32.exe C:\Windows\system32\qlkxa.dll, SystemServer
O4 - HKCU\..\Run: [Mqpe] C:\Windows\avp.exe
O4 - HKCU\..\Run: [Mque] C:\Windows\user.exe
O4 - HKCU\..\Run: [MqrMc] C:\Windows\gdi32.exe
O4 - HKCU\..\Run: [LvRYPiejl+0zPCO~1\AppData\Local\Temp\3932186519.exe] C:\Users\ZAPPCO~1\AppData\Local\Temp\3932186519.exe
O4 - HKCU\..\Run: [LvRYPiejlkc] C:\Users\ZAPPCO~1\AppData\Local\Temp\cmd.exe
O4 - HKCU\..\Run: [LvRYPiejlqW] C:\Users\ZAPPCO~1\AppData\Local\Temp\drweb.exe
O4 - HKCU\..\Run: [LvRYPiejlora] C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplarer.exe
O4 - HKCU\..\Run: [Mquendupper.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9
O4 - HKCU\..\Run: [LvRARNhfngnb] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\cmd.exe
O4 - HKCU\..\Run: [LvRARNhfngmtd] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
O4 - HKCU\..\Run: [LvRARNhfngob] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
O4 - HKCU\..\Run: [LvRYPiejlqse] C:\Users\ZAPPCO~1\AppData\Local\Temp\winlogon.exe
O4 - HKCU\..\Run: [LvRYPiejlpsc] C:\Users\ZAPPCO~1\AppData\Local\Temp\taskmgr.exe
O4 - HKCU\..\Run: [LvRYPiejlqvc] C:\Users\ZAPPCO~1\AppData\Local\Temp\svchost.exe
O4 - HKCU\..\Run: [LvRARNhfngosf] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
O4 - HKCU\..\Run: [LvRARNhfngrsc] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winlogon.exe
O4 - HKCU\..\Run: [LvRARNhfngtrf] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe
O4 - HKCU\..\Run: [LvRYPiejlud] C:\Users\ZAPPCO~1\AppData\Local\Temp\system.exe
O4 - HKCU\..\Run: [LvRYPiejlppf] C:\Users\ZAPPCO~1\AppData\Local\Temp\services.exe
O4 - HKCU\..\Run: [LvRYPiejlq+] C:\Users\ZAPPCO~1\AppData\Local\Temp\win16.exe
O4 - HKCU\..\Run: [LvRARNhfngpta] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\services.exe
O4 - HKCU\..\Run: [LvRARNhfnguuc] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
O4 - HKCU\..\Run: [LvRARNhfngrA] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
O4 - HKCU\..\Run: [LvRARNhfngOz1cCOMPUTER\AppData\Local\Temp\3932186519.exe] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
O4 - HKCU\..\Run: [LvRYPiejlqb] C:\Users\ZAPPCO~1\AppData\Local\Temp\winamp.exe
O4 - HKCU\..\Run: [LvRYPiejlmc] C:\Users\ZAPPCO~1\AppData\Local\Temp\mdm.exe
O4 - HKCU\..\Run: [LvRYPiejl+yyPCO~1\AppData\Local\Temp\4273161361.exe] C:\Users\ZAPPCO~1\AppData\Local\Temp\4273161361.exe
O4 - HKCU\..\Run: [LvRARNhfngrrc] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
O4 - HKCU\..\Run: [LvRARNhfngne] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
O4 - HKCU\..\Run: [LvRYPiejlk+] C:\Users\ZAPPCO~1\AppData\Local\Temp\gdi32.exe
O4 - HKCU\..\Run: [LvRYPiejlotc] C:\Users\ZAPPCO~1\AppData\Local\Temp\hexdump.exe
O4 - HKCU\..\Run: [LvRYPiejlo+] C:\Users\ZAPPCO~1\AppData\Local\Temp\avp32.exe
O4 - HKCU\..\Run: [LvRYPiejlqf] C:\Users\ZAPPCO~1\AppData\Local\Temp\user.exe
O4 - HKCU\..\Run: [LvRYPiejlrxc] C:\Users\ZAPPCO~1\AppData\Local\Temp\spoolsv.exe
O4 - HKCU\..\Run: [LvRARNhfngl/] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
O4 - HKCU\..\Run: [LvRARNhfngmve] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
O4 - HKCU\..\Run: [LvRARNhfngta] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
O4 - HKCU\..\Run: [LvRARNhfngoA] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
O4 - HKCU\..\Run: [LvRARNhfngrvg] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
O4 - HKCU\..\Run: [LvRYPiejlne] C:\Users\ZAPPCO~1\AppData\Local\Temp\lsass.exe
O4 - HKCU\..\Run: [LvRARNhfngqd] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\lsass.exe
O4 - HKCU\..\Run: [LvRARNhfngruf] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\wininst.exe
O4 - HKCU\..\Run: [LvRYPiejlpe] C:\Users\ZAPPCO~1\AppData\Local\Temp\csrss.exe
O4 - HKCU\..\Run: [LvRARNhfngM0ycCOMPUTER\AppData\Local\Temp\4273161361.exe] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
O4 - HKCU\..\Run: [LvRYPiejlsPc] C:\Users\ZAPPCO~1\AppData\Local\Temp\nvsvc32.exe
O4 - HKCU\..\Run: [LvRARNhfngsfP] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
