Jump to content

Rootkit infection?


Recommended Posts

RootKit Infection ?

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK

Run by Administrator at 19:20:43.67 on Fri 01/01/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1730 [GMT -7:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\Defogger.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:support@malwarebytes.org

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRunOnce: [uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\explorer\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236234214734

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: klogon - c:\windows\system32\klogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]

R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]

S0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]

S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-8-29 226832]

S2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 208616]

S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-4-1 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-4-1 7680]

=============== Created Last 30 ================

2010-01-02 02:16:13 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-01-02 01:39:36 0 d-----w- C:\abcd

2010-01-02 01:33:35 0 d-----w- c:\program files\explorer

2010-01-02 01:27:06 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-01-02 01:20:45 0 d-----w- c:\program files\McAfee Security Scan

2010-01-02 01:20:45 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2009-12-25 03:18:14 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-24 22:52:00 108838 ----a-w- C:\MGlogs.zip

2009-12-24 22:51:59 0 d-----w- C:\MGtools

2009-12-24 22:35:16 0 d-----w- c:\program files\common files\Wise Installation Wizard

2009-12-24 22:23:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-24 22:23:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-24 22:23:20 0 d-----w- c:\program files\Mapp

2009-12-24 17:52:23 917504 ----a-w- c:\windows\system32\FLASH.OCX

2009-12-24 17:52:23 0 d-sh--w- c:\windows\ftpcache

2009-12-24 17:48:00 0 d-----w- c:\docume~1\admini~1\applic~1\Symantec

2009-12-24 17:47:59 178 --sh--w- c:\documents and settings\administrator\ntuser.ini

2009-12-23 08:17:19 871 ----a-w- c:\windows\system32\krl32mainweq.dll

2009-12-23 08:16:17 207 ----a-w- c:\windows\system32\srcr.dat

2009-12-20 21:57:16 343040 ----a-w- c:\windows\rsvcrt.dll

2009-12-20 21:57:16 142848 ----a-w- c:\windows\remsel32.dll

==================== Find3M ====================

2009-12-23 08:45:19 598048 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-12-23 08:45:19 4415520 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-12-23 08:45:19 35576 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-12-23 08:45:19 3124 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-11-13 17:20:45 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2009-11-13 17:20:45 108059 ----a-w- c:\windows\system32\drivers\klin.dat

2009-11-13 02:07:15 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll

2009-08-30 02:16:33 15754 ----a-w- c:\program files\common files\orycat.inf

2009-08-30 02:16:33 12623 ----a-w- c:\program files\common files\edisile.dat

2009-08-30 02:09:06 19594 ----a-w- c:\program files\common files\zoxityhe.pif

2009-08-30 02:09:06 18326 ----a-w- c:\program files\common files\epet.exe

2009-08-30 02:09:06 15373 ----a-w- c:\program files\common files\ipapyty.dl

2009-08-30 02:09:06 14917 ----a-w- c:\program files\common files\mycoxum.vbs

2009-08-30 01:56:49 17957 ----a-w- c:\program files\common files\aqujafeve.vbs

2009-08-30 01:56:49 16034 ----a-w- c:\program files\common files\ybilew.vbs

2009-08-30 01:56:49 10467 ----a-w- c:\program files\common files\acadyc.ban

2009-08-30 01:56:49 10295 ----a-w- c:\program files\common files\esob.ban

2009-08-17 04:45:05 18361 ----a-w- c:\program files\common files\hyguwu.lib

2009-08-17 04:45:05 14317 ----a-w- c:\program files\common files\nyse.db

2009-08-17 04:45:05 11892 ----a-w- c:\program files\common files\ywypym._dl

2009-08-17 04:45:05 11029 ----a-w- c:\program files\common files\cequsaw.db

2009-08-17 04:45:05 10767 ----a-w- c:\program files\common files\omeq.scr

2009-08-17 04:34:01 19285 ----a-w- c:\program files\common files\efyvo.reg

2009-08-17 04:34:01 12735 ----a-w- c:\program files\common files\xogi._sy

2009-08-17 04:19:46 17397 ----a-w- c:\program files\common files\exijaveba.ban

2009-08-17 04:19:46 16954 ----a-w- c:\program files\common files\hoku.lib

2009-08-17 04:19:46 15591 ----a-w- c:\program files\common files\woqy.bin

2009-08-17 04:19:46 11169 ----a-w- c:\program files\common files\guhyqabi.bin

2009-08-17 04:19:46 10642 ----a-w- c:\program files\common files\yvuradacil.dl

2005-07-02 05:25:26 32 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 19:21:36.56 ===============

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-02 09:27:58

Windows 5.1.2600 Service Pack 3

Running: y3w3fr8q.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\axgdypog.sys

---- System - GMER 1.0.15 ----

Code 8A403570 ZwEnumerateKey

Code 8A3F6E88 ZwFlushInstructionCache

Code 8A309CCE IofCallDriver

Code 8A420606 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Cdfs \Cdfs B942E400

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTpjtvcjsnlm.sys (*** hidden *** ) BA79C000-BA7B8000 (114688 bytes)

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [320] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [364] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1276] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1508] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1740] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1764] 0x00870000

Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1916] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1952] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2044] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\H8SRTpjtvcjsnlm.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTpjtvcjsnlm.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTpjtvcjsnlm.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtykcfbkadu.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTlavpspguby.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTpjtvcjsnlm.sys

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTpjtvcjsnlm.sys

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtykcfbkadu.dll

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTlavpspguby.dat

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YPMRAP4V\httpErrorPagesScripts[1] 8601 bytes

File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YPMRAP4V\dnserror[1] 5947 bytes

File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\H8SRTd93a.tmp 343040 bytes executable

File C:\WINDOWS\system32\drivers\H8SRTpjtvcjsnlm.sys 39936 bytes executable <-- ROOTKIT !!!

File C:\WINDOWS\system32\H8SRTlavpspguby.dat 203 bytes

File C:\WINDOWS\system32\H8SRTtykcfbkadu.dll 23040 bytes executable

File C:\WINDOWS\system32\H8SRTuuxvxekboc.dll 36864 bytes executable

File C:\WINDOWS\Temp\H8SRT433e.tmp 207 bytes

File C:\WINDOWS\Temp\H8SRT46b8.tmp 127 bytes

File C:\WINDOWS\Temp\H8SRT6fad.tmp 200 bytes

File C:\WINDOWS\Temp\H8SRT75b7.tmp 36864 bytes executable

---- EOF - GMER 1.0.15 ----

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 3/4/2009 5:34:49 PM

System Uptime: 1/1/2010 7:07:34 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Kelut

Processor: AMD Sempron 3000+ | Socket A | 1999/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 293 GiB total, 259.701 GiB free.

