help needed with rootkit.agent removal

[nreece]

Hello,

This is my first post so, hopefully I'm doing this right. I have contracted malware which is causing the following issue with my IBM Lenovo PC running Windows XP: Every 30-60 seconds I get a POP-up message titled: iexplore.exe application error message, which states: "The instruction at 0x901360e1 referenced memory at 0x901360e1. The memory could not be read. Click on OK to terminate the program or click on cancel to debug the program." My Internet Explorer browser and Firefox browsers are both inoperable.

I have managed to rid my system of "some" of the files using the MBAM program but, there are still several files that MB can't delete. I've been reading posts in this forum all day and it seems as if I have a blended "multiple" infection. It appears I still have a Rootkit.agent infecting my system. I tried identifying the files using the "Root repeal" and "GMER" programs but have been unsuccessful. So, I ran an HJT scan at the direction of this forum.

I am copying my MBAM, HJT and GMER log files here in hopes you may be able to assist me. I am attaching the GMER logs because there is an entry which corresponds to one of the files in the MBAM log, Trojan.FakeAlert - Memory module. I've highlighted it in red in the GMER LOG file.

Thank you in advance.

Nate

MBAM LOG File:

Malwarebytes' Anti-Malware 1.41

Database version: 3218

Windows 5.1.2600 Service Pack 2

11/23/2009 2:10:35 PM

mbam-log-2009-11-23 (14-10-35).txt

Scan type: Full Scan (C:\|)

Objects scanned: 203279

Time elapsed: 31 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 4

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINNT\system32\dijuboru.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\WINNT\system32\fgjk4wvb.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\WINNT\system32\ponovisi.dll (Trojan.FakeAlert) -> Delete on reboot.

\\?\globalroot\systemroot\system32\H8SRTsthybotuvc.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Downloader) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINNT\system32\dijuboru.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\nreece\ntuser.dll (Trojan.Agent) -> Delete on reboot.

C:\WINNT\system32\fgjk4wvb.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\WINNT\system32\ponovisi.dll (Trojan.FakeAlert) -> Delete on reboot.

\\?\globalroot\systemroot\system32\H8SRTsthybotuvc.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINNT\system32\tdlcmd.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\nreece\Start Menu\Programs\Startup\scandisk.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\nreece\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\nreece\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

HJT LOG file:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:39:38 PM, on 11/23/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\ibmpmsvc.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

C:\WINNT\system32\bgsvcgen.exe

C:\WINNT\system32\cisvc.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\IPSec Client\LucentIKESvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\IPSec Client\LucentIKE.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINNT\System32\mnmsrvc.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\timbuktu pro\tb2launch.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

C:\Program Files\timbuktu pro\tb2logon.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Network Associates\Common Framework\McTray.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\timbuktu pro\tb2pro.exe

C:\WINNT\system32\hkcmd.exe

C:\WINNT\system32\igfxpers.exe

C:\WINNT\system32\igfxsrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINNT\system32\rundll32.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\IPSec Client\trayicon.exe

C:\Program Files\timbuktu pro\TNOTIFY.EXE

C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINNT\system32\CCM\SMSCliUI.exe

C:\WINNT\system32\cidaemon.exe

C:\WINNT\system32\cidaemon.exe

C:\Documents and Settings\nreece\Local Settings\Temp\gmer.exe

C:\gmer\gmer.exe

C:\WINNT\system32\rundll32.exe

C:\gmer\gmer.exe

F:\malwarebytes\HJT\HJTInstall.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aww.usa.alcatel.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aww.usa.alcatel.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.proxy.alcatel-lucent.com/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.lucent.com;*.alcatel.com;*.alcatel-lucent.com;<local>

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\timbuktu pro\tb2logon.exe"

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe

O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINNT\system32\calc.dll,_IWMPEvents@0

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Malwarebytes' Anti-Malware\fix.exe.exe" /runcleanupscript

O4 - HKLM\..\Run: [ctfmon] RUNDLL32.EXE C:\WINNT\system32\fgjk4wvb.dll,w

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\nreece\ntuser.dll,_IWMPEvents@0

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9f.exe

O4 - HKUS\S-1-5-18\..\Run: [calc] rundll32.exe C:\DOCUME~1\NETWOR~1\ntuser.dll,_IWMPEvents@0 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [jsh87r3huiehf89esiudgd] C:\WINNT\TEMP\n3md6rvf.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\WINNT\TEMP\notepad.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [calc] rundll32.exe C:\DOCUME~1\NETWOR~1\ntuser.dll,_IWMPEvents@0 (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://aww.usa.alcatel.com

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {093501ce-d290-11d3-a3d6-00c04fa32518} -

O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} (Oracle JInitiator 1.1.8.18) -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204322318437

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -

O16 - DPF: {ed54a7b0-6c1c-11d5-b63d-00c04faedb18} -

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na02.lucent.com

O17 - HKLM\Software\..\Telephony: DomainName = na02.lucent.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na02.lucent.com

O20 - AppInit_DLLs: dijuboru.dll

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: OracleOracle8i_localClientCache - Unknown owner - C:\Program Files\oracle8i\BIN\ONRSD.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\timbuktu pro\tb2launch.exe

O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

--

End of file - 10810 bytes

GMER LOG file

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-11-23 15:23:24

Windows 5.1.2600 Service Pack 2

Running: 9b2o9jnm.exe; Driver: C:\DOCUME~1\nreece\LOCALS~1\Temp\axtoraow.sys

---- System - GMER 1.0.15 ----

Code 864112A8 ZwEnumerateKey

Code 8640E898 ZwFlushInstructionCache

Code 8641711E IofCallDriver

Code 86418C76 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A0 5 Bytes JMP 86417123

.text ntkrnlpa.exe!IofCompleteRequest 804EF230 5 Bytes JMP 86418C7B

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B5642 5 Bytes JMP 8640E89C

PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DE0 5 Bytes JMP 864112AC

init C:\WINNT\NetopiaRC\Tb2Device.sys entry point in "init" section [0xA2BD3000]

? C:\WINNT\system32\drivers\rootrepeal.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINNT\system32\CCM\SMSCliUI.exe[588] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01022A5E; RET

.text C:\WINNT\system32\CCM\SMSCliUI.exe[588] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01021BCE; RET

.text C:\WINNT\system32\CCM\SMSCliUI.exe[588] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01021B9A; RET

.text C:\WINNT\system32\CCM\SMSCliUI.exe[588] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01021B03; RET

.text C:\WINNT\system32\CCM\SMSCliUI.exe[588] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01021B2B; RET

.text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2092] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00F92A5E; RET

.text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2092] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 00F91BCE; RET

.text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2092] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 00F91B9A; RET

.text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2092] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 00F91B03; RET

.text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2092] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 00F91B2B; RET

.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[2268] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01002A5E; RET

.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[2268] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01001BCE; RET

.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[2268] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01001B9A; RET

.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[2268] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01001B03; RET

.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[2268] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01001B2B; RET

.text C:\Program Files\Digital Line Detect\DLG.exe[2388] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01192A5E; RET

.text C:\Program Files\Digital Line Detect\DLG.exe[2388] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01191BCE; RET

.text C:\Program Files\Digital Line Detect\DLG.exe[2388] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01191B9A; RET

.text C:\Program Files\Digital Line Detect\DLG.exe[2388] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01191B03; RET

.text C:\Program Files\Digital Line Detect\DLG.exe[2388] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01191B2B; RET

.text C:\Program Files\IPSec Client\trayicon.exe[2532] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01352A5E; RET

.text C:\Program Files\IPSec Client\trayicon.exe[2532] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01351BCE; RET

.text C:\Program Files\IPSec Client\trayicon.exe[2532] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01351B9A; RET

.text C:\Program Files\IPSec Client\trayicon.exe[2532] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01351B03; RET

.text C:\Program Files\IPSec Client\trayicon.exe[2532] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01351B2B; RET

.text C:\WINNT\Explorer.EXE[2764] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 02272A5E; RET

.text C:\WINNT\Explorer.EXE[2764] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 02271BCE; RET

.text C:\WINNT\Explorer.EXE[2764] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 02271B9A; RET

.text C:\WINNT\Explorer.EXE[2764] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 02271B03; RET

.text C:\WINNT\Explorer.EXE[2764] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 02271B2B; RET

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3184] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01672A5E; RET

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3184] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01671BCE; RET

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3184] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01671B9A; RET

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3184] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01671B03; RET

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[3184] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01671B2B; RET

.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3192] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01882A5E; RET

.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3192] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01881BCE; RET

.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3192] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01881B9A; RET

.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3192] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01881B03; RET

.text C:\Program Files\Network Associates\Common Framework\UdaterUI.exe[3192] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01881B2B; RET

.text C:\Program Files\timbuktu pro\tb2logon.exe[3200] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00E62A5E; RET

.text C:\Program Files\timbuktu pro\tb2logon.exe[3200] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 00E61BCE; RET

.text C:\Program Files\timbuktu pro\tb2logon.exe[3200] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 00E61B9A; RET

.text C:\Program Files\timbuktu pro\tb2logon.exe[3200] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 00E61B03; RET

.text C:\Program Files\timbuktu pro\tb2logon.exe[3200] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 00E61B2B; RET

.text C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe[3208] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01252A5E; RET

.text C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe[3208] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01251BCE; RET

.text C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe[3208] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01251B9A; RET

.text C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe[3208] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01251B03; RET

.text C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe[3208] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01251B2B; RET

.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3224] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00D02A5E; RET

.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3224] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 00D01BCE; RET

.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3224] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 00D01B9A; RET

.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3224] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 00D01B03; RET

.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3224] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 00D01B2B; RET

.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3232] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 013B2A5E; RET

.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3232] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 013B1BCE; RET

.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3232] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 013B1B9A; RET

.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3232] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 013B1B03; RET

.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3232] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 013B1B2B; RET

.text C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe[3312] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 012A2A5E; RET

.text C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe[3312] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 012A1BCE; RET

.text C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe[3312] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 012A1B9A; RET

.text C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe[3312] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 012A1B03; RET

.text C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe[3312] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 012A1B2B; RET

.text C:\Program Files\Network Associates\Common Framework\McTray.exe[3368] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00F72A5E; RET

.text C:\Program Files\Network Associates\Common Framework\McTray.exe[3368] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 00F71BCE; RET

.text C:\Program Files\Network Associates\Common Framework\McTray.exe[3368] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 00F71B9A; RET

.text C:\Program Files\Network Associates\Common Framework\McTray.exe[3368] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 00F71B03; RET

.text C:\Program Files\Network Associates\Common Framework\McTray.exe[3368] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 00F71B2B; RET

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3380] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01682A5E; RET

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3380] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01681BCE; RET

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3380] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01681B9A; RET

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3380] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01681B03; RET

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3380] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01681B2B; RET

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3412] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 016C2A5E; RET

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3412] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 016C1BCE; RET

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3412] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 016C1B9A; RET

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3412] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 016C1B03; RET

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3412] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 016C1B2B; RET

.text C:\WINNT\system32\rundll32.exe[3428] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00E82A5E; RET

.text C:\WINNT\system32\rundll32.exe[3428] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 00E81BCE; RET

.text C:\WINNT\system32\rundll32.exe[3428] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 00E81B9A; RET

.text C:\WINNT\system32\rundll32.exe[3428] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 00E81B03; RET

.text C:\WINNT\system32\rundll32.exe[3428] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 00E81B2B; RET

.text C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe[3464] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00F42A5E; RET

.text C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe[3464] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 00F41BCE; RET

.text C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe[3464] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 00F41B9A; RET

.text C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe[3464] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 00F41B03; RET

.text C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe[3464] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 00F41B2B; RET

.text C:\WINNT\system32\hkcmd.exe[3532] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01382A5E; RET

.text C:\WINNT\system32\hkcmd.exe[3532] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01381BCE; RET

.text C:\WINNT\system32\hkcmd.exe[3532] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01381B9A; RET

.text C:\WINNT\system32\hkcmd.exe[3532] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01381B03; RET

.text C:\WINNT\system32\hkcmd.exe[3532] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01381B2B; RET

.text C:\WINNT\system32\igfxpers.exe[3544] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 010A2A5E; RET

.text C:\WINNT\system32\igfxpers.exe[3544] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 010A1BCE; RET

.text C:\WINNT\system32\igfxpers.exe[3544] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 010A1B9A; RET

.text C:\WINNT\system32\igfxpers.exe[3544] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 010A1B03; RET

.text C:\WINNT\system32\igfxpers.exe[3544] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 010A1B2B; RET

.text C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE[3580] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01F62A5E; RET

.text C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE[3580] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01F61BCE; RET

.text C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE[3580] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01F61B9A; RET

.text C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE[3580] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01F61B03; RET

.text C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE[3580] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01F61B2B; RET

.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3600] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 06C72A5E; RET