O4 - HKCU\..\Run: [LvRARNhfngoh] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\csrss.exe
O4 - HKCU\..\Run: [LvRYPiejlna] C:\Users\ZAPPCO~1\AppData\Local\Temp\login.exe
O4 - HKCU\..\Run: [LvRYPiejlrf] C:\Users\ZAPPCO~1\AppData\Local\Temp\smss.exe
O4 - HKCU\..\Run: [LvRARNhfngpb] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
O4 - HKCU\..\Run: [LvRARNhfngre] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\smss.exe
O4 - HKCU\..\Run: [LvRYPiejlupc] C:\Users\ZAPPCO~1\AppData\Local\Temp\sysedit.exe
O4 - HKCU\..\Run: [LvRARNhfngupf] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
O4 - HKCU\..\Run: [LvRYPiejloc] C:\Users\ZAPPCO~1\AppData\Local\Temp\avp.exe
O4 - HKCU\..\Run: [LvRARNhfngoe] C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Akodapeqikoda] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Nlicorfg.dll",Startup (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uPc+kt0NpaJsiv] rundll32.exe C:\Windows\system32\qlkxa.dll, SystemServer (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Mqsuc] C:\Windows\lsass.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MqmPiA] C:\Windows\TEMP\wi5v87e.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MqmPrc] C:\Windows\TEMP\winamp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Mque] C:\Windows\user.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MqmPxc] C:\Windows\TEMP\smss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MqmPeP] C:\Windows\TEMP\avp32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Mqvpe] C:\Windows\winamp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MqmPusc] C:\Windows\TEMP\winlogon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MqrMc] C:\Windows\gdi32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Mqpe] C:\Windows\avp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [akhlyohk] C:\Windows\TEMP\mynwncllk\boqyrfnaffm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hfjavbgi] C:\Windows\TEMP\fpprpcdny\bsudiqbaffm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\lsass.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - .DEFAULT User Startup: kaaf.exe (User 'Default user')
O4 - .DEFAULT User Startup: qoav.exe (User 'Default user')
O4 - .DEFAULT User Startup: uvpa.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Launch Whitesmoke Translator.lnk = C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.antplugin
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Webfetti Service (WebfettiIEService) - Webfetti - C:\PROGRA~1\WEBFET~2\bar\1.bin\ybbarsvc.exe
--
End of file - 23073 bytes





DDS (Ver_10-12-12.02) - NTFSx86
Run by ZAPP COMPUTER at 13:43:16.83 on Mon 12/20/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2047.845 [GMT -6:00]
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\user.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Windows\winamp.exe
C:\Windows\gdi32.exe
C:\Windows\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\WEBFET~2\bar\1.bin\ybbarsvc.exe
C:\Windows\winamp.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\avp.exe
C:\Windows\user.exe
C:\Windows\gdi32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
"C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
"C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe"
C:\Windows\system32\SearchIndexer.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\wininst.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
"C:\Windows\System32\svchost.exe"
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ant.com\IE add-on\AntMaintainer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\sdclt.exe
C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55Q8IXIY\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZKxdm567YYUS&ptb=71976232-BFF6-4AD5-8AA1-65A969248AC8
uSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {d664042c-ca70-48b6-afc9-24a4212d5e43} - c:\program files\webfettiie\bar\1.bin\ybSrcAs.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Assistant BHO: {a504d73b-32d5-4b53-9dfc-0891be7653f0} - c:\program files\webfettiie\bar\1.bin\ybSrcAs.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Toolbar BHO: {d826715f-a629-4613-a641-5ca18e8b2f7a} - c:\progra~1\webfet~2\bar\1.bin\ybbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Tango: {f2e959a9-e0b0-48ea-b4b4-bf05f0f3aee1} - c:\windows\system32\ad78.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
