Kevinw103 Posted January 2, 2010 ID:178662 Share Posted January 2, 2010 RootKit Infection ?DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Administrator at 19:20:43.67 on Fri 01/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1730 [GMT -7:00]AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Administrator\Desktop\Defogger.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\Documents and Settings\Administrator\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduseruSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduseruSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduseruDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduseruDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=secondusermDefault_Search_URL = hxxp://www.google.com/iemSearch Page = hxxp://www.google.commStart Page = hxxp://www.google.commSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktopuInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:support@malwarebytes.orguSearchURL,(Default) = hxxp://www.google.com/keyword/%smSearchAssistant = hxxp://www.google.comBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /runmRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRunOnce: [uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarpmRunOnce: [Malwarebytes' Anti-Malware] c:\program files\explorer\mbamgui.exe /install /silentStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exeIE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlIE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlIE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.htmlIE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlIE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlIE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLLDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236234214734DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cabDPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabNotify: AtiExtEvent - Ati2evxx.dllNotify: klogon - c:\windows\system32\klogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll============= SERVICES / DRIVERS ===============R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]S0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-8-29 226832]S2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 208616]S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-4-1 18176]S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-4-1 7680]=============== Created Last 30 ================2010-01-02 02:16:13 0 ----a-w- c:\documents and settings\administrator\defogger_reenable2010-01-02 01:39:36 0 d-----w- C:\abcd2010-01-02 01:33:35 0 d-----w- c:\program files\explorer2010-01-02 01:27:06 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes2010-01-02 01:20:45 0 d-----w- c:\program files\McAfee Security Scan2010-01-02 01:20:45 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan2009-12-25 03:18:14 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-12-24 22:52:00 108838 ----a-w- C:\MGlogs.zip2009-12-24 22:51:59 0 d-----w- C:\MGtools2009-12-24 22:35:16 0 d-----w- c:\program files\common files\Wise Installation Wizard2009-12-24 22:23:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-12-24 22:23:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-12-24 22:23:20 0 d-----w- c:\program files\Mapp2009-12-24 17:52:23 917504 ----a-w- c:\windows\system32\FLASH.OCX2009-12-24 17:52:23 0 d-sh--w- c:\windows\ftpcache2009-12-24 17:48:00 0 d-----w- c:\docume~1\admini~1\applic~1\Symantec2009-12-24 17:47:59 178 --sh--w- c:\documents and settings\administrator\ntuser.ini2009-12-23 08:17:19 871 ----a-w- c:\windows\system32\krl32mainweq.dll2009-12-23 08:16:17 207 ----a-w- c:\windows\system32\srcr.dat2009-12-20 21:57:16 343040 ----a-w- c:\windows\rsvcrt.dll2009-12-20 21:57:16 142848 ----a-w- c:\windows\remsel32.dll==================== Find3M ====================2009-12-23 08:45:19 598048 --sha-w- c:\windows\system32\drivers\fidbox2.dat2009-12-23 08:45:19 4415520 --sha-w- c:\windows\system32\drivers\fidbox.dat2009-12-23 08:45:19 35576 --sha-w- c:\windows\system32\drivers\fidbox.idx2009-12-23 08:45:19 3124 --sha-w- c:\windows\system32\drivers\fidbox2.idx2009-11-13 17:20:45 95259 ----a-w- c:\windows\system32\drivers\klick.dat2009-11-13 17:20:45 108059 ----a-w- c:\windows\system32\drivers\klin.dat2009-11-13 02:07:15 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll2009-08-30 02:16:33 15754 ----a-w- c:\program files\common files\orycat.inf2009-08-30 02:16:33 12623 ----a-w- c:\program files\common files\edisile.dat2009-08-30 02:09:06 19594 ----a-w- c:\program files\common files\zoxityhe.pif2009-08-30 02:09:06 18326 ----a-w- c:\program files\common files\epet.exe2009-08-30 02:09:06 15373 ----a-w- c:\program files\common files\ipapyty.dl2009-08-30 02:09:06 14917 ----a-w- c:\program files\common files\mycoxum.vbs2009-08-30 01:56:49 17957 ----a-w- c:\program files\common files\aqujafeve.vbs2009-08-30 01:56:49 16034 ----a-w- c:\program files\common files\ybilew.vbs2009-08-30 01:56:49 10467 ----a-w- c:\program files\common