error codes?

[DMGrier]

When I first start my laptop I get two error codes. One is the yellow triangle and it gives me a code of C:/Users/Devon/AppData/Local/Temp/mljgf.exe and the other is the red circle with the x and it says error RunDLL C:/Users/Devon/AppData/Local/Temp/ddaya.dll. How do I get rid of these? Thanks.

 

[johnb35]

Looks like you are infected with malware. You need to download, update and run Malwarebytes Anitmalware program. Download it from here...

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

After running this please post the log that it displays so we can see what it actually deleted.

 

[DMGrier]

thanks for the link, I downloaded the software and ran it. It did find a bunch of crap so I am grateful for that but It still has those error codes.

 

[johnb35]

click start button, click run. type"msconfig" without the quotes, click ok. click on startup tab. uncheck anything that pertains to those files.

 

[DMGrier]

Did as you say, and it did get rid of my RunDLL but I still have the other error code when the computer turns on (and I did turn evrything off for start up) so any other ideas? This is greatly apprecaited cause it drives me nuts when I see the yellow triangle with the "!" inside of it with the damn error code.

 

[johnb35]

Download and run combofix and post the log that it displays at the end. Get combofix from here.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

[DMGrier]

ComboFix 08-09-20.05 - Devon 2008-09-20 20:13:14.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1179 [GMT -5:00]
Running from: C:\Users\Devon\Desktop\Software\avg\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Devon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Devon\AppData\Roaming\Microsoft\Windows\Cookies\devon@isohunt[2].txt
C:\Users\Devon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\system32\dcads-remove.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-20 12:07 . 2008-09-20 12:07 <DIR> d-------- C:\Users\Devon\AppData\Roaming\Malwarebytes
2008-09-20 12:07 . 2008-09-20 12:07 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-20 12:07 . 2008-09-20 12:07 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-20 12:07 . 2008-09-20 12:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 12:07 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-20 12:07 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-20 03:41 . 2008-09-20 03:41 <DIR> d-------- C:\Users\Devon\AppData\Roaming\dvdcss
2008-09-20 03:39 . 2008-09-20 16:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-20 03:33 . 2008-09-20 03:33 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-09-20 03:33 . 2008-09-20 03:33 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-09-20 03:32 . 2008-09-20 16:14 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-09-20 03:32 . 2008-09-20 03:32 <DIR> d-------- C:\Users\All Users\avg8
2008-09-20 03:32 . 2008-09-20 03:32 <DIR> d-------- C:\ProgramData\avg8
2008-09-20 03:32 . 2008-09-20 03:32 <DIR> d-------- C:\Program Files\AVG
2008-09-20 03:32 . 2008-09-20 03:32 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-09-20 03:01 . 2008-09-20 03:01 <DIR> d-------- C:\Users\All Users\DVD Shrink
2008-09-20 03:01 . 2008-09-20 03:01 <DIR> d-------- C:\ProgramData\DVD Shrink
2008-09-20 03:01 . 2008-09-20 03:01 <DIR> d-------- C:\Program Files\DVD Shrink
2008-09-17 03:01 . 2008-05-26 23:59 106,605 --a------ C:\Windows\System32\StructuredQuerySchema.bin
2008-09-17 03:01 . 2008-05-27 00:17 34,816 --a------ C:\Windows\System32\msscb.dll
2008-09-17 03:01 . 2008-05-26 23:59 18,904 --a------ C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-09-17 03:01 . 2008-05-27 00:17 11,776 --a------ C:\Windows\System32\msshooks.dll
2008-09-16 19:04 . 2008-07-19 00:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-16 19:04 . 2008-07-18 22:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-16 19:04 . 2008-07-19 00:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-16 19:04 . 2008-07-18 22:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-16 19:04 . 2008-07-19 00:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-16 19:04 . 2008-07-19 00:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-16 19:04 . 2008-07-19 00:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-16 19:03 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-16 19:03 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-15 07:37 . 2008-09-20 11:53 154,396,991 --a------ C:\Windows\MEMORY.DMP