.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3600] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 06C71BCE; RET

.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3600] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 06C71B9A; RET

.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3600] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 06C71B03; RET

.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3600] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 06C71B2B; RET

.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3636] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01AE2A5E; RET

.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3636] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01AE1BCE; RET

.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3636] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01AE1B9A; RET

.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3636] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01AE1B03; RET

.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3636] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01AE1B2B; RET

.text C:\WINNT\system32\rundll32.exe[3888] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00BC2A5E; RET

.text C:\WINNT\system32\rundll32.exe[3888] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 00BC1BCE; RET

.text C:\WINNT\system32\rundll32.exe[3888] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 00BC1B9A; RET

.text C:\WINNT\system32\rundll32.exe[3888] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 00BC1B03; RET

.text C:\WINNT\system32\rundll32.exe[3888] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 00BC1B2B; RET

.text C:\WINNT\system32\RUNDLL32.EXE[3912] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00CF2A5E; RET

.text C:\WINNT\system32\RUNDLL32.EXE[3912] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 00CF1BCE; RET

.text C:\WINNT\system32\RUNDLL32.EXE[3912] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 00CF1B9A; RET

.text C:\WINNT\system32\RUNDLL32.EXE[3912] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 00CF1B03; RET

.text C:\WINNT\system32\RUNDLL32.EXE[3912] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 00CF1B2B; RET

.text C:\WINNT\system32\ctfmon.exe[3928] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 00E52A5E; RET

.text C:\WINNT\system32\ctfmon.exe[3928] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 00E51BCE; RET

.text C:\WINNT\system32\ctfmon.exe[3928] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 00E51B9A; RET

.text C:\WINNT\system32\ctfmon.exe[3928] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 00E51B03; RET

.text C:\WINNT\system32\ctfmon.exe[3928] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 00E51B2B; RET

.text F:\malwarebytes\root repeal\GMER\9b2o9jnm.exe[3976] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01042A5E; RET

.text F:\malwarebytes\root repeal\GMER\9b2o9jnm.exe[3976] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01041BCE; RET

.text F:\malwarebytes\root repeal\GMER\9b2o9jnm.exe[3976] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01041B9A; RET

.text F:\malwarebytes\root repeal\GMER\9b2o9jnm.exe[3976] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01041B03; RET

.text F:\malwarebytes\root repeal\GMER\9b2o9jnm.exe[3976] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01041B2B; RET

.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4084] kernel32.dll!TerminateProcess 7C801E16 6 Bytes PUSH 01602A5E; RET

.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4084] kernel32.dll!FindNextFileW 7C80EF4A 6 Bytes PUSH 01601BCE; RET

.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4084] kernel32.dll!FindNextFileA 7C834EF9 6 Bytes PUSH 01601B9A; RET

.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4084] ADVAPI32.dll!RegDeleteValueA 77DDECC5 6 Bytes PUSH 01601B03; RET

.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4084] ADVAPI32.dll!RegDeleteValueW 77DDEDD1 6 Bytes PUSH 01601B2B; RET

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation)

Device \Driver\iaStor \Device\Ide\iaStor0 [F731380E] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F731380E] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\Tcpip \Device\Udp odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTorudlkgmpy.sys (*** hidden *** ) A1FDA000-A1FF7000 (118784 bytes)

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\H8SRTsthybotuvc.dll (*** hidden *** ) @ C:\WINNT\system32\svchost.exe [1068] 0x011E0000

Library \\?\globalroot\systemroot\system32\H8SRTsthybotuvc.dll (*** hidden *** ) @ C:\WINNT\system32\svchost.exe [1232] 0x00BA0000

Library \\?\globalroot\systemroot\system32\H8SRTsthybotuvc.dll (*** hidden *** ) @ C:\WINNT\System32\svchost.exe [1416] 0x00B90000

Library \\?\globalroot\systemroot\system32\H8SRTsthybotuvc.dll (*** hidden *** ) @ C:\WINNT\system32\svchost.exe [1724] 0x00BA0000

Library \\?\globalroot\systemroot\system32\H8SRTsthybotuvc.dll (*** hidden *** ) @ C:\WINNT\System32\svchost.exe [1728] 0x00B90000

Library \\?\globalroot\systemroot\system32\H8SRTsthybotuvc.dll (*** hidden *** ) @ C:\WINNT\System32\svchost.exe [1788] 0x00B90000

Library \\?\globalroot\systemroot\system32\H8SRTsthybotuvc.dll (*** hidden *** ) @ C:\WINNT\System32\svchost.exe [1868] 0x00BA0000

Library \\?\globalroot\systemroot\system32\H8SRTsthybotuvc.dll (*** hidden *** ) @ C:\WINNT\Explorer.EXE [2764] 0x00E60000

---- Files - GMER 1.0.15 ----

File C:\WINNT\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

[chamber]

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

[nreece]

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

OK, Here is my ComboFix log file. It ran smoothly...no issues.

COMBOFIX LOG

ComboFix 09-11-23.05 - nreece 11/24/2009 9:25.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.708 [GMT -8:00]

Running from: f:\malwarebytes\combofix\Renamed\patch.exe

.

The following files were disabled during the run:

c:\winnt\system32\dijuboru.dll

c:\winnt\system32\huvajolu.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\nreece\ntuser.dll

c:\documents and settings\nreece\Start Menu\Programs\Startup\scandisk.dll

c:\documents and settings\nreece\Start Menu\Programs\Startup\scandisk.lnk

c:\recycler\S-1-5-21-1343024091-1202660629-2146872243-500

c:\recycler\S-1-5-21-1495413996-3315217193-3035020991-500

c:\recycler\S-1-5-21-3794707180-550574813-1373618169-500

c:\winnt\AegisP.inf

c:\winnt\run.log

c:\winnt\system32\calc.dll

c:\winnt\system32\config\systemprofile\ntuser.dll

c:\winnt\system32\drivers\H8SRTorudlkgmpy.sys

c:\winnt\system32\fgjk4wvb.dll

c:\winnt\system32\h8srtcfg.dat

c:\winnt\system32\H8SRTlonknabbst.dat

c:\winnt\system32\h8srtmain.dll

c:\winnt\system32\H8SRTmqvomblbpf.db

c:\winnt\system32\H8SRTnelstomudp.dll

c:\winnt\system32\H8SRTsthybotuvc.dll

c:\winnt\system32\H8SRTtrwdvvwcog.dll

c:\winnt\system32\H8SRTxtlgtpsxld.dll

c:\winnt\system32\H8SRTyjnmiaoviu.dll

c:\winnt\system32\ponovisi.dll

c:\winnt\system32\schtml

c:\winnt\system32\schtml\images\i1.gif

c:\winnt\system32\schtml\images\i2.gif

c:\winnt\system32\schtml\images\i3.gif

c:\winnt\system32\schtml\images\j1.gif

c:\winnt\system32\schtml\images\j2.gif

c:\winnt\system32\schtml\images\j3.gif

c:\winnt\system32\schtml\images\jj1.gif

c:\winnt\system32\schtml\images\jj2.gif

c:\winnt\system32\schtml\images\jj3.gif

c:\winnt\system32\schtml\images\l1.gif

c:\winnt\system32\schtml\images\l2.gif

c:\winnt\system32\schtml\images\l3.gif

c:\winnt\system32\schtml\images\pix.gif

c:\winnt\system32\schtml\images\t1.gif

c:\winnt\system32\schtml\images\t2.gif

c:\winnt\system32\schtml\images\up1.gif

c:\winnt\system32\schtml\images\up2.gif

c:\winnt\system32\schtml\images\w1.gif

c:\winnt\system32\schtml\images\w11.gif

c:\winnt\system32\schtml\images\w2.gif

c:\winnt\system32\schtml\images\w3.gif

c:\winnt\system32\schtml\images\w3.jpg

c:\winnt\system32\schtml\images\word.doc

c:\winnt\system32\schtml\images\wt1.gif

c:\winnt\system32\schtml\images\wt2.gif

c:\winnt\system32\schtml\images\wt3.gif

c:\winnt\system32\schtml\wispex.html

c:\winnt\system32\sojerire.dll

c:\winnt\system32\tdlcmd.dll

c:\winnt\system32\zidoyowi.dll

c:\winnt\Tasks\aguqpjtf.job

c:\winnt\Tasks\joouhcuc.job

c:\winnt\zap.exe

----- BITS: Possible infected sites -----

hxxp://USDALSSMS03.NA02.lucent.com:8081

hxxp://USNAVSSMS02.na02.lucent.com:8081

Infected copy of c:\winnt\System32\Drivers\iaStor.sys was found and disinfected

Restored copy from - Kitty ate it

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_H8SRTd.sys

-------\Legacy_H8SRTd.sys

-------\Legacy_6TO4

((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))

.

2009-11-24 00:38 . 2009-11-24 00:38 -------- d-----w- c:\program files\Trend Micro

2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- C:\gmer

2009-11-23 22:26 . 2009-11-23 22:26 34816 ----a-w- c:\winnt\system32\drivers\blast.sys

2009-11-23 22:25 . 2009-11-23 22:26 -------- d-----w- C:\root repeal

2009-11-23 18:16 . 2009-11-23 18:16 -------- d-----w- c:\documents and settings\nreece\Application Data\Malwarebytes

2009-11-23 17:40 . 2009-09-10 22:54 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2009-11-23 17:40 . 2009-11-23 21:18 -------- d-----w- C:\Malwarebytes' Anti-Malware

2009-11-23 17:40 . 2009-11-23 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-23 17:40 . 2009-09-10 22:53 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys

2009-11-23 01:26 . 2009-11-23 01:26 -------- d-----w- C:\QUARANTINE

2009-11-22 23:46 . 2009-11-23 16:58 -------- d-----w- c:\program files\AntiMalware

2009-11-04 15:57 . 2009-11-04 15:57 -------- d-----w- c:\program files\SMS Packages

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-06 17:53 . 2009-10-06 17:53 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-25 05:49 . 2005-02-18 21:19 668672 ----a-w- c:\winnt\system32\wininet.dll

2009-09-25 05:48 . 2005-12-20 19:02 81920 ----a-w- c:\winnt\system32\ieencode.dll

2009-09-11 14:03 . 1980-01-01 00:00 136192 ----a-w- c:\winnt\system32\msv1_0.dll

2009-09-04 20:45 . 1980-01-01 00:00 58880 ----a-w- c:\winnt\system32\msasn1.dll

2009-09-04 17:17 . 2008-07-15 18:01 42480 ----a-w- c:\documents and settings\nreece\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-03-21 14:18 . 1980-01-01 00:00 24064 --sha-w- c:\winnt\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 136768]

"TLogonPath"="c:\program files\timbuktu pro\tb2logon.exe" [2003-02-06 151552]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-20 155648]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]

"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2007-08-09 135168]

"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2007-08-09 155648]

"Persistence"="c:\winnt\system32\igfxpers.exe" [2007-08-09 131072]

"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2007-11-08 92960]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]

"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]

"Malwarebytes Anti-Malware (reboot)"="c:\malwarebytes' anti-malware\fix.exe.exe" [2009-09-10 1312080]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\winnt\system32\bthprops.cpl [2004-08-04 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-8-18 561213]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-30 45056]

IPSecClient Icon.lnk - c:\program files\IPSec Client\trayicon.exe [2009-8-27 675840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]

2003-02-06 18:21 81973 ----a-w- c:\program files\timbuktu pro\HOOK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2005-07-06 05:45 28672 ----a-w- c:\winnt\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2005-12-01 02:16 24576 ----a-w- c:\winnt\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi1"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-583907252-413027322-1417001333-2604\Scripts\Logoff\0\0]

"Script"=CleanCitrixReg.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-583907252-413027322-1417001333-2604\Scripts\Logon\0\0]

"Script"=BuildCPMIcons.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

R1 NaiAvTdi1;NaiAvTdi1;c:\winnt\system32\drivers\mvstdi5x.sys [12/20/2005 10:38 AM 58464]

R1 Odptdi;Odptdi;c:\winnt\system32\drivers\odptdi.sys [8/27/2008 5:30 AM 46744]

R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]

R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]

R2 ALSDrvr;Alesis Disk Driver;c:\winnt\system32\drivers\alsdrvr.sys [9/23/2008 8:55 AM 5119]

R2 tp4serv;tp4serv;c:\program files\Lenovo\TrackPoint\tp4servinst.exe [11/8/2007 8:56 AM 35616]

R3 LuIPSec;Alcatel-Lucent VPN Miniport;c:\winnt\system32\drivers\luipsec.sys [8/27/2009 7:13 AM 320768]

S2 LucentIKE;LucentIKE;c:\program files\IPSec Client\lucentikesvc.exe [8/27/2009 7:13 AM 147456]

S3 blast;blast;c:\winnt\system32\drivers\blast.sys [11/23/2009 2:26 PM 34816]

S3 Drvlw;FTP Software IPTrace NDIS Interface;c:\winnt\system32\drivers\drvlw.sys [3/11/2004 2:28 PM 57280]

S3 GTIPCI21;GTIPCI21;c:\winnt\system32\DRIVERS\gtipci21.sys --> c:\winnt\system32\DRIVERS\gtipci21.sys [?]