D: is FIXED (FAT32) - 5 GiB total, 0.373 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP175: 9/24/2009 3:32:29 PM - System Checkpoint

RP176: 9/26/2009 12:40:01 PM - System Checkpoint

RP177: 9/27/2009 12:53:12 PM - System Checkpoint

RP178: 10/28/2009 1:09:41 PM - System Checkpoint

RP179: 10/29/2009 1:43:21 PM - System Checkpoint

RP180: 10/30/2009 7:39:27 PM - System Checkpoint

RP181: 10/31/2009 8:13:16 PM - System Checkpoint

RP182: 11/1/2009 9:14:36 PM - System Checkpoint

RP183: 11/2/2009 9:38:58 PM - System Checkpoint

RP184: 11/6/2009 8:48:44 AM - System Checkpoint

RP185: 11/8/2009 11:46:35 AM - System Checkpoint

RP186: 11/9/2009 2:06:21 PM - System Checkpoint

RP187: 11/10/2009 6:46:49 PM - System Checkpoint

RP188: 11/11/2009 9:41:41 PM - System Checkpoint

RP189: 11/12/2009 10:11:23 PM - System Checkpoint

RP190: 11/13/2009 10:22:19 PM - System Checkpoint

RP191: 11/13/2009 11:56:26 PM - Software Distribution Service 3.0

RP192: 11/15/2009 1:20:56 AM - System Checkpoint

RP193: 11/16/2009 1:55:13 PM - System Checkpoint

RP194: 11/17/2009 2:56:23 PM - System Checkpoint

RP195: 11/19/2009 9:35:15 PM - System Checkpoint

RP196: 11/21/2009 11:50:15 PM - System Checkpoint

RP197: 11/23/2009 2:51:41 PM - System Checkpoint

RP198: 11/24/2009 3:56:13 PM - System Checkpoint

RP199: 11/26/2009 8:44:41 PM - System Checkpoint

RP200: 11/27/2009 9:10:49 PM - System Checkpoint

RP201: 11/28/2009 10:09:50 PM - System Checkpoint

RP202: 11/30/2009 11:48:00 AM - System Checkpoint

RP203: 12/1/2009 2:42:53 PM - System Checkpoint

RP204: 12/3/2009 8:41:18 PM - System Checkpoint

RP205: 12/4/2009 12:31:31 AM - Software Distribution Service 3.0

RP206: 12/7/2009 10:35:14 AM - System Checkpoint

RP207: 12/8/2009 11:22:01 AM - System Checkpoint

RP208: 12/9/2009 11:46:32 AM - System Checkpoint

RP209: 11/9/2009 9:01:39 PM - System Checkpoint

RP210: 11/10/2009 9:57:51 PM - System Checkpoint

RP211: 11/12/2009 1:27:46 AM - Software Distribution Service 3.0

RP212: 11/12/2009 7:06:30 PM - Installed Linksys Dual-Band Wireless-N USB Network Adapter

RP213: 11/12/2009 7:12:49 PM - Installed Java 6 Update 15

RP214: 11/13/2009 10:00:40 PM - System Checkpoint

RP215: 11/13/2009 11:48:28 PM - Software Distribution Service 3.0

RP216: 11/14/2009 11:57:49 PM - System Checkpoint

RP217: 11/16/2009 12:15:44 AM - System Checkpoint

RP218: 11/17/2009 2:30:10 PM - System Checkpoint

RP219: 11/18/2009 3:34:58 PM - System Checkpoint

RP220: 11/20/2009 10:47:00 PM - System Checkpoint

RP221: 11/21/2009 11:47:58 PM - System Checkpoint

RP222: 11/23/2009 6:36:58 AM - System Checkpoint

RP223: 11/24/2009 9:56:52 AM - System Checkpoint

RP224: 11/25/2009 11:23:38 AM - System Checkpoint

RP225: 11/26/2009 12:09:12 AM - Software Distribution Service 3.0

RP226: 11/27/2009 12:18:20 PM - System Checkpoint

RP227: 11/28/2009 1:09:36 PM - System Checkpoint

RP228: 11/29/2009 5:40:35 PM - System Checkpoint

RP229: 11/30/2009 10:39:51 PM - System Checkpoint

RP230: 12/4/2009 12:06:38 PM - System Checkpoint

RP231: 12/5/2009 3:08:19 PM - System Checkpoint

RP232: 12/6/2009 3:10:46 PM - System Checkpoint

RP233: 12/7/2009 3:14:38 PM - System Checkpoint

RP234: 12/8/2009 4:52:56 PM - System Checkpoint

RP235: 12/8/2009 10:58:01 PM - Software Distribution Service 3.0

RP236: 12/11/2009 5:00:59 PM - System Checkpoint

RP237: 12/12/2009 5:49:38 PM - System Checkpoint

RP238: 12/13/2009 6:51:03 PM - System Checkpoint

RP239: 12/14/2009 10:46:15 PM - System Checkpoint

RP240: 12/17/2009 1:29:10 AM - System Checkpoint

RP241: 12/19/2009 10:34:13 AM - System Checkpoint

RP242: 12/20/2009 10:53:07 AM - System Checkpoint

RP243: 12/21/2009 12:07:01 PM - System Checkpoint

RP244: 12/22/2009 1:38:00 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Download Manager

Adobe Drive CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Linguistics CS4

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop Album 2.0 Starter Edition

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Reader 6.0.1

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

ATI Parental Control & Encoder

Avanquest update

AVIVO Codecs

Bonjour

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Spanish

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help English

CCC Help French

CCC Help German

CCC Help Spanish

Compaq Connections

Compaq Organize

Connect

DVD X Player 5.3 Standard

Final Fantasy VII

FINAL FANTASY XI

FINAL FANTASY XI: Chains of Promathia

FINAL FANTASY XI: Rise of the Zilart

FINAL FANTASY XI: Treasures of Aht Urhgan

FINAL FANTASY XI: Wings of the Goddess

Google Toolbar for Internet Explorer

Help and Support Additions

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

HP Boot Optimizer

HpSdpAppCoreApp

InterVideo WinDVD Player

iTunes

J2SE Runtime Environment 5.0

Java 6 Update 15

Kaspersky Internet Security 2009

kuler

LimeWire 4.18.8

Linksys Dual-Band Wireless-N USB Network Adapter

Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter

Malwarebytes' Anti-Malware

McAfee Security Scan

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Plus! Dancer LE

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Motorola Driver Installation 3.4.0

Motorola Phone Tools

Motorola SM56 Speakerphone Modem

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Ogg Codecs 0.81.15562

PC-Doctor for Windows

PCI Audio Driver

PDF Settings CS4

Photoshop Camera Raw

PlayOnline Viewer and Tetra Master

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

QuickTime

RealPlayer

S3 S3Display

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB973704)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB973593)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Shooting Stars Pool from Compaq (remove only)

Skins

Sonic Express Labeler

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Suite Shared Configuration CS4

TuneUp Utilities 2009

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VIA Rhine-Family Fast Ethernet Adapter

VIA/S3G Display Driver

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows XP Service Pack 3

WinZip 12.1

Xiph QuickTime Components

Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/27/2009 11:28:02 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001EE5E0058E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

12/26/2009 7:20:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

12/26/2009 7:18:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Beep Fips IPSec kl1 klbg KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

12/26/2009 7:18:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

12/26/2009 7:18:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

12/26/2009 7:18:20 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/26/2009 7:18:20 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/26/2009 7:17:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

12/26/2009 7:17:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/26/2009 12:17:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep

12/26/2009 12:17:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Kaspersky Internet Security service to connect.

12/26/2009 12:17:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

12/26/2009 12:17:56 PM, error: Service Control Manager [7000] - The Kaspersky Internet Security service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/26/2009 12:17:56 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/25/2009 10:59:43 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 Beep Fips kl1 klbg KLIF

1/1/2010 7:14:12 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .

1/1/2010 7:14:12 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\basic\setup.exe. Reference error message: The operation completed successfully. .

1/1/2010 7:14:12 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

1/1/2010 7:14:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

1/1/2010 6:43:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

1/1/2010 6:20:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service getPlusHelper with arguments "" in order to run the server: {E48FEF78-2125-4D1D-B8D8-C30D2286E1D1}

1/1/2010 5:39:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

Please Help

Link to post
Share on other sites

Hello Kevin and welcome to MalwareBytes' forums.

