[soccerguy]

Can someone help me, my computer keeps freezing up on me. I have ran all the scans but they dont seem to help. Bellow are the logs, i also get a message when windows is loading. (Error loading c:\windows\system32\bularaja.dll)

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 02/18/2010 at 05:36 PM

Application Version : 4.34.1000

Core Rules Database Version : 4601
Trace Rules Database Version: 2413

Scan type : Complete Scan
Total Scan Time : 00:26:30

Memory items scanned : 551
Memory threats detected : 0
Registry items scanned : 5628
Registry threats detected : 15
File items scanned : 28353
File threats detected : 13

Trojan.Agent/Gen-AlerterALG
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALE RTERALG
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALE RTERALG#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALE RTERALG\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALE RTERALG\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALE RTERALG\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALE RTERALG\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALE RTERALG\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALE RTERALG\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALE RTERALG\0000#DeviceDesc
HKU\S-1-5-21-4293067559-3385763875-661384045-1007\Software\S45
HKLM\Software\S45
HKLM\Software\S45\Par
HKLM\Software\S45\Par#ID
HKLM\Software\S45\Par#RA
HKLM\Software\S45\Par#RP

Adware.Tracking Cookie
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@chitika[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@invitemedia[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@collective-media[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@ad.yieldman ager[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@tribalfusio n[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@content.yie ldmanager[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@content.yie ldmanager[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@doubleclick[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@chitika[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@mediaplex[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@ad.yieldman ager[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@apmebf[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\alfonso@atdmt[1].txt


__________________________________________________ ___________
Malwarebytes' Anti-Malware 1.44
Database version: 3753
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/19/2010 9:00:56 AM
mbam-log-2010-02-19 (09-00-56).txt

Scan type: Quick Scan
Objects scanned: 132494
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

__________________________________________________ ____________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:47 AM, on 2/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SANYO\XactiScreenCapture\SetClip.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Digital Cameras, Digital Photo Frames, Video Cameras, Printers & Accessories - Kodak Store
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {6c0c7db2-30e3-4319-b704-1482d6e517fb} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [yukukayoj] "Rundll32.exe" "c:\windows\system32\bularaja.dll",a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Xacti Screen Capture 1.1.lnk = ?
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/...tiveX/smsx.cab
O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} (ImgXTwain6.ImgXTwain) - https://eagent.farmersinsurance.com/...mgXTwain61.cab
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - https://eagent.farmersinsurance.com/...gXDialog61.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1196799603625
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl (CAB)) - https://eagent.farmersinsurance.com/...veX/ImgX61.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://eagent.farmersinsurance.com/...veX/msxml4.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - MySpace
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E2A1C07-A47A-4527-B369-07B9AAA3BA9D}: NameServer = 206.13.29.12,206.13.30.12
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: nitedetu.dll c:\windows\system32\dihevure.dll c:\windows\system32\bularaja.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: witolehot - {f38e0665-5c04-410c-a23f-99d7f4d9b714} - (no file)
O21 - SSODL: tututikez - {3c0c967c-b8ee-402b-859b-e4a87c55001f} - (no file)
O22 - SharedTaskScheduler: gahurihor - {f38e0665-5c04-410c-a23f-99d7f4d9b714} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {3c0c967c-b8ee-402b-859b-e4a87c55001f} - (no file)
O23 - Service: Alerter AlerterAlerterALG (AlerterAlerterALG) - Unknown owner - C:\WINDOWS\system32\g.exe (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10625 bytes



Please help!

[Albert Lionheart]

Hi
bularaja.dll is a known carrier of trojans - it looks as if the program file has been removed but something is still trying to load it. If you google it you will see a number of suggested fixes.
From the HiJackthis log you should fix the following entries
C:\Program Files\SANYO\XactiScreenCapture\SetClip.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {6c0c7db2-30e3-4319-b704-1482d6e517fb} - (no file)
O4 - HKLM\..\Run: [yukukayoj] "Rundll32.exe" "c:\windows\system32\bularaja.dll",a
O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} (ImgXTwain6.ImgXTwain) - https://eagent.farmersinsurance.com/...mgXTwain61.cab
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - https://eagent.farmersinsurance.com/...gXDialog61.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - Oops! We cannot find the page you're looking for.
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl (CAB)) - https://eagent.farmersinsurance.com/...veX/ImgX61.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - MySpace
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E2A1C07-A47A-4527-B369-07B9AAA3BA9D}: NameServer = 206.13.29.12,206.13.30.12
O20 - AppInit_DLLs: nitedetu.dll c:\windows\system32\dihevure.dll c:\windows\system32\bularaja.dll
O21 - SSODL: witolehot - {f38e0665-5c04-410c-a23f-99d7f4d9b714} - (no file)
O21 - SSODL: tututikez - {3c0c967c-b8ee-402b-859b-e4a87c55001f} - (no file)
O22 - SharedTaskScheduler: gahurihor - {f38e0665-5c04-410c-a23f-99d7f4d9b714} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {3c0c967c-b8ee-402b-859b-e4a87c55001f} - (no file)
O23 - Service: Alerter AlerterAlerterALG (AlerterAlerterALG) - Unknown owner - C:\WINDOWS\system32\g.exe (file missing)