files\acadyc.ban2009-08-30 01:56:49 10295 ----a-w- c:\program files\common files\esob.ban2009-08-17 04:45:05 18361 ----a-w- c:\program files\common files\hyguwu.lib2009-08-17 04:45:05 14317 ----a-w- c:\program files\common files\nyse.db2009-08-17 04:45:05 11892 ----a-w- c:\program files\common files\ywypym._dl2009-08-17 04:45:05 11029 ----a-w- c:\program files\common files\cequsaw.db2009-08-17 04:45:05 10767 ----a-w- c:\program files\common files\omeq.scr2009-08-17 04:34:01 19285 ----a-w- c:\program files\common files\efyvo.reg2009-08-17 04:34:01 12735 ----a-w- c:\program files\common files\xogi._sy2009-08-17 04:19:46 17397 ----a-w- c:\program files\common files\exijaveba.ban2009-08-17 04:19:46 16954 ----a-w- c:\program files\common files\hoku.lib2009-08-17 04:19:46 15591 ----a-w- c:\program files\common files\woqy.bin2009-08-17 04:19:46 11169 ----a-w- c:\program files\common files\guhyqabi.bin2009-08-17 04:19:46 10642 ----a-w- c:\program files\common files\yvuradacil.dl2005-07-02 05:25:26 32 --sha-w- c:\windows\sminst\HPCD.SYS============= FINISH: 19:21:36.56 ===============GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-01-02 09:27:58Windows 5.1.2600 Service Pack 3Running: y3w3fr8q.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\axgdypog.sys---- System - GMER 1.0.15 ----Code 8A403570 ZwEnumerateKeyCode 8A3F6E88 ZwFlushInstructionCacheCode 8A309CCE IofCallDriverCode 8A420606 IofCompleteRequest---- Devices - GMER 1.0.15 ----Device \FileSystem\Cdfs \Cdfs B942E400---- Modules - GMER 1.0.15 ----Module \systemroot\system32\drivers\H8SRTpjtvcjsnlm.sys (*** hidden *** ) BA79C000-BA7B8000 (114688 bytes) ---- Processes - GMER 1.0.15 ----Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [320] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [364] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1276] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1508] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1740] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1764] 0x00870000 Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1916] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1952] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2044] 0x10000000 ---- Services - GMER 1.0.15 ----Service C:\WINDOWS\system32\drivers\H8SRTpjtvcjsnlm.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!!---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTpjtvcjsnlm.sysReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file systemReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTpjtvcjsnlm.sysReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtykcfbkadu.dllReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTlavpspguby.datReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dllReg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTpjtvcjsnlm.sysReg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file systemReg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTpjtvcjsnlm.sysReg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTtykcfbkadu.dllReg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTlavpspguby.datReg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTuuxvxekboc.dll---- Files - GMER 1.0.15 ----File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YPMRAP4V\httpErrorPagesScripts[1] 8601 bytesFile C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YPMRAP4V\dnserror[1] 5947 bytesFile C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\H8SRTd93a.tmp 343040 bytes executableFile C:\WINDOWS\system32\drivers\H8SRTpjtvcjsnlm.sys 39936 bytes executable <-- ROOTKIT !!!File C:\WINDOWS\system32\H8SRTlavpspguby.dat 203 bytesFile C:\WINDOWS\system32\H8SRTtykcfbkadu.dll 23040 bytes executableFile C:\WINDOWS\system32\H8SRTuuxvxekboc.dll 36864 bytes executableFile C:\WINDOWS\Temp\H8SRT433e.tmp 207 bytesFile C:\WINDOWS\Temp\H8SRT46b8.tmp 127 bytesFile C:\WINDOWS\Temp\H8SRT6fad.tmp 200 bytesFile C:\WINDOWS\Temp\H8SRT75b7.tmp 36864 bytes executable---- EOF - GMER 1.0.15 ----UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-12-01.01)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 3/4/2009 5:34:49 PMSystem Uptime: 1/1/2010 7:07:34 PM (0 hours ago)Motherboard: ASUSTek Computer INC. | | Kelut Processor: AMD Sempron 3000+ | Socket A | 1999/166mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 293 GiB total, 259.701 GiB free.D: is FIXED (FAT32) - 5 GiB total, 0.373 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable==== Disabled Device Manager Items ================= System Restore Points ===================RP175: 9/24/2009 3:32:29 PM - System CheckpointRP176: 9/26/2009 12:40:01 PM - System CheckpointRP177: 9/27/2009 12:53:12 PM - System CheckpointRP178: 10/28/2009 1:09:41 PM - System CheckpointRP179: 10/29/2009 1:43:21 PM - System CheckpointRP180: 10/30/2009 7:39:27 PM - System CheckpointRP181: 10/31/2009 8:13:16 PM - System CheckpointRP182: 11/1/2009 9:14:36 PM - System CheckpointRP183: 11/2/2009 9:38:58 PM - System CheckpointRP184: 11/6/2009 8:48:44 AM - System CheckpointRP185: 11/8/2009 