S3 OracleOracle8i_localClientCache;OracleOracle8i_localClientCache;c:\program files\oracle8i\bin\ONRSD.EXE [3/11/2004 1:11 PM 411244]

S3 Tp4Track;PS/2 TrackPoint Driver;c:\winnt\system32\drivers\tp4track.sys [11/8/2007 8:56 AM 22568]

S3 UKS11LDR;M-Audio USB Keystation Loader;c:\winnt\system32\drivers\uks11ldr.sys [12/22/2008 6:52 AM 20168]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PATCH_PKI]

regedit /S c:\winnt\INSTALLER\PATCH_PKI\SecurityAlwaysShowButtons.reg

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://aww.usa.alcatel.com/

uInternet Settings,ProxyOverride = *.lucent.com;*.alcatel.com;*.alcatel-lucent.com;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office10\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

DPF: {093501ce-d290-11d3-a3d6-00c04fa32518}

DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18}

DPF: {ed54a7b0-6c1c-11d5-b63d-00c04faedb18}

FF - ProfilePath - c:\documents and settings\nreece\Application Data\Mozilla\Firefox\Profiles\7bsmuwe0.default\

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\np32dsw.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npacview.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npaudio.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npavi32.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npbeatnk.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npdrmv2.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npdsplay.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npdwf.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPJava11.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPJava12.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPJava13.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPJava32.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPJinit-11813.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPJinit-11816.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPJinit-11819.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPJPI141_02.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPOFFICE.DLL

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\nppl3260.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin2.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin3.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin4.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin5.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin6.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin7.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\nprfxins.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\nprjplug.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\nprpjplug.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPSWF32.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npwmsdrm.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-nuteruhep - c:\winnt\system32\huvajolu.dll

HKU-Default-Run-calc - c:\docume~1\NETWOR~1\ntuser.dll

SharedTaskScheduler-{491163d2-8664-41b9-91ad-5f7e6333bbdc} - c:\winnt\system32\huvajolu.dll

SSODL-mewibujih-{491163d2-8664-41b9-91ad-5f7e6333bbdc} - c:\winnt\system32\huvajolu.dll

Notify-AtiExtEvent - (no file)

AddRemove-Netscape Communicator 4.79 - c:\winnt\cd32.exe 4.79 (en)

AddRemove-OnNet Host Suite V4.0 - c:\program files\UNINSTAL.EXE

AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

AddRemove-Sonar Producer Edition v4.0.2 - c:\progra~1\Cakewalk\SONAR4~1\UNWISE.EXE

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)

c:\winnt\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(2952)

c:\winnt\system32\btmmhook.dll

c:\winnt\system32\WPDShServiceObj.dll

c:\program files\FTP Software\OnNet Host Suite\ftpns.DLL

c:\program files\FTP Software\OnNet Host Suite\Ftpeng.dll

c:\winnt\system32\ftpappc.dll

c:\winnt\system32\FtpSck2.dll

c:\winnt\system32\Ftpnls32.dll

c:\winnt\system32\ftpmx50.dll

c:\winnt\system32\btncopy.dll

c:\winnt\system32\PortableDeviceTypes.dll

c:\winnt\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\winnt\system32\ibmpmsvc.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\winnt\System32\SCardSvr.exe

c:\winnt\system32\bgsvcgen.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Network Associates\Common Framework\FrameworkService.exe

c:\program files\IPSec Client\LucentIKE.exe

c:\program files\Network Associates\VirusScan\VsTskMgr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Network Associates\Common Framework\naPrdMgr.exe

c:\program files\timbuktu pro\tb2launch.exe

c:\winnt\system32\CCM\CcmExec.exe

c:\winnt\system32\msiexec.exe

c:\program files\Network Associates\Common Framework\McTray.exe

c:\program files\timbuktu pro\tb2pro.exe

c:\winnt\system32\rundll32.exe

c:\winnt\system32\igfxsrvc.exe

c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

c:\program files\timbuktu pro\TNOTIFY.EXE

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\winnt\system32\CCM\SMSCliUI.exe

.

**************************************************************************

.

Completion time: 2009-11-24 09:41 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-24 17:41

Pre-Run: 13,681,046,528 bytes free

Post-Run: 22,449,073,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINNT

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimers /numproc=1

- - End Of File - - AC57D1278B2B5462424302953DA1AC38

[chamber]

Hi,

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  %SYSTEMDRIVE%\eventlog.dll /s /md5
  %SYSTEMDRIVE%\scecli.dll /s /md5
  %SYSTEMDRIVE%\netlogon.dll /s /md5
  %SYSTEMDRIVE%\cngaudit.dll /s /md5
  %SYSTEMDRIVE%\sceclt.dll /s /md5
  %SYSTEMDRIVE%\ntelogon.dll /s /md5
  %SYSTEMDRIVE%\logevent.dll /s /md5
  %SYSTEMDRIVE%\iaStor.sys /s /md5
  %SYSTEMDRIVE%\nvstor.sys /s /md5
  %SYSTEMDRIVE%\atapi.sys /s /md5
  %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
  %SYSTEMDRIVE%\viasraid.sys /s /md5
  %SYSTEMDRIVE%\AGP440.sys /s /md5
  %SYSTEMDRIVE%\vaxscsi.sys /s /md5
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

[nreece]

Hi,

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  %SYSTEMDRIVE%\eventlog.dll /s /md5
  %SYSTEMDRIVE%\scecli.dll /s /md5
  %SYSTEMDRIVE%\netlogon.dll /s /md5
  %SYSTEMDRIVE%\cngaudit.dll /s /md5
  %SYSTEMDRIVE%\sceclt.dll /s /md5
  %SYSTEMDRIVE%\ntelogon.dll /s /md5
  %SYSTEMDRIVE%\logevent.dll /s /md5
  %SYSTEMDRIVE%\iaStor.sys /s /md5
  %SYSTEMDRIVE%\nvstor.sys /s /md5
  %SYSTEMDRIVE%\atapi.sys /s /md5
  %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
  %SYSTEMDRIVE%\viasraid.sys /s /md5
  %SYSTEMDRIVE%\AGP440.sys /s /md5
  %SYSTEMDRIVE%\vaxscsi.sys /s /md5
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

OK. Here is the OLT.txt File

OLT LOG

OTL logfile created on: 11/24/2009 11:17:57 AM - Run 1

OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\nreece\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 542.61 Mb Available Physical Memory | 53.49% Memory free

1.65 Gb Paging File | 1.34 Gb Available in Paging File | 81.74% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 20.94 Gb Free Space | 37.48% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USREMNC6621

Current User Name: nreece

NOT logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\nreece\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINNT\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\CCM\CcmExec.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\CCM\SMSCliUI.exe (Microsoft Corporation)

PRC - C:\Program Files\IPSec Client\lucentike.exe (Alcatel-Lucent)

PRC - C:\Program Files\Lenovo\TrackPoint\tp4servinst.exe (Lenovo Group Limited)

PRC - C:\WINNT\system32\hkcmd.exe (Intel Corporation)

PRC - C:\WINNT\system32\igfxpers.exe (Intel Corporation)

PRC - C:\WINNT\system32\igfxsrvc.exe (Intel Corporation)

PRC - C:\WINNT\explorer.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\ibmpmsvc.exe (Lenovo)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\Mctray.exe (McAfee, Inc.)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

PRC - C:\WINNT\system32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Program Files\Network Associates\VirusScan\shstat.exe (Network Associates, Inc.)

PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)

PRC - C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)

PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\timbuktu pro\tb2pro.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\tb2logon.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\tb2launch.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\TNotify.exe (Netopia, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\nreece\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINNT\system32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()

MOD - C:\WINNT\system32\SynTPFcs.dll (Synaptics, Inc.)

MOD - C:\WINNT\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FontCache3.0.0.0) -- c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (aspnet_state) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (CcmExec) -- C:\WINNT\system32\CCM\CcmExec.exe (Microsoft Corporation)

SRV - (smstsmgr) -- C:\WINNT\System32\CCM\TSManager.exe (Microsoft Corporation)

SRV - (LucentIKE) -- C:\Program Files\IPSec Client\lucentikesvc.exe ()

SRV - (tp4serv) -- C:\Program Files\Lenovo\TrackPoint\tp4servinst.exe (Lenovo Group Limited)

SRV - (IBMPMSVC) -- C:\WINNT\system32\ibmpmsvc.exe (Lenovo)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (McAfeeFramework) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)

SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (McTaskManager) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)

SRV - (McShield) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)

SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)

SRV - (bgsvcgen) -- C:\WINNT\system32\bgsvcgen.exe (B.H.A Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (Irmon) -- C:\WINNT\system32\irmon.dll (Microsoft Corporation)

SRV - (helpsvc) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Tb2Launch) -- C:\Program Files\timbuktu pro\tb2launch.exe (Netopia, Inc.)

SRV - (OracleOracle8i_localClientCache) -- C:\Program Files\oracle8i\bin\ONRSD.EXE ()

========== Driver Services (SafeList) ==========

DRV - (Tb2MirrorSys) -- File not found

DRV - (Tb2Device) -- File not found

DRV - (catchme) -- File not found

DRV - (blast) -- C:\WINNT\system32\drivers\blast.sys ()

DRV - (ALSDrvr) -- C:\WINNT\system32\drivers\alsdrvr.sys ()

DRV - (PxHelp20) -- C:\WINNT\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (Cdralw2k) -- C:\WINNT\system32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- C:\WINNT\system32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (prepdrvr) -- C:\WINNT\system32\CCM\PrepDrv.sys (Microsoft Corporation)

DRV - (smsmdd) -- C:\WINNT\system32\drivers\smsmdm.sys (Microsoft Corporation)

DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINNT\system32\drivers\AegisP.sys (Cisco Systems, Inc.)

DRV - (LuIPSec) -- C:\WINNT\system32\drivers\luipsec.sys (Alcatel-Lucent)

DRV - (UKS11LDR) -- C:\WINNT\system32\drivers\uks11ldr.sys (MIDIMAN)

DRV - (MA_CMIDI) -- C:\WINNT\system32\drivers\ma_cmidi.sys (M-Audio)

DRV - (Secdrv) -- C:\WINNT\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (Tp4Track) -- C:\WINNT\system32\drivers\tp4track.sys (Lenovo Group Limited)

DRV - (NETw4x32) Intel® -- C:\WINNT\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (s24trans) -- C:\WINNT\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (ialm) -- C:\WINNT\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (Odptdi) -- C:\WINNT\system32\drivers\odptdi.sys (Aventail Corporation)

DRV - (IBMPMDRV) -- C:\WINNT\system32\drivers\ibmpmdrv.sys (Lenovo.)

DRV - (pmem) -- C:\WINNT\system32\drivers\pmemnt.sys (Microsoft Corporation)

DRV - (HSF_DPV) -- C:\WINNT\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINNT\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINNT\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (TcUsb) -- C:\WINNT\system32\drivers\tcusb.sys (UPEK Inc.)

DRV - (e1express) Intel® -- C:\WINNT\system32\drivers\e1e5132.sys (Intel Corporation)

DRV - (NETw3x32) Intel® -- C:\WINNT\system32\drivers\NETw3x32.sys (Intel

[nreece]

OK. Here is the OLT.txt File

OLT LOG

OTL logfile created on: 11/24/2009 11:17:57 AM - Run 1

OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\nreece\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 542.61 Mb Available Physical Memory | 53.49% Memory free

1.65 Gb Paging File | 1.34 Gb Available in Paging File | 81.74% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 20.94 Gb Free Space | 37.48% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USREMNC6621

Current User Name: nreece

NOT logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\nreece\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINNT\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\CCM\CcmExec.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\CCM\SMSCliUI.exe (Microsoft Corporation)

PRC - C:\Program Files\IPSec Client\lucentike.exe (Alcatel-Lucent)

PRC - C:\Program Files\Lenovo\TrackPoint\tp4servinst.exe (Lenovo Group Limited)

PRC - C:\WINNT\system32\hkcmd.exe (Intel Corporation)

PRC - C:\WINNT\system32\igfxpers.exe (Intel Corporation)

PRC - C:\WINNT\system32\igfxsrvc.exe (Intel Corporation)

PRC - C:\WINNT\explorer.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\ibmpmsvc.exe (Lenovo)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\Mctray.exe (McAfee, Inc.)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

PRC - C:\WINNT\system32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Program Files\Network Associates\VirusScan\shstat.exe (Network Associates, Inc.)

PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)

PRC - C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)

PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\timbuktu pro\tb2pro.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\tb2logon.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\tb2launch.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\TNotify.exe (Netopia, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\nreece\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINNT\system32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()

MOD - C:\WINNT\system32\SynTPFcs.dll (Synaptics, Inc.)

MOD - C:\WINNT\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FontCache3.0.0.0) -- c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (aspnet_state) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (CcmExec) -- C:\WINNT\system32\CCM\CcmExec.exe (Microsoft Corporation)

SRV - (smstsmgr) -- C:\WINNT\System32\CCM\TSManager.exe (Microsoft Corporation)

SRV - (LucentIKE) -- C:\Program Files\IPSec Client\lucentikesvc.exe ()

SRV - (tp4serv) -- C:\Program Files\Lenovo\TrackPoint\tp4servinst.exe (Lenovo Group Limited)

SRV - (IBMPMSVC) -- C:\WINNT\system32\ibmpmsvc.exe (Lenovo)

SRV - (EvtEng) Intel

[chamber]

Hi,

Is your McAfee up to date?

1) Scan a file

• Make sure to use Internet Explorer for this
  
• Please go to VirSCAN.org FREE on-line scan service
  
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  • C:\WINNT\System32\drivers\blast.sys
    

  [*]Click on the Upload button

  [*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.

  [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

  [*]Paste the contents of the Clipboard in your next reply.

2) OTL

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O16 - DPF: {093501ce-d290-11d3-a3d6-00c04fa32518} Reg Error: Value error. (Reg Error: Key error.)
  O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.18)
  O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.16)
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8055.6286111111 (Reg Error: Key error.)
  O16 - DPF: {ed54a7b0-6c1c-11d5-b63d-00c04faedb18} Reg Error: Value error. (Reg Error: Value error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
  [2009/08/24 09:01:28 | 00,092,672 | ---- | C] () -- C:\WINNT\System32\huvajolu.dll
  [2009/08/23 09:51:31 | 00,054,272 | ---- | C] () -- C:\WINNT\System32\dijuboru.dll
  [2009/08/27 07:13:30 | 00,038,968 | ---- | C] () -- C:\WINNT\System32\luinst.dll
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

3) Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

In your reply I would like to see copied and pasted,

1) Online scan results

2) OTL scan

3) Malwarebytes log

[nreece]

Hi,

Is your McAfee up to date?

1) Scan a file

• Make sure to use Internet Explorer for this
  
• Please go to VirSCAN.org FREE on-line scan service
  
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  • C:\WINNT\System32\drivers\blast.sys
    

  [*]Click on the Upload button

  [*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.

  [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

  [*]Paste the contents of the Clipboard in your next reply.

2) OTL

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O16 - DPF: {093501ce-d290-11d3-a3d6-00c04fa32518} Reg Error: Value error. (Reg Error: Key error.)
  O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.18)
  O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.16)
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8055.6286111111 (Reg Error: Key error.)
  O16 - DPF: {ed54a7b0-6c1c-11d5-b63d-00c04faedb18} Reg Error: Value error. (Reg Error: Value error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
  [2009/08/24 09:01:28 | 00,092,672 | ---- | C] () -- C:\WINNT\System32\huvajolu.dll
  [2009/08/23 09:51:31 | 00,054,272 | ---- | C] () -- C:\WINNT\System32\dijuboru.dll
  [2009/08/27 07:13:30 | 00,038,968 | ---- | C] () -- C:\WINNT\System32\luinst.dll
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

3) Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

In your reply I would like to see copied and pasted,

1) Online scan results

2) OTL scan

3) Malwarebytes log

Thank you so much...it looks like all malware has now been removed. Yes, my Macafee defs are up to date. they update daily. I'm attaching the logs you requested for confirmation. OTL and MBAM will be in a seperate post.

1) Online scan results

VirSCAN.org Scanned Report :

Scanned time : 2009/11/26 04:34:45 (CST)

Scanner results: Scanners did not find malware!

File Name : blast.sys

File Size : 34816 byte

File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit

MD5 : 60ac082b41e60906171335dfbf8c19c0

SHA1 : 26b0961cc7853afa4746fd0f6467dd2ea824640c

Online report : http://virscan.org/report/c110013c21adea26...a0d89cd849.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.8 20091126033123 2009-11-26 4.00 -

AhnLab V3 2009.11.26.00 2009.11.26 2009-11-26 0.94 -

AntiVir 8.2.1.78 7.10.1.106 2009-11-25 0.06 -

Antiy 2.0.18 20091125.3312390 2009-11-25 0.12 -

Arcavir 2009 200911251307 2009-11-25 0.03 -

Authentium 5.1.1 200911241603 2009-11-24 1.29 -

AVAST! 4.7.4 091125-1 2009-11-25 0.01 -

AVG 8.5.288 270.14.82/2525 2009-11-25 0.32 -

BitDefender 7.81008.4600139 7.29136 2009-11-26 3.92 -

CA (VET) 35.1.0 7141 2009-11-24 7.56 -

ClamAV 0.95.2 10070 2009-11-26 0.01 -

Comodo 3.12 3034 2009-11-25 0.72 -

CP Secure 1.3.0.5 2009.11.26 2009-11-26 0.05 -

Dr.Web 4.44.0.9170 2009.11.25 2009-11-25 7.19 -

F-Prot 4.4.4.56 20091124 2009-11-24 1.28 -

F-Secure 7.02.73807 2009.11.25.13 2009-11-25 0.23 -

Fortinet 11.93- 11.93 2009-11-25 0.14 -

GData 19.8998/19.585 20091125 2009-11-25 5.55 -

ViRobot 20091125 2009.11.25 2009-11-25 0.41 -

Ikarus T3.1.01.74 2009.11.25.74593 2009-11-25 4.12 -

JiangMin 11.0.800 2009.11.25 2009-11-25 4.11 -

Kaspersky 5.5.10 2009.11.25 2009-11-25 0.11 -

KingSoft 2009.2.5.15 2009.11.25.20 2009-11-25 0.51 -

McAfee 5.3.00 5813 2009-11-25 3.44 -

Microsoft 1.5302 2009.11.24 2009-11-24 6.07 -

Norman 6.01.09 6.01.00 2009-11-25 4.01 -

Panda 9.05.01 2009.11.25 2009-11-25 1.74 -

Trend Micro 9.000-1003 6.652.02 2009-11-25 0.03 -

Quick Heal 10.00 2009.11.25 2009-11-25 1.24 -

Rising 20.0 22.23.02.09 2009-11-25 0.98 -

Sophos 3.01.0 4.47 2009-11-26 3.02 -

Sunbelt 5518 5518 2009-11-18 1.84 -

Symantec 1.3.0.24 20091125.004 2009-11-25 0.22 -

nProtect 20091125.01 6330100 2009-11-25 3.55 -

The Hacker 6.5.0.2 v00076 2009-11-23 0.76 -

VBA32 3.12.12.0 20091124.2139 2009-11-24 2.14 -

VirusBuster 4.5.11.10 10.113.29/2005008 2009-11-25 2.37 -

[nreece]

2) OTL scan

OTL logfile created on: 11/25/2009 1:07:37 PM - Run 2

OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\nreece\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 631.71 Mb Available Physical Memory | 62.28% Memory free

1.65 Gb Paging File | 1.38 Gb Available in Paging File | 83.64% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 21.19 Gb Free Space | 37.92% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 7.46 Gb Total Space | 3.39 Gb Free Space | 45.39% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USREMNC6621

Current User Name: nreece

NOT logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\nreece\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINNT\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\CCM\CcmExec.exe (Microsoft Corporation)

PRC - C:\Program Files\IPSec Client\lucentike.exe (Alcatel-Lucent)

PRC - C:\Program Files\IPSec Client\lucentikesvc.exe ()

PRC - C:\Program Files\IPSec Client\trayicon.exe (Alcatel-Lucent)

PRC - C:\Program Files\Lenovo\TrackPoint\tp4servinst.exe (Lenovo Group Limited)

PRC - C:\WINNT\system32\hkcmd.exe (Intel Corporation)

PRC - C:\WINNT\system32\igfxpers.exe (Intel Corporation)

PRC - C:\WINNT\system32\igfxsrvc.exe (Intel Corporation)

PRC - C:\WINNT\explorer.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\ibmpmsvc.exe (Lenovo)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\Mctray.exe (McAfee, Inc.)

PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()

PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()

PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

PRC - C:\WINNT\system32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Program Files\Network Associates\VirusScan\shstat.exe (Network Associates, Inc.)

PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)

PRC - C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)

PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\timbuktu pro\tb2pro.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\tb2logon.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\tb2launch.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\TNotify.exe (Netopia, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\nreece\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINNT\system32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\WINNT\system32\SynTPFcs.dll (Synaptics, Inc.)

MOD - C:\WINNT\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FontCache3.0.0.0) -- c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (aspnet_state) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (CcmExec) -- C:\WINNT\system32\CCM\CcmExec.exe (Microsoft Corporation)

SRV - (smstsmgr) -- C:\WINNT\System32\CCM\TSManager.exe (Microsoft Corporation)

SRV - (LucentIKE) -- C:\Program Files\IPSec Client\lucentikesvc.exe ()

SRV - (tp4serv) -- C:\Program Files\Lenovo\TrackPoint\tp4servinst.exe (Lenovo Group Limited)

SRV - (IBMPMSVC) -- C:\WINNT\system32\ibmpmsvc.exe (Lenovo)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (McAfeeFramework) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)

SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (McTaskManager) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)

SRV - (McShield) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)

SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)

SRV - (bgsvcgen) -- C:\WINNT\system32\bgsvcgen.exe (B.H.A Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (Irmon) -- C:\WINNT\system32\irmon.dll (Microsoft Corporation)

SRV - (helpsvc) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Tb2Launch) -- C:\Program Files\timbuktu pro\tb2launch.exe (Netopia, Inc.)

SRV - (OracleOracle8i_localClientCache) -- C:\Program Files\oracle8i\bin\ONRSD.EXE ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aww.usa.alcatel.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.lucent.com;*.alcatel.com;*.alcatel-lucent.com;<local>

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..extensions.enabledItems: capturefoxmovie@advancity.net:0.3.5.081007b

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 14:46:27 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/23 12:37:25 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/23 12:37:24 | 00,000,000 | ---D | M]

[2008/07/16 12:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla\Extensions

[2008/07/16 12:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/11/23 11:25:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla\Firefox\Profiles\7bsmuwe0.default\extensions

[2009/08/03 09:26:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla\Firefox\Profiles\7bsmuwe0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/06/23 13:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla\Firefox\Profiles\7bsmuwe0.default\extensions\capturefoxmovie@advancity.net

[2008/07/16 12:46:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/11/23 12:37:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/11/02 19:23:26 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/11/02 19:23:27 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/11/02 19:23:28 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 17:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2003/05/15 00:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/11/02 17:16:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/11/02 17:16:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/11/02 17:16:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/11/02 17:16:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/11/02 17:16:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/11/02 17:16:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/11/02 17:16:17 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINNT\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINNT\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Malwarebytes' Anti-Malware\fix.exe.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)

O4 - HKLM..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [storageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TLogonPath] C:\Program Files\timbuktu pro\tb2logon.exe (Netopia, Inc.)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()

O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe (Alcatel-Lucent)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)

O16 - DPF: {093501ce-d290-11d3-a3d6-00c04fa32518} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.18)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1204322318437 (WUWebControl Class)

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.16)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {ed54a7b0-6c1c-11d5-b63d-00c04faedb18} Reg Error: Value error. (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na02.lucent.com

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\Sap\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\Sap\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\Timbuktu Pro: DllName - C:\Program Files\timbuktu pro\Hook32.dll - C:\Program Files\timbuktu pro\HOOK32.DLL (Netopia, Inc.)