TB: Tango: {f2e959a8-e0b0-48ea-b4b4-bf05f0f3aee1} - c:\windows\system32\ad78.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: Webfetti: {94fc3fb2-3e5c-4b8f-aaee-17090ce800bc} - c:\program files\webfettiie\bar\1.bin\ybbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: GP Bar: {c3538050-face-11de-8a39-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [{05F56CA1-3653-C92E-73DD-E00241B3B5C1}] "c:\users\zapp computer\appdata\roaming\lufui\faefi.exe"
uRun: [{197A4896-E395-2C96-B947-B2880C87150A}] "c:\users\zapp computer\appdata\roaming\ysucty\uqlut.exe"
uRun: [{796F6833-9A7A-5AF8-6202-BA847A4BE804}] "c:\users\zapp computer\appdata\roaming\tyzyog\zece.exe"
uRun: [Mqsuc] c:\windows\lsass.exe
uRun: [Mqvpe] c:\windows\winamp.exe
uRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
uRun: [Mqpe] c:\windows\avp.exe
uRun: [Mque] c:\windows\user.exe
uRun: [MqrMc] c:\windows\gdi32.exe
uRun: [LvRYPiejl+0zPCO~1\AppData\Local\Temp\3932186519.exe] c:\users\zappco~1\appdata\local\temp\3932186519.exe
uRun: [LvRYPiejlkc] c:\users\zappco~1\appdata\local\temp\cmd.exe
uRun: [LvRYPiejlqW] c:\users\zappco~1\appdata\local\temp\drweb.exe
uRun: [LvRYPiejlora] c:\users\zappco~1\appdata\local\temp\iexplarer.exe
uRun: [LvRARNhfngnb] c:\users\zapp computer\appdata\local\temp\cmd.exe
uRun: [LvRARNhfngmtd] c:\users\zapp computer\appdata\local\temp\iexplarer.exe
uRun: [LvRARNhfngob] c:\users\zapp computer\appdata\local\temp\drweb.exe
uRun: [LvRYPiejlqse] c:\users\zappco~1\appdata\local\temp\winlogon.exe
uRun: [LvRYPiejlpsc] c:\users\zappco~1\appdata\local\temp\taskmgr.exe
uRun: [LvRYPiejlqvc] c:\users\zappco~1\appdata\local\temp\svchost.exe
uRun: [LvRARNhfngosf] c:\users\zapp computer\appdata\local\temp\taskmgr.exe
uRun: [LvRARNhfngrsc] c:\users\zapp computer\appdata\local\temp\winlogon.exe
uRun: [LvRARNhfngtrf] c:\users\zapp computer\appdata\local\temp\svchost.exe
uRun: [LvRYPiejlud] c:\users\zappco~1\appdata\local\temp\system.exe
uRun: [LvRYPiejlppf] c:\users\zappco~1\appdata\local\temp\services.exe
uRun: [LvRYPiejlq+] c:\users\zappco~1\appdata\local\temp\win16.exe
uRun: [LvRARNhfngpta] c:\users\zapp computer\appdata\local\temp\services.exe
uRun: [LvRARNhfnguuc] c:\users\zapp computer\appdata\local\temp\system.exe
uRun: [LvRARNhfngrA] c:\users\zapp computer\appdata\local\temp\win16.exe
uRun: [LvRARNhfngOz1cCOMPUTER\AppData\Local\Temp\3932186519.exe] c:\users\zapp computer\appdata\local\temp\3932186519.exe
uRun: [LvRYPiejlqb] c:\users\zappco~1\appdata\local\temp\winamp.exe
uRun: [LvRYPiejlmc] c:\users\zappco~1\appdata\local\temp\mdm.exe
uRun: [LvRYPiejl+yyPCO~1\AppData\Local\Temp\4273161361.exe] c:\users\zappco~1\appdata\local\temp\4273161361.exe
uRun: [LvRARNhfngrrc] c:\users\zapp computer\appdata\local\temp\winamp.exe
uRun: [LvRARNhfngne] c:\users\zapp computer\appdata\local\temp\mdm.exe
uRun: [LvRYPiejlk+] c:\users\zappco~1\appdata\local\temp\gdi32.exe
uRun: [LvRYPiejlotc] c:\users\zappco~1\appdata\local\temp\hexdump.exe
uRun: [LvRYPiejlo+] c:\users\zappco~1\appdata\local\temp\avp32.exe
uRun: [LvRYPiejlqf] c:\users\zappco~1\appdata\local\temp\user.exe
uRun: [LvRYPiejlrxc] c:\users\zappco~1\appdata\local\temp\spoolsv.exe
uRun: [LvRARNhfngl/] c:\users\zapp computer\appdata\local\temp\gdi32.exe
uRun: [LvRARNhfngmve] c:\users\zapp computer\appdata\local\temp\hexdump.exe
uRun: [LvRARNhfngta] c:\users\zapp computer\appdata\local\temp\user.exe
uRun: [LvRARNhfngoA] c:\users\zapp computer\appdata\local\temp\avp32.exe
uRun: [LvRARNhfngrvg] c:\users\zapp computer\appdata\local\temp\spoolsv.exe
uRun: [LvRYPiejlne] c:\users\zappco~1\appdata\local\temp\lsass.exe
uRun: [LvRARNhfngqd] c:\users\zapp computer\appdata\local\temp\lsass.exe
uRun: [LvRARNhfngruf] c:\users\zapp computer\appdata\local\temp\wininst.exe