11:46:35 AM - System CheckpointRP186: 11/9/2009 2:06:21 PM - System CheckpointRP187: 11/10/2009 6:46:49 PM - System CheckpointRP188: 11/11/2009 9:41:41 PM - System CheckpointRP189: 11/12/2009 10:11:23 PM - System CheckpointRP190: 11/13/2009 10:22:19 PM - System CheckpointRP191: 11/13/2009 11:56:26 PM - Software Distribution Service 3.0RP192: 11/15/2009 1:20:56 AM - System CheckpointRP193: 11/16/2009 1:55:13 PM - System CheckpointRP194: 11/17/2009 2:56:23 PM - System CheckpointRP195: 11/19/2009 9:35:15 PM - System CheckpointRP196: 11/21/2009 11:50:15 PM - System CheckpointRP197: 11/23/2009 2:51:41 PM - System CheckpointRP198: 11/24/2009 3:56:13 PM - System CheckpointRP199: 11/26/2009 8:44:41 PM - System CheckpointRP200: 11/27/2009 9:10:49 PM - System CheckpointRP201: 11/28/2009 10:09:50 PM - System CheckpointRP202: 11/30/2009 11:48:00 AM - System CheckpointRP203: 12/1/2009 2:42:53 PM - System CheckpointRP204: 12/3/2009 8:41:18 PM - System CheckpointRP205: 12/4/2009 12:31:31 AM - Software Distribution Service 3.0RP206: 12/7/2009 10:35:14 AM - System CheckpointRP207: 12/8/2009 11:22:01 AM - System CheckpointRP208: 12/9/2009 11:46:32 AM - System CheckpointRP209: 11/9/2009 9:01:39 PM - System CheckpointRP210: 11/10/2009 9:57:51 PM - System CheckpointRP211: 11/12/2009 1:27:46 AM - Software Distribution Service 3.0RP212: 11/12/2009 7:06:30 PM - Installed Linksys Dual-Band Wireless-N USB Network AdapterRP213: 11/12/2009 7:12:49 PM - Installed Java 6 Update 15RP214: 11/13/2009 10:00:40 PM - System CheckpointRP215: 11/13/2009 11:48:28 PM - Software Distribution Service 3.0RP216: 11/14/2009 11:57:49 PM - System CheckpointRP217: 11/16/2009 12:15:44 AM - System CheckpointRP218: 11/17/2009 2:30:10 PM - System CheckpointRP219: 11/18/2009 3:34:58 PM - System CheckpointRP220: 11/20/2009 10:47:00 PM - System CheckpointRP221: 11/21/2009 11:47:58 PM - System CheckpointRP222: 11/23/2009 6:36:58 AM - System CheckpointRP223: 11/24/2009 9:56:52 AM - System CheckpointRP224: 11/25/2009 11:23:38 AM - System CheckpointRP225: 11/26/2009 12:09:12 AM - Software Distribution Service 3.0RP226: 11/27/2009 12:18:20 PM - System CheckpointRP227: 11/28/2009 1:09:36 PM - System CheckpointRP228: 11/29/2009 5:40:35 PM - System CheckpointRP229: 11/30/2009 10:39:51 PM - System CheckpointRP230: 12/4/2009 12:06:38 PM - System CheckpointRP231: 12/5/2009 3:08:19 PM - System CheckpointRP232: 12/6/2009 3:10:46 PM - System CheckpointRP233: 12/7/2009 3:14:38 PM - System CheckpointRP234: 12/8/2009 4:52:56 PM - System CheckpointRP235: 12/8/2009 10:58:01 PM - Software Distribution Service 3.0RP236: 12/11/2009 5:00:59 PM - System CheckpointRP237: 12/12/2009 5:49:38 PM - System CheckpointRP238: 12/13/2009 6:51:03 PM - System CheckpointRP239: 12/14/2009 10:46:15 PM - System CheckpointRP240: 12/17/2009 1:29:10 AM - System CheckpointRP241: 12/19/2009 10:34:13 AM - System CheckpointRP242: 12/20/2009 10:53:07 AM - System CheckpointRP243: 12/21/2009 12:07:01 PM - System CheckpointRP244: 12/22/2009 1:38:00 PM - System Checkpoint==== Installed Programs ======================Adobe Acrobat - Reader 6.0.2 UpdateAdobe AIRAdobe Anchor Service CS4Adobe Bridge CS4Adobe CMaps CS4Adobe Color - Photoshop Specific CS4Adobe Color EU Extra Settings CS4Adobe Color JA Extra Settings CS4Adobe Color NA Recommended Settings CS4Adobe Color Video Profiles CS CS4Adobe CSI CS4Adobe Default Language CS4Adobe Device Central CS4Adobe Download ManagerAdobe Drive CS4Adobe ExtendScript Toolkit CS4Adobe Extension Manager CS4Adobe Flash Player 10 PluginAdobe Fonts AllAdobe Linguistics CS4Adobe Media PlayerAdobe Output ModuleAdobe PDF Library Files CS4Adobe Photoshop Album 2.0 Starter EditionAdobe Photoshop CS4Adobe Photoshop CS4 SupportAdobe Reader 6.0.1Adobe Search for HelpAdobe Service Manager ExtensionAdobe SetupAdobe Type Support CS4Adobe Update Manager CS4Adobe WinSoft Linguistics PluginAdobe XMP Panels CS4AdobeColorCommonSetCMYKAdobeColorCommonSetRGBApple Mobile Device SupportApple Software UpdateATI - Software Uninstall UtilityATI Catalyst Control CenterATI Display DriverATI Parental Control & EncoderAvanquest updateAVIVO CodecsBonjourCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Localization Chinese StandardCatalyst Control Center Localization FrenchCatalyst Control Center Localization GermanCatalyst Control Center Localization Spanishccc-core-preinstallccc-core-staticccc-utilityCCC Help Chinese StandardCCC Help EnglishCCC Help FrenchCCC Help GermanCCC Help SpanishCompaq ConnectionsCompaq OrganizeConnectDVD X Player 5.3 StandardFinal Fantasy VIIFINAL FANTASY XIFINAL FANTASY XI: Chains of PromathiaFINAL FANTASY XI: Rise of the ZilartFINAL FANTASY XI: Treasures of Aht UrhganFINAL FANTASY XI: Wings of the GoddessGoogle Toolbar for Internet ExplorerHelp and Support AdditionsHijackThis 2.0.2Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)HP Boot OptimizerHpSdpAppCoreAppInterVideo WinDVD PlayeriTunesJ2SE Runtime Environment 5.0Java 6 Update 15Kaspersky Internet Security 2009kulerLimeWire 4.18.8Linksys Dual-Band Wireless-N USB