O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINNT\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINNT\System32\tphklock.dll ()

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/25 13:02:21 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/11/24 11:12:30 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nreece\Desktop\OTL.exe

[2009/11/24 09:15:41 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/11/24 09:12:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe

[2009/11/24 09:12:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe

[2009/11/24 09:12:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe

[2009/11/24 09:12:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe

[2009/11/24 09:10:15 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT

[2009/11/24 09:10:11 | 00,000,000 | ---D | C] -- C:\patch

[2009/11/24 09:08:57 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/11/23 16:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/11/23 14:57:33 | 00,000,000 | ---D | C] -- C:\gmer

[2009/11/23 14:25:23 | 00,000,000 | ---D | C] -- C:\root repeal

[2009/11/23 10:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nreece\My Documents\malware logs

[2009/11/23 10:16:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nreece\Application Data\Malwarebytes

[2009/11/23 09:40:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys

[2009/11/23 09:40:40 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

[2009/11/23 09:40:40 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2009/11/23 09:40:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/11/22 17:26:30 | 00,000,000 | ---D | C] -- C:\QUARANTINE

[2009/11/22 15:46:29 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware

[8 C:\Documents and Settings\nreece\My Documents\*.tmp files -> C:\Documents and Settings\nreece\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/25 13:08:05 | 00,000,462 | ---- | M] () -- C:\WINNT\SMSCFG.ini

[2009/11/25 13:05:35 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT

[2009/11/25 13:05:34 | 00,002,278 | ---- | M] () -- C:\WINNT\System32\wpa.dbl

[2009/11/25 13:05:33 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat

[2009/11/25 13:02:46 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\nreece\NTUSER.DAT

[2009/11/25 13:02:46 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\nreece\ntuser.ini

[2009/11/25 12:44:08 | 00,000,896 | ---- | M] () -- C:\WINNT\win.ini

[2009/11/24 14:33:44 | 00,044,696 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/11/24 10:55:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nreece\Desktop\OTL.exe

[2009/11/24 09:35:55 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini

[2009/11/24 09:35:49 | 00,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts

[2009/11/24 09:29:01 | 00,011,168 | -H-- | M] () -- C:\WINNT\System32\jijujuro

[2009/11/24 09:15:56 | 00,000,302 | RHS- | M] () -- C:\boot.ini

[2009/11/23 16:38:34 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\nreece\Desktop\HijackThis.lnk

[2009/11/23 14:26:27 | 00,034,816 | ---- | M] () -- C:\WINNT\System32\drivers\blast.sys

[2009/11/23 12:37:29 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/11/23 09:56:37 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/22 12:04:36 | 00,209,920 | ---- | M] () -- C:\Documents and Settings\nreece\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/18 14:42:47 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\nreece\My Documents\Excercise.xls

[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINNT\PEV.exe

[2009/11/12 08:39:01 | 00,081,408 | ---- | M] () -- C:\Documents and Settings\nreece\My Documents\vacation.xls

[8 C:\Documents and Settings\nreece\My Documents\*.tmp files -> C:\Documents and Settings\nreece\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 09:15:55 | 00,000,231 | ---- | C] () -- C:\Boot.bak

[2009/11/24 09:15:42 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/11/24 09:12:48 | 00,260,608 | ---- | C] () -- C:\WINNT\PEV.exe

[2009/11/24 09:12:48 | 00,098,816 | ---- | C] () -- C:\WINNT\sed.exe

[2009/11/24 09:12:48 | 00,080,412 | ---- | C] () -- C:\WINNT\grep.exe

[2009/11/24 09:12:48 | 00,077,312 | ---- | C] () -- C:\WINNT\MBR.exe

[2009/11/24 09:12:48 | 00,068,096 | ---- | C] () -- C:\WINNT\zip.exe

[2009/11/23 16:38:34 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\nreece\Desktop\HijackThis.lnk

[2009/11/23 14:26:27 | 00,034,816 | ---- | C] () -- C:\WINNT\System32\drivers\blast.sys

[2009/11/23 09:40:45 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/12 08:39:00 | 00,081,408 | ---- | C] () -- C:\Documents and Settings\nreece\My Documents\vacation.xls

[2009/10/27 08:25:29 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\nreece\Local Settings\Application Data\keyfile3.drm

[2009/06/30 22:01:22 | 00,004,764 | ---- | C] () -- C:\WINNT\System32\CcmFramework.ini

[2009/06/30 22:00:02 | 00,000,462 | ---- | C] () -- C:\WINNT\SMSCFG.ini

[2009/03/09 15:53:44 | 00,617,984 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll

[2009/03/09 15:53:44 | 00,178,688 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll

[2008/12/11 14:45:27 | 00,000,044 | ---- | C] () -- C:\WINNT\SMWizard.INI

[2008/11/03 12:42:05 | 00,000,022 | ---- | C] () -- C:\WINNT\System32\PICSDK.ini

[2008/11/03 12:39:21 | 00,000,044 | ---- | C] () -- C:\WINNT\EPSPR320.ini

[2008/09/23 08:55:48 | 00,005,119 | ---- | C] () -- C:\WINNT\System32\drivers\alsdrvr.sys

[2008/08/22 08:47:45 | 00,126,464 | ---- | C] () -- C:\WINNT\System32\lame_enc.dll

[2008/07/23 08:50:52 | 03,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll

[2008/07/23 08:47:34 | 00,000,416 | ---- | C] () -- C:\WINNT\System32\dtu100.dll.manifest

[2008/07/23 08:47:34 | 00,000,416 | ---- | C] () -- C:\WINNT\System32\dpl100.dll.manifest

[2008/07/22 14:40:12 | 00,042,480 | ---- | C] () -- C:\Documents and Settings\nreece\Application Data\GDIPFONTCACHEV1.DAT

[2008/07/15 10:01:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\nreece\Application Data\desktop.ini

[2008/07/15 10:01:21 | 02,641,406 | -H-- | C] () -- C:\Documents and Settings\nreece\Local Settings\Application Data\IconCache.db

[2008/07/15 10:01:21 | 00,209,920 | ---- | C] () -- C:\Documents and Settings\nreece\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/07/15 10:01:21 | 00,042,480 | ---- | C] () -- C:\Documents and Settings\nreece\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2007/08/09 15:43:16 | 00,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4860.dll

[2007/03/05 10:34:28 | 00,676,224 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL

[2007/02/26 17:34:34 | 00,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4785.dll

[2007/02/01 21:12:49 | 00,069,632 | ---- | C] () -- C:\WINNT\System32\com.fxpansion.fxshared.dll

[2007/01/30 21:56:22 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\notifyf2.dll

[2007/01/30 21:56:22 | 00,024,576 | ---- | C] () -- C:\WINNT\System32\tphklock.dll

[2007/01/30 09:08:51 | 00,077,824 | ---- | C] () -- C:\WINNT\System32\SynTPCoI.dll

[2006/12/18 13:12:32 | 00,000,280 | ---- | C] () -- C:\WINNT\System32\epoPGPsdk.dll.sig

[2006/08/18 16:24:52 | 00,090,112 | ---- | C] () -- C:\WINNT\System32\btprn2k.dll

[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINNT\Fonts\GlobalUserInterface.CompositeFont

[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINNT\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINNT\Fonts\GlobalSerif.CompositeFont

[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINNT\Fonts\GlobalMonospace.CompositeFont

[2005/12/20 14:25:42 | 00,000,049 | ---- | C] () -- C:\WINNT\cdplayer.ini

[2005/04/19 17:23:51 | 00,000,010 | ---- | C] () -- C:\WINNT\WININIT.INI

[2005/02/17 10:41:32 | 00,000,603 | ---- | C] () -- C:\WINNT\System32\BTNeighborhood.dll.manifest

[2005/02/17 10:41:30 | 00,000,593 | ---- | C] () -- C:\WINNT\System32\btcss.dll.manifest

[2004/12/01 08:53:38 | 00,000,210 | ---- | C] () -- C:\WINNT\System32\sr2spec.ini

[2004/12/01 08:15:19 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll

[2004/12/01 08:15:18 | 00,385,024 | ---- | C] () -- C:\WINNT\System32\qdvd.dll

[2004/12/01 08:15:18 | 00,279,040 | ---- | C] () -- C:\WINNT\System32\qdv.dll

[2004/05/17 14:43:09 | 00,035,424 | ---- | C] () -- C:\WINNT\System32\ntio412.sys

[2004/05/17 14:43:07 | 00,034,560 | ---- | C] () -- C:\WINNT\System32\ntio404.sys

[2004/05/17 14:43:06 | 00,034,560 | ---- | C] () -- C:\WINNT\System32\ntio804.sys

[2004/05/17 14:43:04 | 00,035,648 | ---- | C] () -- C:\WINNT\System32\ntio411.sys

[2004/05/17 14:43:02 | 00,033,840 | ---- | C] () -- C:\WINNT\System32\ntio.sys

[2004/04/27 13:00:13 | 00,355,112 | ---- | C] () -- C:\WINNT\System32\msjetoledb40.dll

[2004/04/15 23:00:00 | 00,000,058 | ---- | C] () -- C:\WINNT\System32\EAL32.INI

[2004/03/18 07:05:22 | 00,051,712 | ---- | C] () -- C:\WINNT\System32\JinPanel.dll

[2004/03/17 07:01:11 | 00,001,628 | ---- | C] () -- C:\WINNT\saplogon.ini

[2004/03/17 07:00:27 | 00,015,872 | ---- | C] () -- C:\WINNT\System32\vtssm32.dll

[2004/03/17 07:00:24 | 01,064,960 | ---- | C] () -- C:\WINNT\System32\h5krnl32.dll

[2004/03/17 07:00:24 | 00,188,928 | ---- | C] () -- C:\WINNT\System32\h5icon32.dll

[2004/03/17 07:00:24 | 00,175,616 | ---- | C] () -- C:\WINNT\System32\h5menu32.dll

[2004/03/17 07:00:24 | 00,095,744 | ---- | C] () -- C:\WINNT\System32\h5rtf32.dll

[2004/03/17 07:00:24 | 00,051,200 | ---- | C] () -- C:\WINNT\System32\h5tool32.dll

[2004/03/12 13:59:20 | 00,000,684 | ---- | C] () -- C:\WINNT\System32\Oeminfo.ini

[2004/03/11 14:28:15 | 00,057,280 | ---- | C] () -- C:\WINNT\System32\drivers\drvlw.sys

[2004/03/11 14:28:15 | 00,033,280 | ---- | C] () -- C:\WINNT\System32\upgdrvlw.dll

[2004/03/11 14:28:15 | 00,027,136 | ---- | C] () -- C:\WINNT\System32\upgftps.dll

[2004/03/11 14:28:15 | 00,027,136 | ---- | C] () -- C:\WINNT\System32\upgftpap.dll

[2004/03/11 14:28:14 | 00,311,296 | ---- | C] () -- C:\WINNT\System32\ftpback.dll

[2004/03/11 14:28:14 | 00,038,400 | ---- | C] () -- C:\WINNT\System32\ftpnls32.dll

[2004/03/11 13:11:33 | 00,000,218 | ---- | C] () -- C:\WINNT\ORAODBC.INI

[2004/03/11 12:56:04 | 00,517,120 | ---- | C] () -- C:\WINNT\System32\acr7041.dll

[2004/03/10 15:49:14 | 00,172,056 | ---- | C] () -- C:\WINNT\System32\CSGina.dll

[2004/03/10 15:06:49 | 00,000,000 | ---- | C] () -- C:\WINNT\tb2pro.INI

[2004/03/10 15:06:49 | 00,000,000 | ---- | C] () -- C:\WINNT\Tb2Desk.INI

[2004/03/10 14:59:04 | 00,000,000 | ---- | C] () -- C:\WINNT\PROTOCOL.INI

[2004/03/10 14:32:37 | 00,001,217 | ---- | C] () -- C:\WINNT\ODBC.INI

[2004/03/10 13:12:25 | 00,000,000 | ---- | C] () -- C:\WINNT\netscape.INI

[2004/03/09 16:33:01 | 01,290,752 | ---- | C] () -- C:\WINNT\System32\quartz.dll

[2004/03/09 16:33:00 | 00,733,696 | ---- | C] () -- C:\WINNT\System32\qedwipes.dll

[2004/03/09 16:33:00 | 00,562,176 | ---- | C] () -- C:\WINNT\System32\qedit.dll

[2004/03/09 16:33:00 | 00,192,512 | ---- | C] () -- C:\WINNT\System32\qcap.dll

[2004/03/09 16:33:00 | 00,070,656 | ---- | C] () -- C:\WINNT\System32\amstream.dll

[2004/03/09 16:33:00 | 00,059,904 | ---- | C] () -- C:\WINNT\System32\devenum.dll

[2004/03/09 16:33:00 | 00,035,328 | ---- | C] () -- C:\WINNT\System32\mciqtz32.dll

[2004/03/09 16:33:00 | 00,014,336 | ---- | C] () -- C:\WINNT\System32\msdmo.dll

[2004/03/09 11:46:26 | 00,000,000 | ---- | C] () -- C:\WINNT\control.ini

[2004/03/09 11:43:12 | 00,000,063 | ---- | C] () -- C:\WINNT\vbaddin.ini

[2004/03/09 11:43:12 | 00,000,036 | ---- | C] () -- C:\WINNT\vb.ini

[2004/03/09 11:42:34 | 00,013,223 | ---- | C] () -- C:\WINNT\System32\tslabels.ini

[2004/03/09 11:42:34 | 00,001,931 | ---- | C] () -- C:\WINNT\System32\msdtcprf.ini

[2004/03/09 05:37:07 | 00,499,928 | ---- | C] () -- C:\WINNT\System32\PerfStringBackup.INI

[2004/03/09 05:37:06 | 00,004,735 | ---- | C] () -- C:\WINNT\ODBCINST.INI

[2004/03/09 05:36:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2003/03/23 17:35:20 | 00,000,000 | ---- | C] () -- C:\WINNT\System32\px.ini