uRun: [LvRYPiejlpe] c:\users\zappco~1\appdata\local\temp\csrss.exe
uRun: [LvRARNhfngM0ycCOMPUTER\AppData\Local\Temp\4273161361.exe] c:\users\zapp computer\appdata\local\temp\4273161361.exe
uRun: [LvRYPiejlsPc] c:\users\zappco~1\appdata\local\temp\nvsvc32.exe
uRun: [LvRARNhfngsfP] c:\users\zapp computer\appdata\local\temp\nvsvc32.exe
uRun: [LvRARNhfngoh] c:\users\zapp computer\appdata\local\temp\csrss.exe
uRun: [LvRYPiejlna] c:\users\zappco~1\appdata\local\temp\login.exe
uRun: [LvRYPiejlrf] c:\users\zappco~1\appdata\local\temp\smss.exe
uRun: [LvRARNhfngpb] c:\users\zapp computer\appdata\local\temp\login.exe
uRun: [LvRARNhfngre] c:\users\zapp computer\appdata\local\temp\smss.exe
uRun: [LvRYPiejlupc] c:\users\zappco~1\appdata\local\temp\sysedit.exe
uRun: [LvRARNhfngupf] c:\users\zapp computer\appdata\local\temp\sysedit.exe
uRun: [LvRYPiejloc] c:\users\zappco~1\appdata\local\temp\avp.exe
uRun: [LvRARNhfngoe] c:\users\zapp computer\appdata\local\temp\avp.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
mRun: [Mqsuc] c:\windows\lsass.exe
mRun: [MqmPiA] c:\windows\temp\wi5v87e.exe
mRun: [MqmPrc] c:\windows\temp\winamp.exe
mRun: [Mque] c:\windows\user.exe
mRun: [MqmPxc] c:\windows\temp\smss.exe
mRun: [MqmPeP] c:\windows\temp\avp32.exe
mRun: [Mqvpe] c:\windows\winamp.exe
mRun: [MqmPusc] c:\windows\temp\winlogon.exe
mRun: [MqrMc] c:\windows\gdi32.exe
mRun: [Mqpe] c:\windows\avp.exe
mRun: [Dcunivi] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\izobeyeyo.dll",Startup
mRun: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\lsass.exe
mRun: [WebfettiIE Browser Plugin Loader] c:\progra~1\webfet~2\bar\1.bin\ybbrmon.exe
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
dRun: [Akodapeqikoda] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\Nlicorfg.dll",Startup
dRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
dRun: [Mqsuc] c:\windows\lsass.exe
dRun: [MqmPiA] c:\windows\temp\wi5v87e.exe
dRun: [MqmPrc] c:\windows\temp\winamp.exe
dRun: [Mque] c:\windows\user.exe
dRun: [MqmPxc] c:\windows\temp\smss.exe
dRun: [MqmPeP] c:\windows\temp\avp32.exe
dRun: [Mqvpe] c:\windows\winamp.exe
dRun: [MqmPusc] c:\windows\temp\winlogon.exe
dRun: [MqrMc] c:\windows\gdi32.exe
dRun: [Mqpe] c:\windows\avp.exe
dRun: [akhlyohk] c:\windows\temp\mynwncllk\boqyrfnaffm.exe
dRun: [hfjavbgi] c:\windows\temp\fpprpcdny\bsudiqbaffm.exe
dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
dRun: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\lsass.exe
StartupFolder: c:\users\zappco~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoke translator\WSTrayDictMode.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-16 164048]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-4-21 142648]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-16 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-16 51792]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
R2 WebfettiIEService;Webfetti Service;c:\progra~1\webfet~2\bar\1.bin\ybbarsvc.exe [2010-12-14 28766]
R3 swvspser;Sierra VSP using Ethernet;c:\windows\system32\drivers\swvspser.sys [2009-8-13 30080]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-16 133104]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2010-6-5 47360]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2010-6-5 153600]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2010-6-5 13312]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2010-6-5 153472]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2010-6-5 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2010-6-5 153600]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2010-6-5 153472]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-12-15 14:38:31 -------- d-----w- c:\users\zappco~1\appdata\roaming\Pyikra
2010-12-15 14:38:31 -------- d-----w- c:\users\zappco~1\appdata\roaming\Inupas
2010-12-14 18:00:00 -------- d-----w- c:\program files\WebfettiIE
2010-12-14 17:59:35 -------- d-----w- c:\program files\WebfettiEI
2010-12-13 05:58:12 -------- d-----w- c:\users\zappco~1\appdata\roaming\Zasa
2010-12-13 05:58:12 -------- d-----w- c:\users\zappco~1\appdata\roaming\Unqu