Please follow my guidance and get started right away. Yes, you have a serious rootkit infection.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gifIf you are a casual viewer, do NOT try this on your system!

If you are not Kevinw103 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download The Avenger by Swandog46 from here.

  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Drivers to disable:
    H8SRTd.sys
    H8SRTd

    Drivers to delete:
    H8SRTd.sys
    H8SRTd

    Files to delete:
    C:\WINDOWS\system32\drivers\H8SRTpjtvcjsnlm.sys
    C:\WINDOWS\system32\H8SRTuuxvxekboc.dll
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\H8SRTd93a.tmp
    C:\WINDOWS\system32\H8SRTlavpspguby.dat
    C:\WINDOWS\system32\H8SRTtykcfbkadu.dll
    C:\WINDOWS\Temp\H8SRT433e.tmp
    C:\WINDOWS\Temp\H8SRT46b8.tmp
    C:\WINDOWS\Temp\H8SRT6fad.tmp
    C:\WINDOWS\Temp\H8SRT75b7.tmp

    Registry keys to delete:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\H8SRTd.sys

    Folders to delete:
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler


  • In the avenger window, click the Paste Script from Clipboard icon, pastets4.png button.
  • :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.

If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.

and then reboot the system again.

Step 4

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 5

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

Step 6

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Avenger.txt

C:\Combofix.txt

Please Copy and Paste the contents of the logs within the body of Reply.

If they are extremely large, you may post each log separately in separate replies.

Link to post
Share on other sites

Getting user folders.

Stopping running processes.

Emptying Temp folders.

User: Administrator

->Temp folder emptied: 2228377 bytes

->Temporary Internet Files folder emptied: 105898082 bytes

->Java cache emptied: 294 bytes

User: All Users

User: Compaq_Owner

->Temp folder emptied: 218796435 bytes

->Temporary Internet Files folder emptied: 225592699 bytes

->Java cache emptied: 49705380 bytes

User: Dad

->Temp folder emptied: 29049 bytes

->Temporary Internet Files folder emptied: 49200168 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 8419558 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1074244 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

Windows Temp folder emptied: 49600 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10952266 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes

Process complete!

Total Files Cleaned = 641.00 mb

ComboFix 10-01-01.05 - Dad 01/02/2010 12:16:12.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1581 [GMT -7:00]

Running from: c:\documents and settings\Dad\Desktop\Combo-Fix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\hipoqijix.vbs

c:\documents and settings\All Users\Application Data\yfogafidy.vbs

c:\documents and settings\All Users\Application Data\zuqeda.bat

c:\documents and settings\All Users\Documents\awixary.reg

c:\documents and settings\All Users\Documents\didupe.reg

c:\documents and settings\All Users\Documents\gewoxaq.vbs

c:\documents and settings\All Users\Documents\olidaqi.vbs

c:\documents and settings\All Users\Documents\ryxepu.inf

c:\documents and settings\All Users\Documents\uxeqoq.bat

c:\documents and settings\Compaq_Owner\Application Data\kiverylapi.vbs

c:\documents and settings\Compaq_Owner\Cookies\ajyqemo.bat

c:\documents and settings\Compaq_Owner\Cookies\axasifude.dl

c:\documents and settings\Compaq_Owner\Cookies\gilamidene.ban

c:\documents and settings\Compaq_Owner\Cookies\hedaga._dl

c:\documents and settings\Compaq_Owner\Cookies\idysanalil.com

c:\documents and settings\Compaq_Owner\Cookies\jujanorige.bat

c:\documents and settings\Compaq_Owner\Cookies\kozedokere.dll

c:\documents and settings\Compaq_Owner\Cookies\qigaqilapy._dl

c:\documents and settings\Compaq_Owner\Cookies\ryfy.vbs

c:\documents and settings\Compaq_Owner\Cookies\utabi.pif

c:\documents and settings\Compaq_Owner\Cookies\vapo.inf

c:\documents and settings\Compaq_Owner\Cookies\ynuvo.bin

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\abem.inf

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\aryqufapu.bat

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\juxuxyxani.vbs

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\kollso

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\kollso\lviwsysguard.exe

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ogujuvysi.reg

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ugaw.bat

c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ypewoxy.vbs

c:\program files\Common Files\aqujafeve.vbs

c:\program files\Common Files\efyvo.reg

c:\program files\Common Files\mycoxum.vbs

c:\program files\Common Files\orycat.inf

c:\program files\Common Files\ybilew.vbs

c:\windows\cogoce.reg

c:\windows\faxu._sy

c:\windows\gyvat.vbs

c:\windows\inucohetu.exe

c:\windows\inyvixu.dll

c:\windows\kemusu.scr

c:\windows\ozyvoculy.dll

c:\windows\pisomupu.inf

c:\windows\ridawycoq.reg

c:\windows\rybasulew._sy

c:\windows\system32\bogocaky.bat

c:\windows\system32\imadit.reg

c:\windows\system32\otuk.vbs

c:\windows\system32\srcr.dat

c:\windows\udynokix.bat

c:\windows\ytisacaled.vbs

c:\windows\zigafe.dll

c:\windows\zikezyse.dll

c:\windows\zytin.dll

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))

.

2010-01-02 18:32 . 2010-01-02 18:32 -------- d-----w- c:\program files\ERUNT

2010-01-02 04:37 . 2010-01-02 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM

2010-01-02 04:37 . 2010-01-02 04:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2010-01-02 01:39 . 2010-01-02 01:46 -------- d-----w- C:\abcd

2010-01-02 01:33 . 2010-01-02 01:33 -------- d-----w- c:\program files\explorer

2010-01-02 01:27 . 2010-01-02 01:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-01-02 01:20 . 2010-01-02 01:20 -------- d-----w- c:\program files\McAfee Security Scan

2010-01-02 01:20 . 2010-01-02 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2009-12-25 03:18 . 2010-01-02 02:55 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-24 22:52 . 2009-12-24 22:57 108838 ----a-w- C:\MGlogs.zip

2009-12-24 22:51 . 2009-12-24 22:57 -------- d-----w- C:\MGtools

2009-12-24 22:35 . 2009-12-24 22:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-12-24 22:33 . 2009-12-24 22:33 -------- d-sh--w- c:\documents and settings\Dad\PrivacIE

2009-12-24 22:23 . 2009-12-30 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-24 22:23 . 2010-01-02 01:28 -------- d-----w- c:\program files\Mapp

2009-12-24 22:23 . 2009-12-30 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-24 17:52 . 2009-12-24 17:52 -------- d-sh--w- c:\windows\ftpcache

2009-12-24 17:47 . 2010-01-02 02:16 -------- d-----w- c:\documents and settings\Administrator

2009-12-23 17:39 . 2009-12-23 17:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-12-23 08:17 . 2010-01-02 00:31 871 ----a-w- c:\windows\system32\krl32mainweq.dll

2009-12-20 21:57 . 2009-12-20 21:57 343040 ----a-w- c:\windows\rsvcrt.dll

2009-12-20 21:57 . 2009-12-20 21:57 142848 ----a-w- c:\windows\remsel32.dll

2009-12-20 21:41 . 2009-12-20 21:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\dvdcss

2009-12-09 01:57 . 2009-12-09 02:02 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\vlc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-02 19:01 . 2009-08-30 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-01-02 19:00 . 2009-08-30 02:12 606240 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2010-01-02 19:00 . 2009-08-30 02:12 4462112 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-01-02 19:00 . 2009-08-30 02:12 35940 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-01-02 19:00 . 2009-08-30 02:12 3152 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2010-01-02 18:49 . 2010-01-02 18:49 -------- d-----w- c:\documents and settings\Dad\Application Data\Yahoo!