Network AdapterLinksys WUSB600N Dual-Band Wireless-N USB Network AdapterMalwarebytes' Anti-MalwareMcAfee Security ScanMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft National Language Support Downlevel APIsMicrosoft Office 2007 Service Pack 2 (SP2)Microsoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Plus! Dancer LEMicrosoft Plus! Digital Media Edition InstallerMicrosoft Plus! Photo Story 2 LEMicrosoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft WorksMotorola Driver Installation 3.4.0Motorola Phone ToolsMotorola SM56 Speakerphone ModemMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Ogg Codecs 0.81.15562PC-Doctor for WindowsPCI Audio DriverPDF Settings CS4Photoshop Camera RawPlayOnline Viewer and Tetra MasterPython 2.2 pywin32 extensions (build 203)Python 2.2.3QuickTimeRealPlayerS3 S3DisplayS3 S3Gamma2S3 S3Info2S3 S3OverlaySecurity Update for 2007 Microsoft Office System (KB969559)Security Update for 2007 Microsoft Office System (KB973704)Security Update for CAPICOM (KB931906)Security Update for Microsoft Office Excel 2007 (KB973593)Security Update for Microsoft Office PowerPoint 2007 (KB957789)Security Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB969613)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft Office Visio Viewer 2007 (KB973709)Security Update for Microsoft Office Word 2007 (KB969604)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB938127-v2)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 8 (KB969897)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Shooting Stars Pool from Compaq (remove only)SkinsSonic Express LabelerSonic RecordNow AudioSonic RecordNow CopySonic RecordNow DataSonic Update ManagerSuite Shared Configuration CS4TuneUp Utilities 2009Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office InfoPath 2007 (KB976416)Update for Windows Internet Explorer 8 (KB971930)Update for Windows Internet Explorer 8 (KB976749)Update for Windows XP (KB951978)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VIA Rhine-Family Fast Ethernet AdapterVIA/S3G Display DriverWebFldrs XPWindows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 7Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 10Windows XP Service Pack 3WinZip 12.1Xiph QuickTime ComponentsYahoo! Toolbar==== Event Viewer Messages From Past Week ========12/27/2009 11:28:02 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001EE5E0058E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.12/26/2009 7:20:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}12/26/2009 7:18:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Beep Fips IPSec kl1 klbg KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip12/26/2009 7:18:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.12/26/2009 7:18:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.12/26/2009 7:18:20 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.12/26/2009 7:18:20 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.12/26/2009 7:17:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}12/26/2009 7:17:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}12/26/2009 12:17:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep12/26/2009 12:17:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Kaspersky Internet Security service to connect.12/26/2009 12:17:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.12/26/2009 12:17:56 PM, error: Service Control Manager [7000] - The Kaspersky Internet Security service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/26/2009 12:17:56 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/25/2009 10:59:43 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 Beep Fips kl1 klbg KLIF1/1/2010 7:14:12 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .1/1/2010 7:14:12 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\basic\setup.exe. Reference error message: The operation completed successfully. .1/1/2010 7:14:12 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.1/1/2010 7:14:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.1/1/2010 6:43:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}1/1/2010 6:20:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service getPlusHelper with arguments "" in order to run the server: {E48FEF78-2125-4D1D-B8D8-C30D2286E1D1}1/1/2010 5:39:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}==== End Of File ===========================Please Help Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 2, 2010 ID:178680 Share Posted January 2, 2010 Hello Kevin and welcome to MalwareBytes' forums.Please follow my guidance and get started right away. Yes, you have a serious rootkit infection.You will want to print out or copy these instructions to Notepad for offline reference!If you are a casual viewer, do NOT try this on your system! If you are not Kevinw103 and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use! Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.Step 11. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 2Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. Step 3Download The Avenger by Swandog46 from here.Unzip/extract it to a folder on your desktop.Double click on avenger.exe to run The Avenger.Click OK.Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.Drivers to disable:H8SRTd.sysH8SRTdDrivers to delete:H8SRTd.sysH8SRTdFiles to delete:C:\WINDOWS\system32\drivers\H8SRTpjtvcjsnlm.sysC:\WINDOWS\system32\H8SRTuuxvxekboc.dllC:\Documents and Settings\Compaq_Owner\Local Settings\Temp\H8SRTd93a.tmpC:\WINDOWS\system32\H8SRTlavpspguby.datC:\WINDOWS\system32\H8SRTtykcfbkadu.dllC:\WINDOWS\Temp\H8SRT433e.tmpC:\WINDOWS\Temp\H8SRT46b8.tmpC:\WINDOWS\Temp\H8SRT6fad.tmpC:\WINDOWS\Temp\H8SRT75b7.tmpRegistry keys to delete:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sysHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\H8SRTd.sysFolders to delete:C:\recyclerD:\recyclere:\recyclerf:\recyclerg:\recyclerh:\recyclerIn the avenger window, click the Paste Script from Clipboard icon, button. :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.Click the Execute button.You will be asked Are you sure you want to execute the current script?.Click Yes.You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.Click Yes.Your PC will now be rebooted.Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.and then reboot the system again.Step 4Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).It will close all programs when run, so make sure you have saved all your work before you begin.Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.IF prompted to Reboot, reply "Yes".Step 5Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsIf you have a prior copy of Combofix, delete it now !Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop. Link 1 Link 2 Link 3 * IMPORTANT !!! SAVE AS Combo-Fix.exe to your DesktopIf your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on Combo-Fix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.------------------------------------------------------- A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.Step 6RE-Enable your AntiVirus and AntiSpyware applications.Reply with copy of C:\Avenger.txtC:\Combofix.txtPlease Copy and Paste the contents of the logs within the body of Reply.If they are extremely large, you may post each log separately in separate replies. Link to post Share on other sites More sharing options...
Kevinw103 Posted January 2, 2010 Author ID:178717 Share Posted January 2, 2010 (edited) Getting user folders.Stopping running processes.Emptying Temp folders.User: Administrator->Temp folder emptied: 2228377 bytes->Temporary Internet Files folder emptied: 105898082 bytes->Java cache emptied: 294 bytesUser: All UsersUser: Compaq_Owner->Temp folder emptied: 218796435 bytes->Temporary Internet Files folder emptied: 225592699 bytes->Java cache emptied: 49705380 bytesUser: Dad->Temp folder emptied: 29049 bytes->Temporary Internet Files folder emptied: 49200168 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytesUser: LocalService->Temp folder emptied: 65984 bytes->Temporary Internet Files folder emptied: 8419558 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 1074244 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 19569 bytes%systemroot%\System32 .tmp files removed: 2577 bytesWindows Temp folder emptied: 49600 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10952266 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesEmptying RecycleBin. Do not interrupt.RecycleBin emptied: 0 bytesProcess complete!Total Files Cleaned = 641.00 mbComboFix 10-01-01.05 - Dad 01/02/2010 12:16:12.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1581 [GMT -7:00]Running from: c:\documents and settings\Dad\Desktop\Combo-Fix.exeAV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}. ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\hipoqijix.vbsc:\documents and settings\All Users\Application Data\yfogafidy.vbsc:\documents and settings\All Users\Application Data\zuqeda.batc:\documents and settings\All Users\Documents\awixary.regc:\documents and settings\All Users\Documents\didupe.regc:\documents and settings\All Users\Documents\gewoxaq.vbsc:\documents and settings\All Users\Documents\olidaqi.vbsc:\documents and settings\All Users\Documents\ryxepu.infc:\documents and settings\All Users\Documents\uxeqoq.batc:\documents and settings\Compaq_Owner\Application Data\kiverylapi.vbsc:\documents and settings\Compaq_Owner\Cookies\ajyqemo.batc:\documents and settings\Compaq_Owner\Cookies\axasifude.dlc:\documents and settings\Compaq_Owner\Cookies\gilamidene.banc:\documents and settings\Compaq_Owner\Cookies\hedaga._dlc:\documents and settings\Compaq_Owner\Cookies\idysanalil.comc:\documents and settings\Compaq_Owner\Cookies\jujanorige.batc:\documents and settings\Compaq_Owner\Cookies\kozedokere.dllc:\documents and settings\Compaq_Owner\Cookies\qigaqilapy._dlc:\documents and settings\Compaq_Owner\Cookies\ryfy.vbsc:\documents and settings\Compaq_Owner\Cookies\utabi.pifc:\documents and settings\Compaq_Owner\Cookies\vapo.infc:\documents and