[2003/01/07 12:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI

[2002/11/26 13:15:52 | 00,186,368 | ---- | C] () -- C:\WINNT\System32\encdec.dll

[2002/11/26 13:15:50 | 00,270,848 | ---- | C] () -- C:\WINNT\System32\sbe.dll

[2002/05/24 00:00:00 | 00,208,896 | ---- | C] () -- C:\WINNT\System32\lockout.dll

[2002/05/24 00:00:00 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\lockres.dll

[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\WINNT\System32\lcppn21.dll

[2001/08/17 14:36:28 | 00,157,696 | ---- | C] () -- C:\WINNT\System32\paqsp.dll

[1996/11/16 22:00:00 | 00,022,016 | ---- | C] () -- C:\WINNT\System32\ODBCSTF.DLL

[1996/11/16 22:00:00 | 00,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL

[1996/11/16 22:00:00 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\HLINKPRX.DLL

[1979/12/31 16:00:00 | 01,015,477 | ---- | C] () -- C:\WINNT\System32\esentprf.ini

[1979/12/31 16:00:00 | 00,498,742 | ---- | C] () -- C:\WINNT\System32\dxmasf.dll

[1979/12/31 16:00:00 | 00,252,928 | ---- | C] () -- C:\WINNT\System32\compatui.dll

[1979/12/31 16:00:00 | 00,199,168 | ---- | C] () -- C:\WINNT\System32\ir32_32.dll

[1979/12/31 16:00:00 | 00,094,282 | ---- | C] () -- C:\WINNT\System32\msencode.dll

[1979/12/31 16:00:00 | 00,053,478 | ---- | C] () -- C:\WINNT\System32\tcpmon.ini

[1979/12/31 16:00:00 | 00,042,809 | ---- | C] () -- C:\WINNT\System32\key01.sys

[1979/12/31 16:00:00 | 00,042,537 | ---- | C] () -- C:\WINNT\System32\keyboard.sys

[1979/12/31 16:00:00 | 00,029,370 | ---- | C] () -- C:\WINNT\System32\ntdos411.sys

[1979/12/31 16:00:00 | 00,029,274 | ---- | C] () -- C:\WINNT\System32\ntdos412.sys

[1979/12/31 16:00:00 | 00,029,146 | ---- | C] () -- C:\WINNT\System32\ntdos804.sys

[1979/12/31 16:00:00 | 00,029,146 | ---- | C] () -- C:\WINNT\System32\ntdos404.sys

[1979/12/31 16:00:00 | 00,027,866 | ---- | C] () -- C:\WINNT\System32\ntdos.sys

[1979/12/31 16:00:00 | 00,027,097 | ---- | C] () -- C:\WINNT\System32\country.sys

[1979/12/31 16:00:00 | 00,015,360 | ---- | C] () -- C:\WINNT\System32\tsd32.dll

[1979/12/31 16:00:00 | 00,013,312 | ---- | C] () -- C:\WINNT\System32\win87em.dll

[1979/12/31 16:00:00 | 00,012,082 | ---- | C] () -- C:\WINNT\System32\rsvp.ini

[1979/12/31 16:00:00 | 00,010,240 | ---- | C] () -- C:\WINNT\System32\scriptpw.dll

[1979/12/31 16:00:00 | 00,010,110 | ---- | C] () -- C:\WINNT\System32\mqperf.ini

[1979/12/31 16:00:00 | 00,009,029 | ---- | C] () -- C:\WINNT\System32\ansi.sys

[1979/12/31 16:00:00 | 00,006,877 | ---- | C] () -- C:\WINNT\System32\pschdprf.ini

[1979/12/31 16:00:00 | 00,004,768 | ---- | C] () -- C:\WINNT\System32\himem.sys

[1979/12/31 16:00:00 | 00,004,126 | ---- | C] () -- C:\WINNT\System32\msdxmlc.dll

[1979/12/31 16:00:00 | 00,003,458 | ---- | C] () -- C:\WINNT\System32\rasctrs.ini

[1979/12/31 16:00:00 | 00,002,891 | ---- | C] () -- C:\WINNT\System32\perfci.ini

[1979/12/31 16:00:00 | 00,002,732 | ---- | C] () -- C:\WINNT\System32\perfwci.ini

[1979/12/31 16:00:00 | 00,002,656 | ---- | C] () -- C:\WINNT\System32\netware.drv

[1979/12/31 16:00:00 | 00,001,405 | ---- | C] () -- C:\WINNT\msdfmap.ini

[1979/12/31 16:00:00 | 00,001,152 | ---- | C] () -- C:\WINNT\System32\perffilt.ini

[1979/12/31 16:00:00 | 00,000,896 | ---- | C] () -- C:\WINNT\win.ini

[1979/12/31 16:00:00 | 00,000,343 | ---- | C] () -- C:\WINNT\System32\prodspec.ini

[1979/12/31 16:00:00 | 00,000,227 | ---- | C] () -- C:\WINNT\system.ini

========== LOP Check ==========

[2005/04/20 07:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2005/12/20 14:35:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2008/11/12 07:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications

[2008/08/22 09:11:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU

[2008/11/15 11:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk

[2004/03/09 05:36:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2008/02/29 14:24:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel

[2008/11/03 20:18:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit

[2007/01/30 09:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2009/11/23 09:40:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/03/31 15:38:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2005/12/20 10:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates

[2007/08/16 03:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2004/03/10 15:43:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2007/01/30 22:31:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB

[2005/12/20 12:09:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2008/09/23 09:04:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Adobe

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\AdobeUM

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Apple Computer

[2008/08/27 05:29:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Aventail

[2008/08/22 09:11:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\AVS4YOU

[2008/11/15 11:12:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Cakewalk

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\CyberLink

[2004/03/09 05:36:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\nreece\Application Data\desktop.ini

[2008/08/21 13:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\DivX

[2008/08/24 09:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\FUJIFILM

[2009/04/11 20:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\FXpansion

[2009/08/11 08:16:50 | 00,042,480 | ---- | M] () -- C:\Documents and Settings\nreece\Application Data\GDIPFONTCACHEV1.DAT

[2009/08/11 07:46:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Help

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Identities

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Infineon

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\InstallShield

[2008/02/29 14:25:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Intel

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\InterVideo

[2008/11/03 20:09:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Intuit

[2008/11/03 12:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Leadertech

[2007/01/29 21:17:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Macromedia

[2009/11/23 10:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Malwarebytes

[2009/03/23 15:14:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\nreece\Application Data\Microsoft

[2008/07/16 12:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla

[2007/01/29 21:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\OfficeUpdate12

[2008/07/24 20:32:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Publish Providers

[2007/01/29 21:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Real

[2008/11/25 09:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Sony

[2007/01/29 21:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Sun

[2009/05/05 15:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\U3

[2008/09/23 11:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\VERITAS

[2001/08/22 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini

[2009/11/25 13:05:35 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

[nreece]

3) Malwarebytes log

Malwarebytes' Anti-Malware 1.41

Database version: 3234

Windows 5.1.2600 Service Pack 2

11/25/2009 1:22:34 PM

mbam-log-2009-11-25 (13-22-34).txt

Scan type: Quick Scan

Objects scanned: 115294

Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINNT\system32\config\Systemprofile\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[chamber]

Hi,

Things are looking better.

Don't worry about quoting the previous posts.

1) OTL

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  [2009/11/24 09:29:01 | 00,011,168 | -H-- | M] () -- C:\WINNT\System32\jijujuro
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

2) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  
• Accept any prompts.
  
• Open JavaRa.exe again and select Search For Updates.
  
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
  

3) Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
  

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
  
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • 
    
  • Spyware, adware, dialers, and other riskware
    
  • Archives
    
  • E-mail databases
    

  [*]Click on My Computer under the green Scan bar to the left to start the scan.

  [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

  [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

  [*]Click View report... at the bottom.

  [*] Click the Save report... button.

  

  [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your reply I would like to see copied and pasted,

1) OTL logs

2) Kaspersky Scan

[nreece]

Sorry for the late response...was away from this machine over the holiday.

Here are the OTL and Kaspersky captures.

OTL Capture

OTL logfile created on: 12/1/2009 9:22:35 AM - Run 3

OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\nreece\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 626.29 Mb Available Physical Memory | 61.74% Memory free

1.65 Gb Paging File | 1.37 Gb Available in Paging File | 83.34% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 21.18 Gb Free Space | 37.91% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 7.46 Gb Total Space | 3.39 Gb Free Space | 45.38% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USREMNC6621

Current User Name: nreece

NOT logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\nreece\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINNT\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\CCM\CcmExec.exe (Microsoft Corporation)

PRC - C:\Program Files\IPSec Client\lucentike.exe (Alcatel-Lucent)

PRC - C:\Program Files\IPSec Client\lucentikesvc.exe ()

PRC - C:\Program Files\IPSec Client\trayicon.exe (Alcatel-Lucent)

PRC - C:\Program Files\Lenovo\TrackPoint\tp4servinst.exe (Lenovo Group Limited)

PRC - C:\WINNT\system32\hkcmd.exe (Intel Corporation)

PRC - C:\WINNT\system32\igfxpers.exe (Intel Corporation)

PRC - C:\WINNT\system32\igfxsrvc.exe (Intel Corporation)

PRC - C:\WINNT\explorer.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\ibmpmsvc.exe (Lenovo)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)

PRC - C:\Program Files\Network Associates\Common Framework\Mctray.exe (McAfee, Inc.)

PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()

PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()

PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

PRC - C:\WINNT\system32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Program Files\Network Associates\VirusScan\shstat.exe (Network Associates, Inc.)

PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)

PRC - C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)

PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\timbuktu pro\tb2pro.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\tb2logon.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\tb2launch.exe (Netopia, Inc.)

PRC - C:\Program Files\timbuktu pro\TNotify.exe (Netopia, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\nreece\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINNT\system32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\WINNT\system32\SynTPFcs.dll (Synaptics, Inc.)

MOD - C:\WINNT\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FontCache3.0.0.0) -- c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (aspnet_state) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (CcmExec) -- C:\WINNT\system32\CCM\CcmExec.exe (Microsoft Corporation)

SRV - (smstsmgr) -- C:\WINNT\System32\CCM\TSManager.exe (Microsoft Corporation)

SRV - (LucentIKE) -- C:\Program Files\IPSec Client\lucentikesvc.exe ()

SRV - (tp4serv) -- C:\Program Files\Lenovo\TrackPoint\tp4servinst.exe (Lenovo Group Limited)

SRV - (IBMPMSVC) -- C:\WINNT\system32\ibmpmsvc.exe (Lenovo)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (McAfeeFramework) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)

SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (McTaskManager) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)

SRV - (McShield) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)

SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)

SRV - (bgsvcgen) -- C:\WINNT\system32\bgsvcgen.exe (B.H.A Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (Irmon) -- C:\WINNT\system32\irmon.dll (Microsoft Corporation)

SRV - (helpsvc) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Tb2Launch) -- C:\Program Files\timbuktu pro\tb2launch.exe (Netopia, Inc.)

SRV - (OracleOracle8i_localClientCache) -- C:\Program Files\oracle8i\bin\ONRSD.EXE ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aww.usa.alcatel.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.lucent.com;*.alcatel.com;*.alcatel-lucent.com;<local>

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..extensions.enabledItems: capturefoxmovie@advancity.net:0.3.5.081007b

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/29 14:46:27 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/23 12:37:25 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/23 12:37:24 | 00,000,000 | ---D | M]

[2008/07/16 12:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla\Extensions

[2008/07/16 12:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/11/30 11:21:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla\Firefox\Profiles\7bsmuwe0.default\extensions

[2009/08/03 09:26:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla\Firefox\Profiles\7bsmuwe0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/06/23 13:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla\Firefox\Profiles\7bsmuwe0.default\extensions\capturefoxmovie@advancity.net

[2008/07/16 12:46:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/11/23 12:37:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/11/02 19:23:26 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/11/02 19:23:27 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/11/02 19:23:28 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 17:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2003/05/15 00:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/11/02 17:16:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/11/02 17:16:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/11/02 17:16:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/11/02 17:16:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/11/02 17:16:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/11/02 17:16:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/11/02 17:16:17 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINNT\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINNT\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\MBAM\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)

O4 - HKLM..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [storageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TLogonPath] C:\Program Files\timbuktu pro\tb2logon.exe (Netopia, Inc.)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()

O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe (Alcatel-Lucent)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)

O16 - DPF: {093501ce-d290-11d3-a3d6-00c04fa32518} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.18)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1204322318437 (WUWebControl Class)

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.16)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {ed54a7b0-6c1c-11d5-b63d-00c04faedb18} Reg Error: Value error. (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na02.lucent.com

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\Sap\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\Sap\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\Timbuktu Pro: DllName - C:\Program Files\timbuktu pro\Hook32.dll - C:\Program Files\timbuktu pro\HOOK32.DLL (Netopia, Inc.)