2009-12-21 04:01 . 2009-03-05 04:48 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent

2009-12-21 04:01 . 2009-03-09 05:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire

2009-12-10 03:21 . 2009-08-08 03:29 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-12-09 06:00 . 2009-03-05 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-12-08 23:14 . 2009-06-20 00:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Download Manager

2009-11-17 20:34 . 2009-03-05 00:49 40664 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-16 00:05 . 2009-11-16 00:05 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-14 06:49 . 2005-05-07 05:19 -------- d-----w- c:\program files\Microsoft Works

2009-11-13 17:20 . 2009-08-30 02:12 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2009-11-13 17:20 . 2009-08-30 02:12 108059 ----a-w- c:\windows\system32\drivers\klin.dat

2009-11-13 02:13 . 2005-05-07 04:56 -------- d-----w- c:\program files\Java

2009-11-13 02:12 . 2009-11-13 02:12 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-11-13 02:07 . 2009-11-13 02:07 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-11-13 02:06 . 2009-11-13 02:06 -------- d-----w- c:\program files\Linksys

2009-10-29 07:45 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38 . 2009-03-05 00:04 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2009-03-05 00:03 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:30 . 2009-03-05 00:03 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2009-03-05 00:04 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2009-03-05 00:04 79872 ----a-w- c:\windows\system32\raschap.dll

2009-08-30 02:16 . 2009-08-30 02:16 12623 ----a-w- c:\program files\Common Files\edisile.dat

2009-08-30 02:09 . 2009-08-30 02:09 19594 ----a-w- c:\program files\Common Files\zoxityhe.pif

2009-08-30 02:09 . 2009-08-30 02:09 18326 ----a-w- c:\program files\Common Files\epet.exe

2009-08-30 02:09 . 2009-08-30 02:09 15373 ----a-w- c:\program files\Common Files\ipapyty.dl

2009-08-30 01:56 . 2009-08-30 01:56 10467 ----a-w- c:\program files\Common Files\acadyc.ban

2009-08-30 01:56 . 2009-08-30 01:56 10295 ----a-w- c:\program files\Common Files\esob.ban

2009-08-17 04:45 . 2009-08-17 04:45 18361 ----a-w- c:\program files\Common Files\hyguwu.lib

2009-08-17 04:45 . 2009-08-17 04:45 14317 ----a-w- c:\program files\Common Files\nyse.db

2009-08-17 04:45 . 2009-08-17 04:45 11892 ----a-w- c:\program files\Common Files\ywypym._dl

2009-08-17 04:45 . 2009-08-17 04:45 11029 ----a-w- c:\program files\Common Files\cequsaw.db

2009-08-17 04:45 . 2009-08-17 04:45 10767 ----a-w- c:\program files\Common Files\omeq.scr

2009-08-17 04:34 . 2009-08-17 04:34 12735 ----a-w- c:\program files\Common Files\xogi._sy

2009-08-17 04:19 . 2009-08-17 04:19 17397 ----a-w- c:\program files\Common Files\exijaveba.ban

2009-08-17 04:19 . 2009-08-17 04:19 16954 ----a-w- c:\program files\Common Files\hoku.lib

2009-08-17 04:19 . 2009-08-17 04:19 15591 ----a-w- c:\program files\Common Files\woqy.bin

2009-08-17 04:19 . 2009-08-17 04:19 11169 ----a-w- c:\program files\Common Files\guhyqabi.bin

2009-08-17 04:19 . 2009-08-17 04:19 10642 ----a-w- c:\program files\Common Files\yvuradacil.dl

2005-07-02 05:25 . 2009-03-05 00:29 32 --sha-w- c:\windows\SMINST\HPCD.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-30 208616]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-07 180269]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SMSERIAL"=sm56hlpr.exe

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"C-Media Mixer"=Mixer.exe /startup

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]

R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [12/14/2007 6:04 PM 551680]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [4/1/2009 10:54 PM 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [4/1/2009 10:54 PM 7680]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2010-01-02 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 17:54]

2009-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe

AddRemove-Final Fantasy VII - c:\program files\Square Soft

AddRemove-HijackThis - c:\mgtools\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-02 12:21

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1448)

c:\windows\system32\Ati2evxx.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Completion time: 2010-01-02 12:22:58

ComboFix-quarantined-files.txt 2010-01-02 19:22

Pre-Run: 279,197,208,576 bytes free

Post-Run: 279,162,605,568 bytes free

- - End Of File - - 7261AC7CC0ADE52445A873AFCFC5DCBA

Edited by Maurice Naggar
Removed quote section
Link to post
Share on other sites

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: could not open driver "H8SRTd.sys"

Disablement of driver "H8SRTd.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: could not open driver "H8SRTd"

Disablement of driver "H8SRTd" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTd.sys" not found!

Deletion of driver "H8SRTd.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTd" not found!

Deletion of driver "H8SRTd" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\drivers\H8SRTpjtvcjsnlm.sys" not found!

Deletion of file "C:\WINDOWS\system32\drivers\H8SRTpjtvcjsnlm.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\H8SRTuuxvxekboc.dll" not found!

Deletion of file "C:\WINDOWS\system32\H8SRTuuxvxekboc.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\H8SRTd93a.tmp" not found!

Deletion of file "C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\H8SRTd93a.tmp" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\H8SRTlavpspguby.dat" not found!

Deletion of file "C:\WINDOWS\system32\H8SRTlavpspguby.dat" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\H8SRTtykcfbkadu.dll" not found!

Deletion of file "C:\WINDOWS\system32\H8SRTtykcfbkadu.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\Temp\H8SRT433e.tmp" not found!

Deletion of file "C:\WINDOWS\Temp\H8SRT433e.tmp" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\Temp\H8SRT46b8.tmp" not found!

Deletion of file "C:\WINDOWS\Temp\H8SRT46b8.tmp" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\Temp\H8SRT6fad.tmp" not found!

Deletion of file "C:\WINDOWS\Temp\H8SRT6fad.tmp" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\Temp\H8SRT75b7.tmp" not found!

Deletion of file "C:\WINDOWS\Temp\H8SRT75b7.tmp" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\H8SRTd.sys" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\H8SRTd.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: folder "C:\recycler" not found!

Deletion of folder "C:\recycler" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: could not open folder "e:\recycler"

Deletion of folder "e:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "f:\recycler"

Deletion of folder "f:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "g:\recycler"

Deletion of folder "g:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "h:\recycler"

Deletion of folder "h:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: folder "D:\recycler" not found!

Deletion of folder "D:\recycler" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Link to post
Share on other sites

I believe you had started with the system running in Safe Mode with Networking.

I'd like to have you restart the system in Normal mode, if at all possible.

And confirm that for me.

Next

Step 1

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

Step 2

Run a fresh run of Gmer, so we can have a fresh log.

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

Step 3

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

Reply with copy of the new Gmer.txt log

the ESET scan log

and tell me, How is your system now ?