settings\Compaq_Owner\Cookies\ynuvo.binc:\documents and settings\Compaq_Owner\Local Settings\Application Data\abem.infc:\documents and settings\Compaq_Owner\Local Settings\Application Data\aryqufapu.batc:\documents and settings\Compaq_Owner\Local Settings\Application Data\juxuxyxani.vbsc:\documents and settings\Compaq_Owner\Local Settings\Application Data\kollsoc:\documents and settings\Compaq_Owner\Local Settings\Application Data\kollso\lviwsysguard.exec:\documents and settings\Compaq_Owner\Local Settings\Application Data\ogujuvysi.regc:\documents and settings\Compaq_Owner\Local Settings\Application Data\ugaw.batc:\documents and settings\Compaq_Owner\Local Settings\Application Data\ypewoxy.vbsc:\program files\Common Files\aqujafeve.vbsc:\program files\Common Files\efyvo.regc:\program files\Common Files\mycoxum.vbsc:\program files\Common Files\orycat.infc:\program files\Common Files\ybilew.vbsc:\windows\cogoce.regc:\windows\faxu._syc:\windows\gyvat.vbsc:\windows\inucohetu.exec:\windows\inyvixu.dllc:\windows\kemusu.scrc:\windows\ozyvoculy.dllc:\windows\pisomupu.infc:\windows\ridawycoq.regc:\windows\rybasulew._syc:\windows\system32\bogocaky.batc:\windows\system32\imadit.regc:\windows\system32\otuk.vbsc:\windows\system32\srcr.datc:\windows\udynokix.batc:\windows\ytisacaled.vbsc:\windows\zigafe.dllc:\windows\zikezyse.dllc:\windows\zytin.dllD:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 ))))))))))))))))))))))))))))))).2010-01-02 18:32 . 2010-01-02 18:32 -------- d-----w- c:\program files\ERUNT2010-01-02 04:37 . 2010-01-02 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM2010-01-02 04:37 . 2010-01-02 04:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe2010-01-02 01:39 . 2010-01-02 01:46 -------- d-----w- C:\abcd2010-01-02 01:33 . 2010-01-02 01:33 -------- d-----w- c:\program files\explorer2010-01-02 01:27 . 2010-01-02 01:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2010-01-02 01:20 . 2010-01-02 01:20 -------- d-----w- c:\program files\McAfee Security Scan2010-01-02 01:20 . 2010-01-02 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan2009-12-25 03:18 . 2010-01-02 02:55 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-12-24 22:52 . 2009-12-24 22:57 108838 ----a-w- C:\MGlogs.zip2009-12-24 22:51 . 2009-12-24 22:57 -------- d-----w- C:\MGtools2009-12-24 22:35 . 2009-12-24 22:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2009-12-24 22:33 . 2009-12-24 22:33 -------- d-sh--w- c:\documents and settings\Dad\PrivacIE2009-12-24 22:23 . 2009-12-30 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-12-24 22:23 . 2010-01-02 01:28 -------- d-----w- c:\program files\Mapp2009-12-24 22:23 . 2009-12-30 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-12-24 17:52 . 2009-12-24 17:52 -------- d-sh--w- c:\windows\ftpcache2009-12-24 17:47 . 2010-01-02 02:16 -------- d-----w- c:\documents and settings\Administrator2009-12-23 17:39 . 2009-12-23 17:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2009-12-23 08:17 . 2010-01-02 00:31 871 ----a-w- c:\windows\system32\krl32mainweq.dll2009-12-20 21:57 . 2009-12-20 21:57 343040 ----a-w- c:\windows\rsvcrt.dll2009-12-20 21:57 . 2009-12-20 21:57 142848 ----a-w- c:\windows\remsel32.dll2009-12-20 21:41 . 2009-12-20 21:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\dvdcss2009-12-09 01:57 . 2009-12-09 02:02 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\vlc.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-01-02 19:01 . 2009-08-30 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab2010-01-02 19:00 . 2009-08-30 02:12 606240 --sha-w- c:\windows\system32\drivers\fidbox2.dat2010-01-02 19:00 . 2009-08-30 02:12 4462112 --sha-w- c:\windows\system32\drivers\fidbox.dat2010-01-02 19:00 . 2009-08-30 02:12 35940 --sha-w- c:\windows\system32\drivers\fidbox.idx2010-01-02 19:00 . 2009-08-30 02:12 3152 --sha-w- c:\windows\system32\drivers\fidbox2.idx2010-01-02 18:49 . 2010-01-02 18:49 -------- d-----w- c:\documents and settings\Dad\Application Data\Yahoo!2009-12-21 04:01 . 2009-03-05 04:48 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent2009-12-21 04:01 . 2009-03-09 05:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire2009-12-10 03:21 . 2009-08-08 03:29 -------- d-----w- c:\program files\TuneUp Utilities 20092009-12-09 06:00 . 2009-03-05 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2009-12-08 23:14 . 2009-06-20 00:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Download Manager2009-11-17 20:34 . 2009-03-05 00:49 40664 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-11-16 00:05 . 2009-11-16 00:05 -------- d-----w- c:\program files\Microsoft Silverlight2009-11-14 06:49 . 2005-05-07 05:19 -------- d-----w- c:\program files\Microsoft Works2009-11-13 17:20 . 2009-08-30 02:12 95259 ----a-w- c:\windows\system32\drivers\klick.dat2009-11-13 17:20 . 2009-08-30 02:12 108059 ----a-w- c:\windows\system32\drivers\klin.dat2009-11-13 02:13 . 2005-05-07 04:56 -------- d-----w- c:\program files\Java2009-11-13 02:12 . 2009-11-13 02:12 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll2009-11-13 02:07 . 