2008-09-13 15:04 . 2008-09-13 15:04 <DIR> d-------- C:\Program Files\WildGames
2008-09-13 14:53 . 1995-08-01 23:04 258,560 --a------ C:\Windows\uninst.exe
2008-09-13 12:46 . 2008-09-13 14:40 <DIR> d-------- C:\World of Warcraft
2008-09-13 02:29 . 2008-09-13 02:29 <DIR> d-------- C:\Windows\System32\IOSUBSYS
2008-09-13 01:38 . 2008-09-13 01:38 <DIR> d-------- C:\Users\All Users\Free Ride Games
2008-09-13 01:38 . 2008-09-13 01:38 <DIR> d-------- C:\ProgramData\Free Ride Games
2008-09-13 01:38 . 2008-06-21 16:28 37,033 --------- C:\Windows\FRGT.ico
2008-09-13 01:38 . 2008-09-13 01:38 64 --a------ C:\Windows\GPlrLanc.dat
2008-09-11 03:01 . 2008-07-30 20:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-11 03:01 . 2008-07-30 22:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 22:57 . 2008-08-01 20:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 22:57 . 2008-06-25 22:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 22:57 . 2008-06-25 22:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 22:57 . 2008-05-08 14:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 22:57 . 2008-05-19 21:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 22:57 . 2008-06-25 22:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 22:57 . 2008-08-01 22:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-06 15:56 . 2008-09-06 15:56 <DIR> d-------- C:\Users\Devon\Roaming
2008-09-06 15:56 . 2008-09-06 15:56 <DIR> d-------- C:\Users\Devon\AppData\Roaming\MySpace
2008-09-06 15:56 . 2008-09-06 15:56 <DIR> d-------- C:\Users\Default\Roaming
2008-09-06 15:56 . 2008-09-20 02:14 <DIR> d-------- C:\Program Files\MySpace
2008-08-29 12:18 . 2008-08-29 12:18 2,302,017 --a------ C:\Windows\System32\GPhotos.scr
2008-08-27 21:49 . 2008-08-29 16:39 1,890 --ahs---- C:\Users\All Users\KGyGaAvL.sys
2008-08-27 21:49 . 2008-08-29 16:39 1,890 --ahs---- C:\ProgramData\KGyGaAvL.sys
2008-08-27 21:49 . 2008-08-27 21:49 88 -r-hs---- C:\Users\All Users\079C3ACCDB.sys
2008-08-27 21:49 . 2008-08-27 21:49 88 -r-hs---- C:\ProgramData\079C3ACCDB.sys
2008-08-27 17:53 . 2008-08-27 17:53 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-26 21:43 . 2008-07-10 19:28 79,896 --a------ C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-08-26 21:43 . 2008-07-10 19:28 50,200 --a------ C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-08-26 21:42 . 2008-08-26 21:42 <DIR> d-------- C:\Windows\System32\RsFx
2008-08-26 21:39 . 2008-08-26 21:39 <DIR> d-------- C:\Windows\System32\1033
2008-08-26 21:36 . 2008-08-26 21:36 <DIR> d-------- C:\Windows\PCHEALTH
2008-08-26 21:24 . 2008-04-18 00:30 2,241,536 --a------ C:\Windows\System32\msi.dll
2008-08-26 21:24 . 2008-04-18 00:30 332,800 --a------ C:\Windows\System32\msihnd.dll
2008-08-26 21:24 . 2008-04-17 21:33 73,216 --a------ C:\Windows\System32\msiexec.exe
2008-08-26 21:24 . 2008-04-17 21:33 2,560 --a------ C:\Windows\System32\msimsg.dll
2008-08-26 21:23 . 2008-08-26 21:42 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-08-26 21:22 . 2008-08-26 21:22 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-08-26 21:22 . 2008-08-26 21:22 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-26 21:20 . 2008-08-26 21:20 <DIR> d-------- C:\Windows\System32\Visual Studio 2008Templates
2008-08-26 21:20 . 2008-08-26 21:20 <DIR> d-------- C:\Windows\System32\Visual Studio 2008
2008-08-26 21:14 . 2008-09-20 17:23 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-08-26 21:14 . 2008-09-20 17:23 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-08-26 21:14 . 2008-09-20 17:23 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-26 21:03 . 2008-06-19 20:14 781,344 --a------ C:\Windows\System32\PresentationNative_v0300.dll
2008-08-26 21:03 . 2008-06-19 20:14 622,080 --a------ C:\Windows\System32\icardagt.exe
2008-08-26 21:03 . 2008-06-19 20:14 326,160 --a------ C:\Windows\System32\PresentationHost.exe
2008-08-26 21:03 . 2008-06-19 20:14 105,016 --a------ C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-08-26 21:03 . 2008-06-19 20:14 97,800 --a------ C:\Windows\System32\infocardapi.dll
2008-08-26 21:03 . 2008-06-19 20:14 43,544 --a------ C:\Windows\System32\PresentationHostProxy.dll