Link to post
Share on other sites

I've done everything under a different user name on the computer. Under my user name things work fine but under my sons user name no so good. I can't get any internet or run MalwareBytes error code 732 (0, 0) comes up. Yesterday the error code was 732 (12029, 0). I ran all the scans in normal mode under my user name, here are the results.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-03 00:30:54

Windows 5.1.2600 Service Pack 3

Running: y3w3fr8q.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\axgdypog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA77FB1DA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xA77FB7AE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xA77FD1EA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xA77FCB9C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xA77FA950]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA77FEB7C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xA77FB5AE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xA77FAD92]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xA77FAF92]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xA77FCEAC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xA77FF084]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xA77FB0A8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xA77FB110]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xA77FCD5E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xA77FE620]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xA77FC9F8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xA77FAAB2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xA77FB3B2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xA77FEBA6]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xA77FB2FE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xA77FB178]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xA77FAE7C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xA77FAC5A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xA77FE888]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xA77FA5D2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xA77FDA74]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xA77FA734]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xA77FEF56]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xA77FA3D0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xA77FD08C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xA77FB6AC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xA77FE71A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xA77FEBD0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xA77FAB08]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xA77FECB4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xA77FEDE0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xA77FE54C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xA77FB47E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xA77FB4F0]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 31C 804E2978 4 Bytes CALL A088D0FC

.text ntoskrnl.exe!_abnormal_termination + 36C 804E29C8 1 Byte [74]

.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [b4, EC, 7F, A7, E0, ED, 7F, ...] {MOV AH, 0xec; JG 0xffffffffffffffab; LOOPNZ 0xfffffffffffffff3; JG 0xffffffffffffffaf; DEC ESP; IN EAX, 0x7f; CMPSD }

.text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP A78129E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512919 5 Bytes JMP A7812626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1064] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;

.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1064] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1232] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;

.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1232] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=52a1bb0f2eef6f4f9a1e8ab4bd252741

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-01-03 08:26:43

# local_time=2010-01-03 01:26:43 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1281 16774501 100 100 9973447 35124861 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=143587

# found=0

# cleaned=0

# scan_time=2724

Link to post
Share on other sites

Kevin,

I'll address the MBAM issue in next round.

The Eset scan is very good, and on the initial review, the Gmer scan looks good.

Please do the following, so I can review.

Step 1

Download RootRepeal from one of these links:

>> Link 1<<

or >>Link 2<<

or >>Link 3<<

  • SAVE the zip download to your Desktop.
  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.

Step 2

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of Rootrepeal log
  • the contents of OTL.txt
  • the contents of Extras.txt
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

OK here it is!

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/01/03 12:16

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: c:\documents and settings\dad\local settings\temp\~df3d36.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp8\data\av3.tmp

Status: Allocation size mismatch (API: 271777792, Raw: 0)

OTL logfile created on: 1/3/2010 12:19:57 PM - Run 1

OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\Dad\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 293.49 Gb Total Space | 259.96 Gb Free Space | 88.58% Space Free | Partition Type: NTFS

Drive D: | 4.58 Gb Total Space | 0.37 Gb Free Space | 8.14% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2

Current User Name: Dad

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/03 12:17:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe

PRC - [2009/08/07 20:30:22 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe

PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/06/28 16:24:54 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/01/06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/09 05:44:20 | 06,922,240 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exe

PRC - [2007/03/02 12:46:12 | 00,446,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2005/05/06 21:56:08 | 00,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe

PRC - [2004/10/22 11:53:06 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

PRC - [1998/05/07 09:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe

========== Modules (SafeList) ==========

MOD - [2010/01/03 12:17:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/08/29 19:59:50 | 00,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)

SRV - [2009/08/07 20:30:22 | 00,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)

SRV - [2009/08/07 20:30:17 | 00,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/07/15 11:48:20 | 00,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2009/06/28 16:24:50 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009/06/19 18:28:45 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2007/03/20 21:20:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)

SRV - [2007/03/02 12:46:12 | 00,446,464 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2009/11/12 19:07:15 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)

DRV - [2009/08/29 19:59:50 | 00,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)

DRV - [2009/08/29 19:59:49 | 00,226,832 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)

DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)

DRV - [2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)

DRV - [2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2008/04/13 11:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008/03/13 18:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)

DRV - [2007/12/14 18:04:24 | 00,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)

DRV - [2007/11/02 14:51:28 | 00,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)

DRV - [2007/11/02 14:36:10 | 00,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)

DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2007/03/02 12:53:18 | 01,972,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2007/01/22 18:33:00 | 00,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)

DRV - [2006/11/28 21:46:20 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2005/01/26 09:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2005/01/25 06:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2005/01/19 17:21:56 | 00,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)

DRV - [2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV)

DRV - [2004/12/07 20:08:58 | 00,172,672 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)

DRV - [2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2004/08/03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/12/02 18:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)

DRV - [2003/11/11 18:41:00 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB)

DRV - [2002/11/18 15:51:40 | 00,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

DRV - [2001/08/17 20:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV - [2001/08/17 19:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/08/29 19:12:23 | 00,000,000 | ---D | M]

O1 HOSTS File: (794 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1236234214734 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/01/26 21:53:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 20:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/03 12:17:19 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe

[2010/01/03 00:36:05 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/01/02 14:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\FixPolicies

[2010/01/02 12:45:09 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2010/01/02 12:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Malwarebytes

[2010/01/02 12:15:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/01/02 12:15:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/01/02 12:15:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/01/02 12:15:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/01/02 12:15:07 | 00,000,000 | ---D | C] -- C:\Qoobox

[2010/01/02 11:51:25 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\TFC.exe

[2010/01/02 11:49:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Yahoo!

[2010/01/02 11:49:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Google

[2010/01/02 11:33:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/01/02 11:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/01/01 18:39:36 | 00,000,000 | ---D | C] -- C:\abcd

[2010/01/01 18:33:35 | 00,000,000 | ---D | C] -- C:\Program Files\explorer

[2010/01/01 18:20:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan

[2009/12/24 15:51:59 | 00,000,000 | ---D | C] -- C:\MGtools

[2009/12/24 15:44:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dad\Desktop\HJTInstall.exe

[2009/12/24 15:35:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/12/24 15:34:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Macromedia

[2009/12/24 15:33:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Adobe

[2009/12/24 15:33:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dad\PrivacIE

[2009/12/24 15:32:57 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Dad\Application Data\Microsoft

[2009/12/24 15:32:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dad\SendTo

[2009/12/24 15:32:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dad\Recent

[2009/12/24 15:32:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dad\Application Data

[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\Start Menu

[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\My Documents\My Videos

[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\My Documents\My Pictures

[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\My Documents\My Music

[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\My Documents

[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\Favorites

[2009/12/24 15:32:57 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dad\IETldCache

[2009/12/24 15:32:57 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dad\Cookies

[2009/12/24 15:32:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dad\Templates

[2009/12/24 15:32:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dad\PrintHood

[2009/12/24 15:32:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dad\NetHood

[2009/12/24 15:32:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dad\Local Settings

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\WINDOWS

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Symantec

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\SampleView

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Real

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft Help

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\InterMute

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Identities

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Google

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\ApplicationHistory

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Apple Computer

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Apple Computer

[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}

[2009/12/24 15:23:21 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/24 15:23:20 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/24 15:23:20 | 00,000,000 | ---D | C] -- C:\Program Files\Mapp

[2009/12/24 10:52:23 | 00,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX

[2009/12/24 10:52:23 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache

[2009/12/20 14:57:16 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\rsvcrt.dll