2010-12-13 05:48:08 -------- d-----w- c:\users\zappco~1\appdata\roaming\WhiteSmokeTranslator
2010-12-13 02:02:24 -------- d-----w- c:\program files\Whitesmoke Translator
2010-12-13 02:02:11 -------- d-----w- c:\users\zappco~1\appdata\roaming\Umsa
2010-12-13 02:02:11 -------- d-----w- c:\users\zappco~1\appdata\roaming\Oqoky
2010-12-13 02:00:20 -------- d-----w- c:\program files\whitesmoketoolbar
2010-12-12 14:48:52 -------- d-----w- c:\windows\Temp(1993)
2010-12-12 14:37:10 -------- d-----w- C:\ComboFix
2010-12-12 14:35:31 5488976 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{684d06f4-0808-4e18-8aaa-6638f5bac105}\mpengine.dll
==================== Find3M ====================
2010-12-13 01:58:22 21268 ---h--w- c:\windows\gdi32.exe
2010-12-13 01:58:22 21268 ---h--w- c:\windows\avp.exe
2010-12-13 01:58:20 21268 ---h--w- c:\windows\winamp.exe
2010-12-13 01:58:16 60004 ---h--w- c:\windows\user.exe
2010-12-13 01:58:14 60004 ---h--w- c:\windows\lsass.exe
2010-12-13 01:58:09 30000 ----a-w- c:\windows\system32\ww4qm7v4g7.dll
2010-12-13 01:58:09 30000 ----a-w- c:\windows\system32\qlkxa.dll
2010-12-13 01:58:03 53248 ----a-w- c:\windows\system32\FastUv32.dll
2010-11-01 19:00:02 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-11-01 19:00:02 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-01 18:52:04 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-11-01 18:52:01 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-10-19 16:41:44 222080 ----a-w- c:\windows\system32\MpSigStub.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: WDC_WD5000AAKB-00H8A0 rev.05.04E05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86499735]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8649f990]; MOV EAX, [0x8649fa0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x8288F13D] -> \Device\Harddisk0\DR0[0x85841520]
3 CLASSPNP[0x88DAB745] -> nt!IofCallDriver[0x8288F13D] -> [0x855D9F08]
5 acpi[0x82E306A0] -> nt!IofCallDriver[0x8288F13D] -> [0x85619BA0]
\Driver\atapi[0x8647EE38] -> IRP_MJ_CREATE -> 0x86499735
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD5000AAKB-00H8A0___________________05.04E05#5&1eda0eb5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 13:44:46.88 ===============

This is Gamer

DDS (Ver_10-12-12.02) - NTFSx86
Run by ZAPP COMPUTER at 13:43:16.83 on Mon 12/20/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2047.845 [GMT -6:00]
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\user.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Windows\winamp.exe
C:\Windows\gdi32.exe
C:\Windows\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\WebfettiIE\bar\1.bin\ybbrmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\WEBFET~2\bar\1.bin\ybbarsvc.exe
C:\Windows\winamp.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\avp.exe
C:\Windows\user.exe
C:\Windows\gdi32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\iexplarer.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\drweb.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
"C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\taskmgr.exe
"C:\Users\ZAPP COMPUTER\AppData\Local\Temp\svchost.exe"
C:\Windows\system32\SearchIndexer.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\system.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\win16.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\3932186519.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\winamp.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\mdm.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\gdi32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\hexdump.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\user.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\spoolsv.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\wininst.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\4273161361.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\nvsvc32.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\login.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\sysedit.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Temp\avp.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