2008-08-26 21:03 . 2008-06-19 20:14 37,384 --a------ C:\Windows\System32\infocardcpl.cpl
2008-08-26 21:03 . 2008-06-19 20:14 11,264 --a------ C:\Windows\System32\icardres.dll
2008-08-26 20:52 . 2008-07-27 13:03 282,112 --a------ C:\Windows\System32\mscoree.dll
2008-08-26 20:52 . 2008-07-27 13:03 158,720 --a------ C:\Windows\System32\mscorier.dll
2008-08-26 20:52 . 2008-07-27 13:03 96,760 --a------ C:\Windows\System32\dfshim.dll
2008-08-26 20:52 . 2008-07-27 13:03 83,968 --a------ C:\Windows\System32\mscories.dll
2008-08-26 20:52 . 2008-07-27 13:03 41,984 --a------ C:\Windows\System32\netfxperf.dll
2008-08-25 22:48 . 2008-08-25 22:48 <DIR> dr------- C:\Users\Public\Downloads
2008-08-25 22:11 . 2008-08-25 21:43 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-08-25 22:11 . 2008-08-25 21:43 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-08-25 21:51 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-08-25 21:51 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-08-25 21:51 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-08-25 21:50 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-08-25 21:50 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-08-25 21:48 . 2008-01-18 23:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-08-25 21:44 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-08-25 21:43 . 2008-08-25 22:13 196,608 --a------ C:\Windows\SPInstall.etl
2008-08-23 01:51 . 2008-08-26 21:44 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-21 18:41 . 2008-08-21 18:41 <DIR> d-------- C:\Program Files\ReflexiveArcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 22:50 --------- d-----w C:\Users\Devon\AppData\Roaming\uTorrent
2008-09-20 22:42 --------- d-----w C:\Program Files\Google
2008-09-15 12:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 12:05 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-13 19:54 --------- d-----w C:\Program Files\Maxis
2008-09-09 02:32 --------- d-----w C:\ProgramData\Roxio
2008-08-26 03:48 174 --sha-w C:\Program Files\desktop.ini
2008-08-26 03:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-26 03:38 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-26 03:38 --------- d-----w C:\Program Files\Windows Mail
2008-08-26 03:38 --------- d-----w C:\Program Files\Windows Journal
2008-08-26 03:38 --------- d-----w C:\Program Files\Windows Defender
2008-08-26 03:38 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-26 03:38 --------- d-----w C:\Program Files\Windows Calendar
2008-08-26 03:20 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-26 03:20 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-28 04:28 --------- d-----w C:\Users\Devon\AppData\Roaming\Apple Computer
2008-07-27 04:54 --------- d-----w C:\ProgramData\Lavasoft
2008-07-26 23:24 --------- d-----w C:\Program Files\iTunes
2008-07-26 23:24 --------- d-----w C:\Program Files\iPod
2008-07-26 23:22 --------- d-----w C:\Program Files\QuickTime
2008-07-22 23:39 --------- d-----w C:\Program Files\Apple Software Update
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-11 00:28 34,328 ----a-w C:\Windows\System32\DTSPipelinePerf100.dll
2008-07-10 07:49 215,576 ----a-w C:\Windows\System32\SqlServerSpatial.dll
2008-07-10 07:49 2,459,672 ----a-w C:\Windows\System32\sqlncli10.dll
2008-07-09 00:28 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-07-09 00:28 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-07-09 00:28 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-07-08 23:57 94,208 ----a-w C:\Windows\DIIUnin.exe
2008-07-08 23:57 2,829 ----a-w C:\Windows\DIIUnin.pif
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-03-11 21:35 0 ----a-w C:\Users\Devon\AppData\Roaming\wklnhst.dat
2008-02-12 16:29 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-12 16:29 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-12 16:29 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-07-11 17:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-09-20 03:32 1235736 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2006-11-21 19:52 1540096 C:\Windows\System32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-18 23:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 16:22 3739648 C:\Users\Devon\AppData\Roaming\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 11:37 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-11-20 12:51 