2009-11-13 02:07 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys2009-11-13 02:06 . 2009-11-13 02:06 -------- d-----w- c:\program files\Linksys2009-10-29 07:45 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll2009-10-21 05:38 . 2009-03-05 00:04 75776 ----a-w- c:\windows\system32\strmfilt.dll2009-10-21 05:38 . 2009-03-05 00:03 25088 ----a-w- c:\windows\system32\httpapi.dll2009-10-20 16:20 . 2004-08-04 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys2009-10-13 10:30 . 2009-03-05 00:03 270336 ----a-w- c:\windows\system32\oakley.dll2009-10-12 13:38 . 2009-03-05 00:04 149504 ----a-w- c:\windows\system32\rastls.dll2009-10-12 13:38 . 2009-03-05 00:04 79872 ----a-w- c:\windows\system32\raschap.dll2009-08-30 02:16 . 2009-08-30 02:16 12623 ----a-w- c:\program files\Common Files\edisile.dat2009-08-30 02:09 . 2009-08-30 02:09 19594 ----a-w- c:\program files\Common Files\zoxityhe.pif2009-08-30 02:09 . 2009-08-30 02:09 18326 ----a-w- c:\program files\Common Files\epet.exe2009-08-30 02:09 . 2009-08-30 02:09 15373 ----a-w- c:\program files\Common Files\ipapyty.dl2009-08-30 01:56 . 2009-08-30 01:56 10467 ----a-w- c:\program files\Common Files\acadyc.ban2009-08-30 01:56 . 2009-08-30 01:56 10295 ----a-w- c:\program files\Common Files\esob.ban2009-08-17 04:45 . 2009-08-17 04:45 18361 ----a-w- c:\program files\Common Files\hyguwu.lib2009-08-17 04:45 . 2009-08-17 04:45 14317 ----a-w- c:\program files\Common Files\nyse.db2009-08-17 04:45 . 2009-08-17 04:45 11892 ----a-w- c:\program files\Common Files\ywypym._dl2009-08-17 04:45 . 2009-08-17 04:45 11029 ----a-w- c:\program files\Common Files\cequsaw.db2009-08-17 04:45 . 2009-08-17 04:45 10767 ----a-w- c:\program files\Common Files\omeq.scr2009-08-17 04:34 . 2009-08-17 04:34 12735 ----a-w- c:\program files\Common Files\xogi._sy2009-08-17 04:19 . 2009-08-17 04:19 17397 ----a-w- c:\program files\Common Files\exijaveba.ban2009-08-17 04:19 . 2009-08-17 04:19 16954 ----a-w- c:\program files\Common Files\hoku.lib2009-08-17 04:19 . 2009-08-17 04:19 15591 ----a-w- c:\program files\Common Files\woqy.bin2009-08-17 04:19 . 2009-08-17 04:19 11169 ----a-w- c:\program files\Common Files\guhyqabi.bin2009-08-17 04:19 . 2009-08-17 04:19 10642 ----a-w- c:\program files\Common Files\yvuradacil.dl2005-07-02 05:25 . 2009-03-05 00:29 32 --sha-w- c:\windows\SMINST\HPCD.SYS.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-30 208616]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-07 180269]c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"SMSERIAL"=sm56hlpr.exe"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe""C-Media Mixer"=Mixer.exe /startup"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:TCP"= 5353:TCP:Adobe CSI CS4R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [12/14/2007 6:04 PM 551680]S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [4/1/2009 10:54 PM 18176]S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [4/1/2009 10:54 PM 7680]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.Contents of the 'Scheduled Tasks' folder2010-01-02 c:\windows\Tasks\1-Click Maintenance.job- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 17:54]2009-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]..------- Supplementary Scan -------.uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduseruDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=secondusermStart Page = hxxp://www.google.commSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktopuSearchURL,(Default) = hxxp://www.google.com/keyword/%sIE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmIE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.htmlDPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab.- - - - ORPHANS REMOVED - - - -HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exeAddRemove-Final Fantasy VII - c:\program files\Square SoftAddRemove-HijackThis - c:\mgtools\HijackThis.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-01-02 12:21Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1448)c:\windows\system32\Ati2evxx.dllc:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll.Completion time: 2010-01-02 12:22:58ComboFix-quarantined-files.txt 2010-01-02 19:22Pre-Run: 279,197,208,576 bytes freePost-Run: 279,162,605,568 bytes free- - End Of File - - 7261AC7CC0ADE52445A873AFCFC5DCBA Edited January 2, 2010 by Maurice Naggar Removed quote section Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 2, 2010 ID:178721 Share Posted January 2, 2010 Kevin,Only use the ADDReply button {at very bottom of forum window} when starting a Reply.PLEASE Copy and Paste the contents of log C:\Avenger.txt for my review. Link to post Share on other sites More sharing options...