"C:\Windows\System32\svchost.exe"
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ant.com\IE add-on\AntMaintainer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\sdclt.exe
C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\ZAPPCO~1\AppData\Local\Temp\iexplorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ZAPP COMPUTER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55Q8IXIY\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZKxdm567YYUS&ptb=71976232-BFF6-4AD5-8AA1-65A969248AC8
uSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {d664042c-ca70-48b6-afc9-24a4212d5e43} - c:\program files\webfettiie\bar\1.bin\ybSrcAs.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Ant.com Toolbars browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.antplugin
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Assistant BHO: {a504d73b-32d5-4b53-9dfc-0891be7653f0} - c:\program files\webfettiie\bar\1.bin\ybSrcAs.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Toolbar BHO: {d826715f-a629-4613-a641-5ca18e8b2f7a} - c:\progra~1\webfet~2\bar\1.bin\ybbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Tango: {f2e959a9-e0b0-48ea-b4b4-bf05f0f3aee1} - c:\windows\system32\ad78.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
TB: Tango: {f2e959a8-e0b0-48ea-b4b4-bf05f0f3aee1} - c:\windows\system32\ad78.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: Webfetti: {94fc3fb2-3e5c-4b8f-aaee-17090ce800bc} - c:\program files\webfettiie\bar\1.bin\ybbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: GP Bar: {c3538050-face-11de-8a39-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [{05F56CA1-3653-C92E-73DD-E00241B3B5C1}] "c:\users\zapp computer\appdata\roaming\lufui\faefi.exe"
uRun: [{197A4896-E395-2C96-B947-B2880C87150A}] "c:\users\zapp computer\appdata\roaming\ysucty\uqlut.exe"
uRun: [{796F6833-9A7A-5AF8-6202-BA847A4BE804}] "c:\users\zapp computer\appdata\roaming\tyzyog\zece.exe"
uRun: [Mqsuc] c:\windows\lsass.exe
uRun: [Mqvpe] c:\windows\winamp.exe
uRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
uRun: [Mqpe] c:\windows\avp.exe
uRun: [Mque] c:\windows\user.exe
uRun: [MqrMc] c:\windows\gdi32.exe
uRun: [LvRYPiejl+0zPCO~1\AppData\Local\Temp\3932186519.exe] c:\users\zappco~1\appdata\local\temp\3932186519.exe
uRun: [LvRYPiejlkc] c:\users\zappco~1\appdata\local\temp\cmd.exe
uRun: [LvRYPiejlqW] c:\users\zappco~1\appdata\local\temp\drweb.exe
uRun: [LvRYPiejlora] c:\users\zappco~1\appdata\local\temp\iexplarer.exe
uRun: [LvRARNhfngnb] c:\users\zapp computer\appdata\local\temp\cmd.exe
uRun: [LvRARNhfngmtd] c:\users\zapp computer\appdata\local\temp\iexplarer.exe
uRun: [LvRARNhfngob] c:\users\zapp computer\appdata\local\temp\drweb.exe
uRun: [LvRYPiejlqse] c:\users\zappco~1\appdata\local\temp\winlogon.exe
uRun: [LvRYPiejlpsc] c:\users\zappco~1\appdata\local\temp\taskmgr.exe
uRun: [LvRYPiejlqvc] c:\users\zappco~1\appdata\local\temp\svchost.exe
uRun: [LvRARNhfngosf] c:\users\zapp computer\appdata\local\temp\taskmgr.exe
uRun: [LvRARNhfngrsc] c:\users\zapp computer\appdata\local\temp\winlogon.exe
uRun: [LvRARNhfngtrf] c:\users\zapp computer\appdata\local\temp\svchost.exe
uRun: [LvRYPiejlud] c:\users\zappco~1\appdata\local\temp\system.exe
uRun: [LvRYPiejlppf] c:\users\zappco~1\appdata\local\temp\services.exe
uRun: [LvRYPiejlq+] c:\users\zappco~1\appdata\local\temp\win16.exe
uRun: [LvRARNhfngpta] c:\users\zapp computer\appdata\local\temp\services.exe
uRun: [LvRARNhfnguuc] c:\users\zapp computer\appdata\local\temp\system.exe
uRun: [LvRARNhfngrA] c:\users\zapp computer\appdata\local\temp\win16.exe
uRun: [LvRARNhfngOz1cCOMPUTER\AppData\Local\Temp\3932186519.exe] c:\users\zapp computer\appdata\local\temp\3932186519.exe
uRun: [LvRYPiejlqb] c:\users\zappco~1\appdata\local\temp\winamp.exe
uRun: [LvRYPiejlmc] c:\users\zappco~1\appdata\local\temp\mdm.exe
uRun: [LvRYPiejl+yyPCO~1\AppData\Local\Temp\4273161361.exe] c:\users\zappco~1\appdata\local\temp\4273161361.exe