O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINNT\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINNT\System32\tphklock.dll ()

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/25 13:15:32 | 00,000,000 | ---D | C] -- C:\MBAM

[2009/11/25 13:02:21 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/11/24 11:12:30 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nreece\Desktop\OTL.exe

[2009/11/24 09:15:41 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/11/24 09:12:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe

[2009/11/24 09:12:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe

[2009/11/24 09:12:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe

[2009/11/24 09:12:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe

[2009/11/24 09:10:15 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT

[2009/11/24 09:10:11 | 00,000,000 | ---D | C] -- C:\patch

[2009/11/24 09:08:57 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/11/23 16:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/11/23 14:57:33 | 00,000,000 | ---D | C] -- C:\gmer

[2009/11/23 14:25:23 | 00,000,000 | ---D | C] -- C:\root repeal

[2009/11/23 10:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nreece\My Documents\malware logs

[2009/11/23 10:16:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nreece\Application Data\Malwarebytes

[2009/11/23 09:40:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys

[2009/11/23 09:40:40 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

[2009/11/23 09:40:40 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2009/11/23 09:40:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/11/22 17:26:30 | 00,000,000 | ---D | C] -- C:\QUARANTINE

[2009/11/22 15:46:29 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware

[8 C:\Documents and Settings\nreece\My Documents\*.tmp files -> C:\Documents and Settings\nreece\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/01 09:22:27 | 00,000,462 | ---- | M] () -- C:\WINNT\SMSCFG.ini

[2009/12/01 09:19:48 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT

[2009/12/01 09:19:47 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat

[2009/12/01 09:19:00 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\nreece\NTUSER.DAT

[2009/12/01 09:19:00 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\nreece\ntuser.ini

[2009/12/01 09:12:35 | 00,000,896 | ---- | M] () -- C:\WINNT\win.ini

[2009/11/29 11:01:34 | 00,002,278 | ---- | M] () -- C:\WINNT\System32\wpa.dbl

[2009/11/26 09:06:11 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\nreece\My Documents\Excercise.xls

[2009/11/24 14:33:44 | 00,044,696 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/11/24 10:55:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nreece\Desktop\OTL.exe

[2009/11/24 09:35:55 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini

[2009/11/24 09:35:49 | 00,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts

[2009/11/24 09:15:56 | 00,000,302 | RHS- | M] () -- C:\boot.ini

[2009/11/23 16:38:34 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\nreece\Desktop\HijackThis.lnk

[2009/11/23 14:26:27 | 00,034,816 | ---- | M] () -- C:\WINNT\System32\drivers\blast.sys

[2009/11/23 12:37:29 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/11/23 09:56:37 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/22 12:04:36 | 00,209,920 | ---- | M] () -- C:\Documents and Settings\nreece\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[8 C:\Documents and Settings\nreece\My Documents\*.tmp files -> C:\Documents and Settings\nreece\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 09:15:55 | 00,000,231 | ---- | C] () -- C:\Boot.bak

[2009/11/24 09:15:42 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/11/24 09:12:48 | 00,260,608 | ---- | C] () -- C:\WINNT\PEV.exe

[2009/11/24 09:12:48 | 00,098,816 | ---- | C] () -- C:\WINNT\sed.exe

[2009/11/24 09:12:48 | 00,080,412 | ---- | C] () -- C:\WINNT\grep.exe

[2009/11/24 09:12:48 | 00,077,312 | ---- | C] () -- C:\WINNT\MBR.exe

[2009/11/24 09:12:48 | 00,068,096 | ---- | C] () -- C:\WINNT\zip.exe

[2009/11/23 16:38:34 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\nreece\Desktop\HijackThis.lnk

[2009/11/23 14:26:27 | 00,034,816 | ---- | C] () -- C:\WINNT\System32\drivers\blast.sys

[2009/11/23 09:40:45 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/27 08:25:29 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\nreece\Local Settings\Application Data\keyfile3.drm

[2009/06/30 22:01:22 | 00,004,764 | ---- | C] () -- C:\WINNT\System32\CcmFramework.ini

[2009/06/30 22:00:02 | 00,000,462 | ---- | C] () -- C:\WINNT\SMSCFG.ini

[2009/03/09 15:53:44 | 00,617,984 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll

[2009/03/09 15:53:44 | 00,178,688 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll

[2008/12/11 14:45:27 | 00,000,044 | ---- | C] () -- C:\WINNT\SMWizard.INI

[2008/11/03 12:42:05 | 00,000,022 | ---- | C] () -- C:\WINNT\System32\PICSDK.ini

[2008/11/03 12:39:21 | 00,000,044 | ---- | C] () -- C:\WINNT\EPSPR320.ini

[2008/09/23 08:55:48 | 00,005,119 | ---- | C] () -- C:\WINNT\System32\drivers\alsdrvr.sys

[2008/08/22 08:47:45 | 00,126,464 | ---- | C] () -- C:\WINNT\System32\lame_enc.dll

[2008/07/23 08:50:52 | 03,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll

[2008/07/23 08:47:34 | 00,000,416 | ---- | C] () -- C:\WINNT\System32\dtu100.dll.manifest

[2008/07/23 08:47:34 | 00,000,416 | ---- | C] () -- C:\WINNT\System32\dpl100.dll.manifest

[2008/07/22 14:40:12 | 00,042,480 | ---- | C] () -- C:\Documents and Settings\nreece\Application Data\GDIPFONTCACHEV1.DAT

[2008/07/15 10:01:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\nreece\Application Data\desktop.ini

[2008/07/15 10:01:21 | 02,641,406 | -H-- | C] () -- C:\Documents and Settings\nreece\Local Settings\Application Data\IconCache.db

[2008/07/15 10:01:21 | 00,209,920 | ---- | C] () -- C:\Documents and Settings\nreece\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/07/15 10:01:21 | 00,042,480 | ---- | C] () -- C:\Documents and Settings\nreece\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2007/08/09 15:43:16 | 00,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4860.dll

[2007/03/05 10:34:28 | 00,676,224 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL

[2007/02/26 17:34:34 | 00,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4785.dll

[2007/02/01 21:12:49 | 00,069,632 | ---- | C] () -- C:\WINNT\System32\com.fxpansion.fxshared.dll

[2007/01/30 21:56:22 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\notifyf2.dll

[2007/01/30 21:56:22 | 00,024,576 | ---- | C] () -- C:\WINNT\System32\tphklock.dll

[2007/01/30 09:08:51 | 00,077,824 | ---- | C] () -- C:\WINNT\System32\SynTPCoI.dll

[2006/12/18 13:12:32 | 00,000,280 | ---- | C] () -- C:\WINNT\System32\epoPGPsdk.dll.sig

[2006/08/18 16:24:52 | 00,090,112 | ---- | C] () -- C:\WINNT\System32\btprn2k.dll

[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINNT\Fonts\GlobalUserInterface.CompositeFont

[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINNT\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINNT\Fonts\GlobalSerif.CompositeFont

[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINNT\Fonts\GlobalMonospace.CompositeFont

[2005/12/20 14:25:42 | 00,000,049 | ---- | C] () -- C:\WINNT\cdplayer.ini

[2005/04/19 17:23:51 | 00,000,010 | ---- | C] () -- C:\WINNT\WININIT.INI

[2005/02/17 10:41:32 | 00,000,603 | ---- | C] () -- C:\WINNT\System32\BTNeighborhood.dll.manifest

[2005/02/17 10:41:30 | 00,000,593 | ---- | C] () -- C:\WINNT\System32\btcss.dll.manifest

[2004/12/01 08:53:38 | 00,000,210 | ---- | C] () -- C:\WINNT\System32\sr2spec.ini

[2004/12/01 08:15:19 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll

[2004/12/01 08:15:18 | 00,385,024 | ---- | C] () -- C:\WINNT\System32\qdvd.dll

[2004/12/01 08:15:18 | 00,279,040 | ---- | C] () -- C:\WINNT\System32\qdv.dll

[2004/05/17 14:43:09 | 00,035,424 | ---- | C] () -- C:\WINNT\System32\ntio412.sys

[2004/05/17 14:43:07 | 00,034,560 | ---- | C] () -- C:\WINNT\System32\ntio404.sys

[2004/05/17 14:43:06 | 00,034,560 | ---- | C] () -- C:\WINNT\System32\ntio804.sys

[2004/05/17 14:43:04 | 00,035,648 | ---- | C] () -- C:\WINNT\System32\ntio411.sys

[2004/05/17 14:43:02 | 00,033,840 | ---- | C] () -- C:\WINNT\System32\ntio.sys

[2004/04/27 13:00:13 | 00,355,112 | ---- | C] () -- C:\WINNT\System32\msjetoledb40.dll

[2004/04/15 23:00:00 | 00,000,058 | ---- | C] () -- C:\WINNT\System32\EAL32.INI

[2004/03/18 07:05:22 | 00,051,712 | ---- | C] () -- C:\WINNT\System32\JinPanel.dll

[2004/03/17 07:01:11 | 00,001,628 | ---- | C] () -- C:\WINNT\saplogon.ini

[2004/03/17 07:00:27 | 00,015,872 | ---- | C] () -- C:\WINNT\System32\vtssm32.dll

[2004/03/17 07:00:24 | 01,064,960 | ---- | C] () -- C:\WINNT\System32\h5krnl32.dll

[2004/03/17 07:00:24 | 00,188,928 | ---- | C] () -- C:\WINNT\System32\h5icon32.dll

[2004/03/17 07:00:24 | 00,175,616 | ---- | C] () -- C:\WINNT\System32\h5menu32.dll

[2004/03/17 07:00:24 | 00,095,744 | ---- | C] () -- C:\WINNT\System32\h5rtf32.dll

[2004/03/17 07:00:24 | 00,051,200 | ---- | C] () -- C:\WINNT\System32\h5tool32.dll

[2004/03/12 13:59:20 | 00,000,684 | ---- | C] () -- C:\WINNT\System32\Oeminfo.ini

[2004/03/11 14:28:15 | 00,057,280 | ---- | C] () -- C:\WINNT\System32\drivers\drvlw.sys

[2004/03/11 14:28:15 | 00,033,280 | ---- | C] () -- C:\WINNT\System32\upgdrvlw.dll

[2004/03/11 14:28:15 | 00,027,136 | ---- | C] () -- C:\WINNT\System32\upgftps.dll

[2004/03/11 14:28:15 | 00,027,136 | ---- | C] () -- C:\WINNT\System32\upgftpap.dll

[2004/03/11 14:28:14 | 00,311,296 | ---- | C] () -- C:\WINNT\System32\ftpback.dll

[2004/03/11 14:28:14 | 00,038,400 | ---- | C] () -- C:\WINNT\System32\ftpnls32.dll

[2004/03/11 13:11:33 | 00,000,218 | ---- | C] () -- C:\WINNT\ORAODBC.INI

[2004/03/11 12:56:04 | 00,517,120 | ---- | C] () -- C:\WINNT\System32\acr7041.dll

[2004/03/10 15:49:14 | 00,172,056 | ---- | C] () -- C:\WINNT\System32\CSGina.dll

[2004/03/10 15:06:49 | 00,000,000 | ---- | C] () -- C:\WINNT\tb2pro.INI

[2004/03/10 15:06:49 | 00,000,000 | ---- | C] () -- C:\WINNT\Tb2Desk.INI

[2004/03/10 14:59:04 | 00,000,000 | ---- | C] () -- C:\WINNT\PROTOCOL.INI

[2004/03/10 14:32:37 | 00,001,217 | ---- | C] () -- C:\WINNT\ODBC.INI

[2004/03/10 13:12:25 | 00,000,000 | ---- | C] () -- C:\WINNT\netscape.INI

[2004/03/09 16:33:01 | 01,290,752 | ---- | C] () -- C:\WINNT\System32\quartz.dll

[2004/03/09 16:33:00 | 00,733,696 | ---- | C] () -- C:\WINNT\System32\qedwipes.dll

[2004/03/09 16:33:00 | 00,562,176 | ---- | C] () -- C:\WINNT\System32\qedit.dll

[2004/03/09 16:33:00 | 00,192,512 | ---- | C] () -- C:\WINNT\System32\qcap.dll

[2004/03/09 16:33:00 | 00,070,656 | ---- | C] () -- C:\WINNT\System32\amstream.dll

[2004/03/09 16:33:00 | 00,059,904 | ---- | C] () -- C:\WINNT\System32\devenum.dll

[2004/03/09 16:33:00 | 00,035,328 | ---- | C] () -- C:\WINNT\System32\mciqtz32.dll