[2009/07/03 10:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/03/16 10:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009/03/16 10:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2005/05/06 21:44:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2005/05/06 21:44:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2005/05/06 21:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/01/03 12:17:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe

[2010/01/03 12:06:52 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Dad\settings.dat

[2010/01/03 12:05:59 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\RootRepeal.zip

[2010/01/03 12:05:39 | 00,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2010/01/03 12:04:24 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job

[2010/01/03 12:03:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/03 12:03:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/03 12:03:06 | 04,598,304 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2010/01/03 12:03:06 | 00,622,624 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2010/01/03 12:03:06 | 00,037,004 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2010/01/03 12:03:06 | 00,003,208 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2010/01/03 12:02:54 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\Dad\NTUSER.DAT

[2010/01/03 12:02:54 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dad\ntuser.ini

[2010/01/03 10:16:34 | 00,000,458 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/01/02 14:26:30 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\FixPolicies.exe

[2010/01/02 12:21:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/01/02 12:13:18 | 03,817,629 | R--- | M] () -- C:\Documents and Settings\Dad\Desktop\Combo-Fix.exe

[2010/01/02 11:51:25 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\TFC.exe

[2010/01/01 19:55:09 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/01/01 19:24:18 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\y3w3fr8q.exe

[2010/01/01 17:29:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/26 19:20:45 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/12/25 00:37:36 | 01,568,656 | -H-- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db

[2009/12/24 15:57:27 | 00,108,838 | ---- | M] () -- C:\MGlogs.zip

[2009/12/24 15:50:46 | 02,386,270 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\MGtools.exe

[2009/12/24 15:44:50 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dad\Desktop\HJTInstall.exe

[2009/12/24 15:36:13 | 07,451,168 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\SUPERAntiSpyware.exe

[2009/12/24 10:52:23 | 00,917,504 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX

[2009/12/23 01:15:54 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini

[2009/12/20 14:57:21 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\rsvcrt.dll

[2009/12/20 14:57:21 | 00,142,848 | ---- | M] () -- C:\WINDOWS\remsel32.dll

[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/12/09 08:43:26 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/09 08:43:26 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/09 08:43:26 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/08 23:00:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/12/07 10:36:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2010/01/03 12:06:52 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Dad\settings.dat

[2010/01/03 12:05:59 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\RootRepeal.zip

[2010/01/02 14:41:01 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\y3w3fr8q.exe

[2010/01/02 14:26:29 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\FixPolicies.exe

[2010/01/02 12:15:30 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/01/02 12:15:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/01/02 12:15:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/01/02 12:15:30 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/01/02 12:15:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/01/02 12:13:18 | 03,817,629 | R--- | C] () -- C:\Documents and Settings\Dad\Desktop\Combo-Fix.exe

[2009/12/24 20:18:14 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/12/24 15:52:00 | 00,108,838 | ---- | C] () -- C:\MGlogs.zip

[2009/12/24 15:50:43 | 02,386,270 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\MGtools.exe

[2009/12/24 15:36:12 | 07,451,168 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\SUPERAntiSpyware.exe

[2009/12/24 15:32:58 | 00,001,132 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Help and Support.lnk

[2009/12/24 15:32:57 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Dad\ntuser.ini

[2009/12/24 15:32:56 | 01,310,720 | -H-- | C] () -- C:\Documents and Settings\Dad\NTUSER.DAT

[2009/12/24 15:23:24 | 00,000,458 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/12/23 01:15:54 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini

[2009/12/20 14:57:16 | 00,142,848 | ---- | C] () -- C:\WINDOWS\remsel32.dll

[2009/08/29 19:16:33 | 00,017,905 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ofylyr._dl

[2009/08/29 19:16:33 | 00,016,451 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rodyky.exe

[2009/08/29 19:16:33 | 00,012,623 | ---- | C] () -- C:\Program Files\Common Files\edisile.dat

[2009/08/29 19:09:06 | 00,019,594 | ---- | C] () -- C:\Program Files\Common Files\zoxityhe.pif

[2009/08/29 19:09:06 | 00,018,326 | ---- | C] () -- C:\Program Files\Common Files\epet.exe

[2009/08/29 19:09:06 | 00,016,775 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dohoxek.sys

[2009/08/29 19:09:06 | 00,016,735 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rexokiwadi.ban

[2009/08/29 19:09:06 | 00,016,381 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\urof.dll

[2009/08/29 19:09:06 | 00,015,722 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ejewol.exe

[2009/08/29 19:09:06 | 00,015,373 | ---- | C] () -- C:\Program Files\Common Files\ipapyty.dl

[2009/08/29 19:09:06 | 00,011,083 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ubukusazyb.dll

[2009/08/29 18:56:49 | 00,018,669 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jevoxoqic.dl

[2009/08/29 18:56:49 | 00,010,467 | ---- | C] () -- C:\Program Files\Common Files\acadyc.ban

[2009/08/29 18:56:49 | 00,010,295 | ---- | C] () -- C:\Program Files\Common Files\esob.ban

[2009/08/16 21:45:05 | 00,018,883 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pyjeronapu.ban

[2009/08/16 21:45:05 | 00,018,361 | ---- | C] () -- C:\Program Files\Common Files\hyguwu.lib

[2009/08/16 21:45:05 | 00,016,674 | ---- | C] () -- C:\WINDOWS\System32\jycesok.dll

[2009/08/16 21:45:05 | 00,014,317 | ---- | C] () -- C:\Program Files\Common Files\nyse.db

[2009/08/16 21:45:05 | 00,014,258 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hojozanari.bin

[2009/08/16 21:45:05 | 00,013,957 | ---- | C] () -- C:\WINDOWS\System32\ahefufapa.sys

[2009/08/16 21:45:05 | 00,013,060 | ---- | C] () -- C:\WINDOWS\senoga.sys

[2009/08/16 21:45:05 | 00,011,892 | ---- | C] () -- C:\Program Files\Common Files\ywypym._dl

[2009/08/16 21:45:05 | 00,011,029 | ---- | C] () -- C:\Program Files\Common Files\cequsaw.db

[2009/08/16 21:45:05 | 00,010,767 | ---- | C] () -- C:\Program Files\Common Files\omeq.scr

[2009/08/16 21:45:05 | 00,010,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sugo.bin

[2009/08/16 21:34:01 | 00,014,213 | ---- | C] () -- C:\WINDOWS\nevemus.sys

[2009/08/16 21:34:01 | 00,012,735 | ---- | C] () -- C:\Program Files\Common Files\xogi._sy

[2009/08/16 21:19:46 | 00,017,397 | ---- | C] () -- C:\Program Files\Common Files\exijaveba.ban

[2009/08/16 21:19:46 | 00,017,088 | ---- | C] () -- C:\WINDOWS\System32\hubylul.sys

[2009/08/16 21:19:46 | 00,016,954 | ---- | C] () -- C:\Program Files\Common Files\hoku.lib

[2009/08/16 21:19:46 | 00,015,591 | ---- | C] () -- C:\Program Files\Common Files\woqy.bin

[2009/08/16 21:19:46 | 00,013,865 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vuhutu.lib

[2009/08/16 21:19:46 | 00,012,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oguk.scr

[2009/08/16 21:19:46 | 00,011,169 | ---- | C] () -- C:\Program Files\Common Files\guhyqabi.bin

[2009/08/16 21:19:46 | 00,010,642 | ---- | C] () -- C:\Program Files\Common Files\yvuradacil.dl

[2009/08/16 20:09:26 | 00,017,453 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oseviletyj.lib