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 23:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-02-08 00:11 303104 C:\Windows\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D1BC8037-F221-4145-AADE-D38516F8AF75}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{2487939F-71EF-4575-9382-0649EC559370}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{7908AB6C-FF93-4E5E-B979-0C6648382F48}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{8225FCFD-4E06-44F7-8669-F47F8B664B24}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"TCP Query User{9FED9413-CD30-4A55-BE91-36AFB23E2428}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{0D96441E-ADF8-4C10-8EE1-9C9F6DA6BDD5}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{593CE8E6-FD4C-4F6F-BFA7-7B9F6AB6351C}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{94736A43-EFB0-45A9-B0C6-9F045B50D5F5}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{84F0506B-3406-4114-9BFC-CB1B25C00192}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{BE9C0162-9193-4FB5-A11D-4EF2692B3E87}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{D2486B1C-A221-4D98-BD67-EB36F4159EBD}C:\\users\\devon\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\devon\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{D6F6C591-C7E5-41E4-80A1-9FF669086131}C:\\users\\devon\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\devon\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{9452BB65-496A-4DA9-BF26-840CF7EC61A1}C:\\users\\devon\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\devon\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{087215CB-BB94-42C8-BDB8-223368C06613}C:\\users\\devon\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\devon\program files\utorrent\utorrent.exe:utorrent.exe
"{1E406326-0310-49A4-B6E2-E8ECD9B795A4}"= UDP:C:\Program Files\123Movies2IPOD 2008\123Movies2IPOD.exe:123Movies2iPOD 2008
"{5B6F8D67-B859-4AEC-BAC6-31A293F110EC}"= TCP:C:\Program Files\123Movies2IPOD 2008\123Movies2IPOD.exe:123Movies2iPOD 2008
"{0B5F3FAD-4F58-440D-B708-E314A5A45075}"= UDP:F:\WOW\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe:Blizzard Downloader
"{7FF80284-002A-4316-998C-05D146F4C4AD}"= TCP:F:\WOW\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe:Blizzard Downloader
"{23E7B778-E200-4AA2-991C-10C2F232DECE}"= UDP:3724:Blizzard Downloader: 3724
"{D61EC472-A1C0-4717-B6A1-BCC5B03B9711}"= UDP:F:\WOW\World of Warcraft\Launcher.exe:World of Warcraft
"{F4EE54E0-8178-4E44-8D62-9213DB4BD089}"= TCP:F:\WOW\World of Warcraft\Launcher.exe:World of Warcraft
"{4076EB9D-8E53-4CAE-9A4C-ACCEFCED0894}"= UDP:12674:LocalSubnet:LocalSubnet:d
"{EE85E329-83C1-4121-841A-10A07A57DB5F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{343B5265-72FA-44E6-8FF9-7EFFF8456A96}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{27399E1D-CCE8-454C-B4D3-92779082D45F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1296FFAD-B3E6-491D-B7E9-A23DA75ABA17}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{123353C9-3BD1-431C-98DA-CDCB701DB01E}"= C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"TCP Query User{2437A592-9FD1-4820-96B4-51FB76CDCF3B}C:\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{D750EB2A-B664-4BD9-80F1-628AE4E982B1}C:\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{0BFFF747-D7DA-445A-BA47-92EFB63A06B9}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{903848C6-A4D3-4675-9B8E-887E1C84FFD9}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 8192]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-20 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-20 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-20 231704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-20 69128]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 2085888]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 RsFx0102;RsFx0102 Driver;C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ECenter - c:\dell\E-Center\EULALauncher.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Devon\AppData\Roaming\Mozilla\Firefox\Profiles\du51yoow.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 20:17:33
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-20 20:20:03
ComboFix-quarantined-files.txt 2008-09-21 01:19:58

Pre-Run: 51,965,034,496 bytes free
Post-Run: 52,129,603,584 bytes free

290 --- E O F --- 2008-09-19 05:04:43