uRun: [LvRARNhfngrrc] c:\users\zapp computer\appdata\local\temp\winamp.exe
uRun: [LvRARNhfngne] c:\users\zapp computer\appdata\local\temp\mdm.exe
uRun: [LvRYPiejlk+] c:\users\zappco~1\appdata\local\temp\gdi32.exe
uRun: [LvRYPiejlotc] c:\users\zappco~1\appdata\local\temp\hexdump.exe
uRun: [LvRYPiejlo+] c:\users\zappco~1\appdata\local\temp\avp32.exe
uRun: [LvRYPiejlqf] c:\users\zappco~1\appdata\local\temp\user.exe
uRun: [LvRYPiejlrxc] c:\users\zappco~1\appdata\local\temp\spoolsv.exe
uRun: [LvRARNhfngl/] c:\users\zapp computer\appdata\local\temp\gdi32.exe
uRun: [LvRARNhfngmve] c:\users\zapp computer\appdata\local\temp\hexdump.exe
uRun: [LvRARNhfngta] c:\users\zapp computer\appdata\local\temp\user.exe
uRun: [LvRARNhfngoA] c:\users\zapp computer\appdata\local\temp\avp32.exe
uRun: [LvRARNhfngrvg] c:\users\zapp computer\appdata\local\temp\spoolsv.exe
uRun: [LvRYPiejlne] c:\users\zappco~1\appdata\local\temp\lsass.exe
uRun: [LvRARNhfngqd] c:\users\zapp computer\appdata\local\temp\lsass.exe
uRun: [LvRARNhfngruf] c:\users\zapp computer\appdata\local\temp\wininst.exe
uRun: [LvRYPiejlpe] c:\users\zappco~1\appdata\local\temp\csrss.exe
uRun: [LvRARNhfngM0ycCOMPUTER\AppData\Local\Temp\4273161361.exe] c:\users\zapp computer\appdata\local\temp\4273161361.exe
uRun: [LvRYPiejlsPc] c:\users\zappco~1\appdata\local\temp\nvsvc32.exe
uRun: [LvRARNhfngsfP] c:\users\zapp computer\appdata\local\temp\nvsvc32.exe
uRun: [LvRARNhfngoh] c:\users\zapp computer\appdata\local\temp\csrss.exe
uRun: [LvRYPiejlna] c:\users\zappco~1\appdata\local\temp\login.exe
uRun: [LvRYPiejlrf] c:\users\zappco~1\appdata\local\temp\smss.exe
uRun: [LvRARNhfngpb] c:\users\zapp computer\appdata\local\temp\login.exe
uRun: [LvRARNhfngre] c:\users\zapp computer\appdata\local\temp\smss.exe
uRun: [LvRYPiejlupc] c:\users\zappco~1\appdata\local\temp\sysedit.exe
uRun: [LvRARNhfngupf] c:\users\zapp computer\appdata\local\temp\sysedit.exe
uRun: [LvRYPiejloc] c:\users\zappco~1\appdata\local\temp\avp.exe
uRun: [LvRARNhfngoe] c:\users\zapp computer\appdata\local\temp\avp.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
mRun: [Mqsuc] c:\windows\lsass.exe
mRun: [MqmPiA] c:\windows\temp\wi5v87e.exe
mRun: [MqmPrc] c:\windows\temp\winamp.exe
mRun: [Mque] c:\windows\user.exe
mRun: [MqmPxc] c:\windows\temp\smss.exe
mRun: [MqmPeP] c:\windows\temp\avp32.exe
mRun: [Mqvpe] c:\windows\winamp.exe
mRun: [MqmPusc] c:\windows\temp\winlogon.exe
mRun: [MqrMc] c:\windows\gdi32.exe
mRun: [Mqpe] c:\windows\avp.exe
mRun: [Dcunivi] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\izobeyeyo.dll",Startup
mRun: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\lsass.exe
mRun: [WebfettiIE Browser Plugin Loader] c:\progra~1\webfet~2\bar\1.bin\ybbrmon.exe
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
dRun: [Akodapeqikoda] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\Nlicorfg.dll",Startup
dRun: [uPc+kt0NpaJsiv] rundll32.exe c:\windows\system32\qlkxa.dll, SystemServer
dRun: [Mqsuc] c:\windows\lsass.exe
dRun: [MqmPiA] c:\windows\temp\wi5v87e.exe
dRun: [MqmPrc] c:\windows\temp\winamp.exe
dRun: [Mque] c:\windows\user.exe
dRun: [MqmPxc] c:\windows\temp\smss.exe
dRun: [MqmPeP] c:\windows\temp\avp32.exe
dRun: [Mqvpe] c:\windows\winamp.exe
dRun: [MqmPusc] c:\windows\temp\winlogon.exe
dRun: [MqrMc] c:\windows\gdi32.exe
dRun: [Mqpe] c:\windows\avp.exe
dRun: [akhlyohk] c:\windows\temp\mynwncllk\boqyrfnaffm.exe
dRun: [hfjavbgi] c:\windows\temp\fpprpcdny\bsudiqbaffm.exe
dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
dRun: [Mqsucla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\lsass.exe
StartupFolder: c:\users\zappco~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoke translator\WSTrayDictMode.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.antplugin
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-16 164048]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-4-21 142648]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-16 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-16 51792]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