[2004/03/09 16:33:00 | 00,014,336 | ---- | C] () -- C:\WINNT\System32\msdmo.dll

[2004/03/09 11:46:26 | 00,000,000 | ---- | C] () -- C:\WINNT\control.ini

[2004/03/09 11:43:12 | 00,000,063 | ---- | C] () -- C:\WINNT\vbaddin.ini

[2004/03/09 11:43:12 | 00,000,036 | ---- | C] () -- C:\WINNT\vb.ini

[2004/03/09 11:42:34 | 00,013,223 | ---- | C] () -- C:\WINNT\System32\tslabels.ini

[2004/03/09 11:42:34 | 00,001,931 | ---- | C] () -- C:\WINNT\System32\msdtcprf.ini

[2004/03/09 05:37:07 | 00,499,928 | ---- | C] () -- C:\WINNT\System32\PerfStringBackup.INI

[2004/03/09 05:37:06 | 00,004,735 | ---- | C] () -- C:\WINNT\ODBCINST.INI

[2004/03/09 05:36:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2003/03/23 17:35:20 | 00,000,000 | ---- | C] () -- C:\WINNT\System32\px.ini

[2003/01/07 12:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI

[2002/11/26 13:15:52 | 00,186,368 | ---- | C] () -- C:\WINNT\System32\encdec.dll

[2002/11/26 13:15:50 | 00,270,848 | ---- | C] () -- C:\WINNT\System32\sbe.dll

[2002/05/24 00:00:00 | 00,208,896 | ---- | C] () -- C:\WINNT\System32\lockout.dll

[2002/05/24 00:00:00 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\lockres.dll

[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\WINNT\System32\lcppn21.dll

[2001/08/17 14:36:28 | 00,157,696 | ---- | C] () -- C:\WINNT\System32\paqsp.dll

[1996/11/16 22:00:00 | 00,022,016 | ---- | C] () -- C:\WINNT\System32\ODBCSTF.DLL

[1996/11/16 22:00:00 | 00,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL

[1996/11/16 22:00:00 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\HLINKPRX.DLL

[1979/12/31 16:00:00 | 01,015,477 | ---- | C] () -- C:\WINNT\System32\esentprf.ini

[1979/12/31 16:00:00 | 00,498,742 | ---- | C] () -- C:\WINNT\System32\dxmasf.dll

[1979/12/31 16:00:00 | 00,252,928 | ---- | C] () -- C:\WINNT\System32\compatui.dll

[1979/12/31 16:00:00 | 00,199,168 | ---- | C] () -- C:\WINNT\System32\ir32_32.dll

[1979/12/31 16:00:00 | 00,094,282 | ---- | C] () -- C:\WINNT\System32\msencode.dll

[1979/12/31 16:00:00 | 00,053,478 | ---- | C] () -- C:\WINNT\System32\tcpmon.ini

[1979/12/31 16:00:00 | 00,042,809 | ---- | C] () -- C:\WINNT\System32\key01.sys

[1979/12/31 16:00:00 | 00,042,537 | ---- | C] () -- C:\WINNT\System32\keyboard.sys

[1979/12/31 16:00:00 | 00,029,370 | ---- | C] () -- C:\WINNT\System32\ntdos411.sys

[1979/12/31 16:00:00 | 00,029,274 | ---- | C] () -- C:\WINNT\System32\ntdos412.sys

[1979/12/31 16:00:00 | 00,029,146 | ---- | C] () -- C:\WINNT\System32\ntdos804.sys

[1979/12/31 16:00:00 | 00,029,146 | ---- | C] () -- C:\WINNT\System32\ntdos404.sys

[1979/12/31 16:00:00 | 00,027,866 | ---- | C] () -- C:\WINNT\System32\ntdos.sys

[1979/12/31 16:00:00 | 00,027,097 | ---- | C] () -- C:\WINNT\System32\country.sys

[1979/12/31 16:00:00 | 00,015,360 | ---- | C] () -- C:\WINNT\System32\tsd32.dll

[1979/12/31 16:00:00 | 00,013,312 | ---- | C] () -- C:\WINNT\System32\win87em.dll

[1979/12/31 16:00:00 | 00,012,082 | ---- | C] () -- C:\WINNT\System32\rsvp.ini

[1979/12/31 16:00:00 | 00,010,240 | ---- | C] () -- C:\WINNT\System32\scriptpw.dll

[1979/12/31 16:00:00 | 00,010,110 | ---- | C] () -- C:\WINNT\System32\mqperf.ini

[1979/12/31 16:00:00 | 00,009,029 | ---- | C] () -- C:\WINNT\System32\ansi.sys

[1979/12/31 16:00:00 | 00,006,877 | ---- | C] () -- C:\WINNT\System32\pschdprf.ini

[1979/12/31 16:00:00 | 00,004,768 | ---- | C] () -- C:\WINNT\System32\himem.sys

[1979/12/31 16:00:00 | 00,004,126 | ---- | C] () -- C:\WINNT\System32\msdxmlc.dll

[1979/12/31 16:00:00 | 00,003,458 | ---- | C] () -- C:\WINNT\System32\rasctrs.ini

[1979/12/31 16:00:00 | 00,002,891 | ---- | C] () -- C:\WINNT\System32\perfci.ini

[1979/12/31 16:00:00 | 00,002,732 | ---- | C] () -- C:\WINNT\System32\perfwci.ini

[1979/12/31 16:00:00 | 00,002,656 | ---- | C] () -- C:\WINNT\System32\netware.drv

[1979/12/31 16:00:00 | 00,001,405 | ---- | C] () -- C:\WINNT\msdfmap.ini

[1979/12/31 16:00:00 | 00,001,152 | ---- | C] () -- C:\WINNT\System32\perffilt.ini

[1979/12/31 16:00:00 | 00,000,896 | ---- | C] () -- C:\WINNT\win.ini

[1979/12/31 16:00:00 | 00,000,343 | ---- | C] () -- C:\WINNT\System32\prodspec.ini

[1979/12/31 16:00:00 | 00,000,227 | ---- | C] () -- C:\WINNT\system.ini

========== LOP Check ==========

[2005/04/20 07:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2005/12/20 14:35:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2008/11/12 07:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications

[2008/08/22 09:11:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU

[2008/11/15 11:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk

[2004/03/09 05:36:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2008/02/29 14:24:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel

[2008/11/03 20:18:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit

[2007/01/30 09:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2009/11/23 09:40:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/03/31 15:38:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2005/12/20 10:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates

[2007/08/16 03:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2004/03/10 15:43:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2007/01/30 22:31:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB

[2005/12/20 12:09:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2008/09/23 09:04:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Adobe

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\AdobeUM

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Apple Computer

[2008/08/27 05:29:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Aventail

[2008/08/22 09:11:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\AVS4YOU

[2008/11/15 11:12:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Cakewalk

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\CyberLink

[2004/03/09 05:36:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\nreece\Application Data\desktop.ini

[2008/08/21 13:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\DivX

[2008/08/24 09:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\FUJIFILM

[2009/04/11 20:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\FXpansion

[2009/08/11 08:16:50 | 00,042,480 | ---- | M] () -- C:\Documents and Settings\nreece\Application Data\GDIPFONTCACHEV1.DAT

[2009/08/11 07:46:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Help

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Identities

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Infineon

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\InstallShield

[2008/02/29 14:25:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Intel

[2007/01/29 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\InterVideo

[2008/11/03 20:09:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Intuit

[2008/11/03 12:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Leadertech

[2007/01/29 21:17:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Macromedia

[2009/11/23 10:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Malwarebytes

[2009/03/23 15:14:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\nreece\Application Data\Microsoft

[2008/07/16 12:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Mozilla

[2007/01/29 21:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\OfficeUpdate12

[2008/07/24 20:32:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Publish Providers

[2007/01/29 21:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Real

[2008/11/25 09:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Sony

[2007/01/29 21:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\Sun

[2009/05/05 15:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\U3

[2008/09/23 11:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nreece\Application Data\VERITAS

[2001/08/22 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini

[2009/12/01 09:19:48 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

[nreece]

Kaspersky Scan

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, December 1, 2009

Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, December 01, 2009 19:12:00

Records in database: 3319405

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

L:\

S:\

Scan statistics:

Objects scanned: 84873

Threats found: 4

Infected objects found: 11

Suspicious objects found: 0

Scan duration: 02:19:27

File name / Threat / Threats count

C:\Qoobox\Quarantine\C\WINNT\system32\drivers\iaStor.sys.vir Infected: Rootkit.Win32.TDSS.u 1

C:\Qoobox\Quarantine\C\WINNT\system32\H8SRTnelstomudp.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINNT\system32\H8SRTsthybotuvc.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINNT\system32\H8SRTtrwdvvwcog.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINNT\system32\H8SRTxtlgtpsxld.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\SUPPORT\varcvpn\other\pskill.exe Infected: not-a-virus:NetTool.Win32.PsKill.a 1

C:\SUPPORT\varcvpn\varcvpn.exe Infected: not-a-virus:NetTool.Win32.PsKill.a 1

C:\WINNT\system32\CCM\Cache\WW000236.6.System\Runner_Tools\BANNER\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\WINNT\system32\CCM\Cache\WW000236.6.System\Runner_Tools\SCRIPTS\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\WINNT\system32\CCM\Cache\WW000290.8.System\Runner_Tools\BANNER\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\WINNT\system32\CCM\Cache\WW000290.8.System\Runner_Tools\SCRIPTS\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

Selected area has been scanned.

[nreece]

Thanks again for your help....overall my PC is running pretty much normal again. The only "glitches" now are with Internet Explorer 6 and Firefox 3.5.5. Both browsers work and I'm not getting all the annoying pop-ups but, I can't reach all of the sites I used to reach. IE loads slow and won't allow me to reach my main company web-app for some reason. Firefox won't allow me to perform an update. When trying to update Firefox, I get this error message:

"update XML file malformed (200)"

[chamber]

Hi,

In regards to the IE, try updating it to see if that helps, IE6 has quite a few security holes and is quite outdated now.

For Firefox try re installing it and see if that helps with your issues.

[nreece]

Hello,

When I try to update IE I get an error message stating: "Files required to use Windows Update are no longer registered or installed on your computer"

I reinstalled Firefox and still get the error message:"update XML file malformed (200)"

[chamber]

Download Windows Update Fix and see if that fixes the update problem.

[nreece]

Unfortunately FixWindows didn't work. I get an error stating: " The problem was not fixed or BITS was already running". BITS is not running however according to the Open Services Window.

I wonder if some files used by Windows automatic updates were corrupted by all the Malware. Did you get a chance to review the Kaspersky logs? 11 infected items and 4 Threats are still residing on my PC.

Thanks.

[chamber]

Quarantined,

C:\Qoobox\Quarantine\C\WINNT\system32\drivers\iaStor.sys.vir Infected: Rootkit.Win32.TDSS.u 1

C:\Qoobox\Quarantine\C\WINNT\system32\H8SRTnelstomudp.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINNT\system32\H8SRTsthybotuvc.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINNT\system32\H8SRTtrwdvvwcog.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINNT\system32\H8SRTxtlgtpsxld.dll.vir Infected: Packed.Win32.TDSS.aa 1

Not a virus,

C:\SUPPORT\varcvpn\other\pskill.exe Infected: not-a-virus:NetTool.Win32.PsKill.a 1

C:\SUPPORT\varcvpn\varcvpn.exe Infected: not-a-virus:NetTool.Win32.PsKill.a 1

C:\WINNT\system32\CCM\Cache\WW000236.6.System\Runner_Tools\BANNER\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\WINNT\system32\CCM\Cache\WW000236.6.System\Runner_Tools\SCRIPTS\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\WINNT\system32\CCM\Cache\WW000290.8.System\Runner_Tools\BANNER\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\WINNT\system32\CCM\Cache\WW000290.8.System\Runner_Tools\SCRIPTS\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

We can delete these ones if you wish.

Open start and then run and type cmd

Then in the open command prompt window type,

sc start BITS

[nreece]

Hi,

My IE problem is now resolved. Somehow the proxy configuration that we use got blown away in IE. I reconfigured it and now all my apps are working again. I'm a little bit nervous about deleting some of the "not virus" entries because they are in my VARC VPN directory and I don't want to mess up the ability to VPN into my company network.

Would it be OK to just leave everything the way it is now? Everything is running smooth again.

[chamber]

Hi,

Thats why I didn't delete them.

Congratulations your logs appear clean!! :thumbsup:

Clean up

Follow these steps to uninstall Combofix and tools used in the removal of malware

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  

This will uninstall Combofix and anything assoicated with it.

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.
  

Additional Security Measures

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

You should have a good anti spyware program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

MVPS Hosts file The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Spring Cleaning

TFC - Temp File Cleaner by OldTimer - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

[Maurice Naggar]

This is resolved and now closed.

The procedures used here were for this system only, and not to be applied to any other.

If you are having similar issues, create your own New Topic.