[2009/08/16 20:09:26 | 00,017,194 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kazug.dll

[2009/08/16 20:09:26 | 00,016,933 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\epatug._dl

[2009/08/16 20:09:26 | 00,013,986 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xujot.db

[2009/08/16 20:09:26 | 00,010,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ozimilyl._sy

[2009/06/02 13:55:24 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\Systemdrv.sys

[2009/06/02 13:54:47 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/05/10 21:37:57 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2009/05/09 23:23:47 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/03/04 18:29:19 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini

[2005/05/06 23:06:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/05/06 23:03:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/05/06 23:03:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/05/06 23:03:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/05/06 23:03:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/05/06 23:03:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/05/06 23:03:06 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/05/06 22:26:07 | 00,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2005/05/06 22:25:56 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2005/05/06 22:21:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/05/06 22:08:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll

[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll

[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll

[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll

[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll

[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll

[2005/05/06 22:05:40 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll

[2005/05/06 22:05:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll

[2005/05/06 22:05:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll

[2005/05/06 21:50:28 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/05/06 21:48:36 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll

[2005/05/06 21:48:36 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll

[2005/05/06 21:48:07 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2005/04/01 11:34:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/01/19 22:45:40 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2005/01/19 22:45:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2004/06/15 21:38:00 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/04/10 22:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

========== LOP Check ==========

[2009/04/01 22:29:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2009/03/13 18:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[2009/06/02 13:54:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio

[2009/03/07 15:28:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/05/10 21:37:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2009/08/07 20:29:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2009/08/01 18:13:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/03/04 20:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2009/08/07 20:29:35 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

[2005/05/06 22:46:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\InterMute

[2005/05/06 22:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\SampleView

[2010/01/03 12:04:24 | 00,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 1/3/2010 12:19:57 PM - Run 1

OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\Dad\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 293.49 Gb Total Space | 259.96 Gb Free Space | 88.58% Space Free | Partition Type: NTFS

Drive D: | 4.58 Gb Total Space | 0.37 Gb Free Space | 8.14% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2

Current User Name: Dad

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

here is the last one that wouldn't fit in last add reply

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Kaspersky Internet Security 2009