R2 WebfettiIEService;Webfetti Service;c:\progra~1\webfet~2\bar\1.bin\ybbarsvc.exe [2010-12-14 28766]
R3 swvspser;Sierra VSP using Ethernet;c:\windows\system32\drivers\swvspser.sys [2009-8-13 30080]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-16 133104]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2010-6-5 47360]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2010-6-5 153600]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2010-6-5 13312]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2010-6-5 153472]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2010-6-5 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2010-6-5 153600]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2010-6-5 153472]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-12-15 14:38:31 -------- d-----w- c:\users\zappco~1\appdata\roaming\Pyikra
2010-12-15 14:38:31 -------- d-----w- c:\users\zappco~1\appdata\roaming\Inupas
2010-12-14 18:00:00 -------- d-----w- c:\program files\WebfettiIE
2010-12-14 17:59:35 -------- d-----w- c:\program files\WebfettiEI
2010-12-13 05:58:12 -------- d-----w- c:\users\zappco~1\appdata\roaming\Zasa
2010-12-13 05:58:12 -------- d-----w- c:\users\zappco~1\appdata\roaming\Unqu
2010-12-13 05:48:08 -------- d-----w- c:\users\zappco~1\appdata\roaming\WhiteSmokeTranslator
2010-12-13 02:02:24 -------- d-----w- c:\program files\Whitesmoke Translator
2010-12-13 02:02:11 -------- d-----w- c:\users\zappco~1\appdata\roaming\Umsa
2010-12-13 02:02:11 -------- d-----w- c:\users\zappco~1\appdata\roaming\Oqoky
2010-12-13 02:00:20 -------- d-----w- c:\program files\whitesmoketoolbar
2010-12-12 14:48:52 -------- d-----w- c:\windows\Temp(1993)
2010-12-12 14:37:10 -------- d-----w- C:\ComboFix
2010-12-12 14:35:31 5488976 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{684d06f4-0808-4e18-8aaa-6638f5bac105}\mpengine.dll
==================== Find3M ====================
2010-12-13 01:58:22 21268 ---h--w- c:\windows\gdi32.exe
2010-12-13 01:58:22 21268 ---h--w- c:\windows\avp.exe
2010-12-13 01:58:20 21268 ---h--w- c:\windows\winamp.exe
2010-12-13 01:58:16 60004 ---h--w- c:\windows\user.exe
2010-12-13 01:58:14 60004 ---h--w- c:\windows\lsass.exe
2010-12-13 01:58:09 30000 ----a-w- c:\windows\system32\ww4qm7v4g7.dll
2010-12-13 01:58:09 30000 ----a-w- c:\windows\system32\qlkxa.dll
2010-12-13 01:58:03 53248 ----a-w- c:\windows\system32\FastUv32.dll
2010-11-01 19:00:02 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-11-01 19:00:02 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-01 18:52:04 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-11-01 18:52:01 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-10-19 16:41:44 222080 ----a-w- c:\windows\system32\MpSigStub.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: WDC_WD5000AAKB-00H8A0 rev.05.04E05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86499735]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8649f990]; MOV EAX, [0x8649fa0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x8288F13D] -> \Device\Harddisk0\DR0[0x85841520]
3 CLASSPNP[0x88DAB745] -> nt!IofCallDriver[0x8288F13D] -> [0x855D9F08]
5 acpi[0x82E306A0] -> nt!IofCallDriver[0x8288F13D] -> [0x85619BA0]
\Driver\atapi[0x8647EE38] -> IRP_MJ_CREATE -> 0x86499735
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD5000AAKB-00H8A0___________________05.04E05#5&1eda0eb5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 13:44:46.88 ===============
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Hi fulani77,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.


If you have Combofix on your Desktop, delete it then proceed as follows :-

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

Combofix

Don`t forget Combofix must be saved to your desktop. <--Very important

Before saving Combofix rename it to Gotcha as follows:



Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection

Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the Combofix log in your reply,

Kevin
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top