Kaspersky Internet Security 2009

``````````````````````````````

Anti-malware/Other Utilities Check:

TuneUp Utilities 2009

Java 6 Update 15

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 6.0.1

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites

Step 1

De-install LimeWire and any other peer-filesharing app. And confirm that you have done so.

I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

"File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Step 2

javaicon.gif See this topic in the AumHa Security forum and get the latest Java run-time

http://aumha.net/viewtopic.php?f=26&t=42611

Step 3

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to

C:\Documents and Settings\All Users\Application Data\rodyky.exe

then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Repeat the same steps for each one of the following files:

C:\Program Files\Common Files\epet.exe

C:\Documents and Settings\All Users\Application Data\dohoxek.sys

C:\Documents and Settings\All Users\Application Data\urof.dll

C:\Documents and Settings\All Users\Application Data\ejewol.exe

C:\Documents and Settings\All Users\Application Data\ubukusazyb.dll

C:\Documents and Settings\All Users\Application Data\pyjeronapu.ban

C:\Documents and Settings\All Users\Application Data\hojozanari.bin

C:\WINDOWS\senoga.sys

C:\WINDOWS\nevemus.sys

C:\Program Files\Common Files\guhyqabi.bin

C:\WINDOWS\System32\Systemdrv.sys

Save the results for each, and post back here in a reply.

Step 4

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.
    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.

How To Use Compressed (Zipped) Folders in Windows XP

Compress and uncompress files (zip files) in Vista

Step 5

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.

Follow the directions in the F-Secure page for proper Installation.

You may receive an alert on the address bar at this point to install the ActiveX control.

Click on that alert and then click "Install ActiveX component".

Read the license agreement and click "Accept".

Click "Custom Scan" and be sure the following are checked:

  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Scan inside archives
  • Use advanced heuristics

When the scan completes, click the "I want to decide item by item" button.

For each item found, Select "Disinfect" and click "Next".

When done, click the "Show Report" button, then copy and paste the entire report into your next reply

Step 6

Reply with copies of the following:

The reports from Virustotal

the Sysclean log

the F-Secure online scan report

Link to post
Share on other sites

OK, here is the requested scans:

Print results Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

C:\Documents and Settings\All Users\Application Data\rodyky.exe

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eSafe 7.0.17.0 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.03 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.03 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.03 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.03 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 16451 bytes

MD5...: 0e0ec506781d1696fd0d1b2cbdf25fa8

SHA1..: 5e1ccaf9b814a240db9cf6efeec6b1c23f2b191e

SHA256: 3839d0489a44ce70f2ae88bb3e71068a500c44c440bb738bb49ad887cfb7d054

ssdeep: 384:mmptThF3SqzvRC2rJedDqFERDHcKbMC9MCZWcFd+9YYy4Xmj:B3rRvJiDRT4

iMCpF49YYNm

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Unknown!

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

C:\Program Files\Common Files\epet.exe

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eSafe 7.0.17.0 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 18326 bytes

MD5...: f27f595cdf2f6baae10c294b4122ee81

SHA1..: a442586dfcf6928dc330ca08966d2eccd1bffdec

SHA256: f27ce0b4c7426530bae2cd1a16ab3f7a361cc76e6d5714b9f3488b7c51c87298

ssdeep: 384:5MAF5ysziZkXbVixMPFwvj4tIfE88zpfuq6M/X+M:5M4csOZSVXP6bcd7Yq6

M/XZ

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: MPEG Video (100.0%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

C:\Documents and Settings\All Users\Application Data\dohoxek.sys

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eSafe 7.0.17.0 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 16775 bytes

MD5...: 19b248578015dbfe83299e919784d204

SHA1..: e9f6fb62d098bfc8241ed8bd0ba91ba344b155ce

SHA256: c6be9eb7d13c121492c9f75e752709685c894c40d7fa6a39cd215537df05402c

ssdeep: 384:E3Lz2YG1qLE5YpqiqHPahbSAeZaUMxSdQPlKDvpD5KJPhH:E3Lz6qLdqtHPr

5fQPlKND5KH

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

pdfid.: -

trid..: MPEG Video (74.9%)

BONK lossless/lossy audio compressor (25.0%)

C:\Documents and Settings\All Users\Application Data\urof.dll

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 16381 bytes

MD5...: 274595e36f847efae73b93fec8de3a97

SHA1..: e928ecaaf3115f021a2bfc442965b3d1af98975c

SHA256: 58d15f0bb176adb535e93e62e76c36710eb04e5ac6d42192073d59b8e97668b8

ssdeep: 384:uOcdtN+729u+1arj8jEAvTZaW3FP3XPYE0bG:uOx2x1k8jJpFP3fa6

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

trid..: Unknown!

pdfid.: -

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

C:\Documents and Settings\All Users\Application Data\ejewol.exe

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eSafe 7.0.17.0 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 15722 bytes

MD5...: 59dad43173354f0a18c566ea985a695c

SHA1..: 0424bcc714d651c4711091759b190f8ee03dd73a

SHA256: 0d915791c6b6bb2aa17bbcb5820c67c5e1b4dd6e77d72f3479e3f98f18b86950

ssdeep: 384:MfX1eJPGucgIZrd93h079FXbtjOmb8zfYxYEp2T/K324:iFeJPGuPCrdQJlJ

jOc8bYxtk/K35

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

trid..: MPEG Video (100.0%)

C:\Documents and Settings\All Users\Application Data\ubukusazyb.dll

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eSafe 7.0.17.0 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 11083 bytes

MD5...: fe35824977f2fb0f5e7d4c40e6298e34

SHA1..: 8b3dda3f0661d67828531815ed502ca501ae7bdc

SHA256: 06d7a5ed6ae087337b956f83314672f244ef1e9aa7102f0f2e0dd7ff117d0b34

ssdeep: 192:QfLOw8tlWySPk6VxYgda1xcl+KsL9U0YZPFAKdCvuogT8Xt9Co2oWPmFMZKp

zziX:QRCWyGVxYGkxG+KEUNHFCvlgT8h2PPmk

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

trid..: MPEG Video (100.0%)

File pyjeronapu.ban received on 2010.01.03 23:25:58 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/40 (0%)

Loading server information...

Your file is queued in position: 1.

Estimated start time is between 40 and 57 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eSafe 7.0.17.0 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 18883 bytes

MD5...: 79325f8eab5aac24cd83ce033af31eb7

SHA1..: 692c8535896d7daf083e4afbf127bc1b00daf5b9

SHA256: 41525f920d6a166af20ea2a3a6d59ce265fda86d8d9edc96c189c7398bf2ac4b

ssdeep: 384:03UNjcWFiLvXY0hIJHOM9aYbuKpVB3QXRe3YpyL7:nNgfY0OjRFBAXRuV7

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

pdfid.: -

trid..: MPEG Video (100.0%)

File hojozanari.bin received on 2010.01.03 23:28:00 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/40 (0%)

Loading server information...

Your file is queued in position: 2.

Estimated start time is between 50 and 71 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eSafe 7.0.17.0 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 14258 bytes

MD5...: fb5d6ca5cf71580a10157adafe20ca09

SHA1..: c260cfbd111685ae6e6e9f1f63a26376d3729186

SHA256: e5f78b0ccffd082fc55b75a8d144b34555fc6578cc9ce4c12f69ff71cd849b99

ssdeep: 384:b92SvfN+AFqOSLqjIKJ9mhtx2zFrrtoKPXK:baqgCzmPx2xrrtB6

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

pdfid.: -

trid..: MPEG Video (100.0%)

File senoga.sys received on 2010.01.03 23:30:44 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/39 (0%)

Loading server information...

Your file is queued in position: 8.

Estimated start time is between 110 and 157 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 13060 bytes

MD5...: e1a17d257d0bb9c3a51450085811378a

SHA1..: 180e863703d816df1bbaeb1a64e00678b1c357ac

SHA256: 34b1b9b08d37bddc43730d4aa808ac748b5b9fb76026187e74920097f9d455c7

ssdeep: 192:K5Bw6ZGQParGB4e6Cv1YMMsE30BaT+ex57q4LX+PkaHkV9IHe4tH8GexIIr/

KXuN:yLPcmd6CdYlkgT+EZKPCIHeSjg/K4

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

pdfid.: -

trid..: MPEG Video (100.0%)

File nevemus.sys received on 2010.01.03 23:33:36 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/40 (0%)

Loading server information...

Your file is queued in position: 1.

Estimated start time is between 40 and 57 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eSafe 7.0.17.0 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 14213 bytes

MD5...: 70721e23d161e3c703ccec305babc2ad

SHA1..: 0c15e359415c2b00e0c1258543bfe59576b4148e

SHA256: 010c7d13724d8b93b64fe5d0d200dc438fc9cde4c53ff81d6bb3581023756826

ssdeep: 384:R2tTd1l4tdTdAuzrMuFlG4PkBQzxR3YqD8cJZyFQM:R2tBf4tkuzDbPwQAqw

cLBM

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Unknown!

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

File guhyqabi.bin received on 2010.01.03 23:36:31 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/40 (0%)

Loading server information...

Your file is queued in position: 1.

Estimated start time is between 40 and 57 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eSafe 7.0.17.0 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 11169 bytes

MD5...: 0850ac289002cf3ea7a51549d2737d10

SHA1..: 82316f0002301f2ea5d89112111c20888e2ad54d

SHA256: 3d28087fd9c5cef3e1458970f10dd303f0018a05d13db264ee29557957bc49a6

ssdeep: 192:6hNBHHq62CyPZ+HRe4u7Z9FILGiz24cRLqhPgX/uMXiYzWQ0uIsUx:6hTHIZ

+nud9Udz24cEuX/uMXiizEx

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Unknown!

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

File Systemdrv.sys received on 2010.01.03 23:41:56 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/40 (0%)

Loading server information...

Your file is queued in position: 1.

Estimated start time is between 40 and 57 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

Antivirus Version Last Update Result

a-squared 4.5.0.46 2010.01.03 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.03 -

Avast 4.8.1351.0 2010.01.03 -

AVG 8.5.0.430 2010.01.03 -

BitDefender 7.2 2010.01.03 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.03 -

Comodo 3457 2010.01.03 -

DrWeb 5.0.1.12222 2010.01.03 -

eSafe 7.0.17.0 2010.01.03 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.03 -

F-Secure 9.0.15370.0 2010.01.03 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.04 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.03 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.04 -

McAfee 5850 2010.01.03 -

McAfee+Artemis 5850 2010.01.03 -

McAfee-GW-Edition 6.8.5 2010.01.03 -

Microsoft 1.5302 2010.01.04 -

NOD32 4740 2010.01.03 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2010.01.03 -

Panda 10.0.2.2 2010.01.03 -

PCTools 7.0.3.5 2010.01.03 -

Prevx 3.0 2010.01.04 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.04 -

Sunbelt 3.2.1858.2 2010.01.03 -

TheHacker 6.5.0.3.130 2010.01.04 -

TrendMicro 9.120.0.1004 2010.01.03 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.03 -

Additional information

File size: 14 bytes

MD5...: 58d904a2fa970bc23b636c47cb60e649

SHA1..: 480556e9f81dbeec70c59cd54a21303bcf232d33

SHA256: e8fe555c024b59bff681e653e4bb1b5550f4d8052147a335d8487d6d3a976545

ssdeep: 3:Sc8y:S5y

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

trid..: Generic INI configuration (100.0%)

pdfid.: -

/--------------------------------------------------------------\

| Trend Micro System Cleaner |

| Copyright 2009-2010, Trend Micro, Inc. |

| http://www.trendmicro.com |

\--------------------------------------------------------------/

2010-01-03, 17:12:39, Auto-clean mode specified.

2010-01-03, 17:12:40, Initialized Rootkit Driver version 2.2.0.1004.

2010-01-03, 17:12:40, Running scanner "C:\DCE\TSC.BIN"...

2010-01-03, 17:13:03, Scanner "C:\DCE\TSC.BIN" has finished running.

2010-01-03, 17:13:03, TSC Log:

Link to post
Share on other sites

Sorry for delay in getting back to you.

I'm going to have you do a special, scripted run of Combofix, after getting the latest version.

Please follow directions carefully.

Step 1

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

DELETE the prior copy of Combo-fix.exe on your Desktop {with red-lion icon} !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

Step 3

Now, Open notepad and copy/paste the text in the quotebox below into it:

File::

C:\747948A813CB3DD5749F03CF63

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 4

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

At this time of posting, the current definitions are # 3533 and the latest program version is 1.44

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy of C:\Combofix.txt

and the latest MBAM scan log

Link to post
Share on other sites

  • 4 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.