Kevinw103 Posted January 2, 2010 Author ID:178777 Share Posted January 2, 2010 Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Error: could not open driver "H8SRTd.sys"Disablement of driver "H8SRTd.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: could not open driver "H8SRTd"Disablement of driver "H8SRTd" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTd.sys" not found!Deletion of driver "H8SRTd.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTd" not found!Deletion of driver "H8SRTd" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\drivers\H8SRTpjtvcjsnlm.sys" not found!Deletion of file "C:\WINDOWS\system32\drivers\H8SRTpjtvcjsnlm.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\H8SRTuuxvxekboc.dll" not found!Deletion of file "C:\WINDOWS\system32\H8SRTuuxvxekboc.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\H8SRTd93a.tmp" not found!Deletion of file "C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\H8SRTd93a.tmp" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\H8SRTlavpspguby.dat" not found!Deletion of file "C:\WINDOWS\system32\H8SRTlavpspguby.dat" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\H8SRTtykcfbkadu.dll" not found!Deletion of file "C:\WINDOWS\system32\H8SRTtykcfbkadu.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\Temp\H8SRT433e.tmp" not found!Deletion of file "C:\WINDOWS\Temp\H8SRT433e.tmp" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\Temp\H8SRT46b8.tmp" not found!Deletion of file "C:\WINDOWS\Temp\H8SRT46b8.tmp" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\Temp\H8SRT6fad.tmp" not found!Deletion of file "C:\WINDOWS\Temp\H8SRT6fad.tmp" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\Temp\H8SRT75b7.tmp" not found!Deletion of file "C:\WINDOWS\Temp\H8SRT75b7.tmp" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\H8SRTd.sys" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\H8SRTd.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: folder "C:\recycler" not found!Deletion of folder "C:\recycler" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: could not open folder "e:\recycler"Deletion of folder "e:\recycler" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open folder "f:\recycler"Deletion of folder "f:\recycler" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open folder "g:\recycler"Deletion of folder "g:\recycler" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open folder "h:\recycler"Deletion of folder "h:\recycler" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: folder "D:\recycler" not found!Deletion of folder "D:\recycler" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existCompleted script processing.*******************Finished! Terminate. Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 2, 2010 ID:178786 Share Posted January 2, 2010 I believe you had started with the system running in Safe Mode with Networking.I'd like to have you restart the system in Normal mode, if at all possible.And confirm that for me.NextStep 1Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from >>> here <<< Double-click FixPolicies.exe. Click the "Install" button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd. A black box will briefly appear and then close. This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.Step 2Run a fresh run of Gmer, so we can have a fresh log.========================================================Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.========================================================Double-click gmer.exe. The program will begin to run. **Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan.Click Yes.Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt". Save it where you can easily find it, such as your desktop.If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt". Save it where you can easily find it, such as your desktop.Step 3Using Internet Explorer browser only, go to ESET Online Scanner website:Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.Accept the Terms of Use and press Start button;Approve the install of the required ActiveX Control, then follow on-screen instructions;Enable (check) the Remove found threats option, and run the scan.After the scan completes, the Details tab in the Results window will display what was found and removed. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.Look at contents of this file using Notepad or Wordpad.The Frequently Asked Questions for ESET Online Scanner can be viewed herehttp://www.eset.com/onlinescan/cac4.php?page=faqFrom ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner. Otherwise the scan will take twice as long to do: everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result. It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner. (And the prompt re-enabling when finished.) If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.Reply with copy of the new Gmer.txt logthe ESET scan logand tell me, How is your system now ? Link to post Share on other sites More sharing options...
Kevinw103 Posted January 3, 2010 Author ID:179161 Share Posted January 3, 2010 I've done everything under a different user name on the computer. Under my user name things work fine but under my sons user name no so good. I can't get any internet or run MalwareBytes error code 732 (0, 0) comes up. Yesterday the error code was 732 (12029, 0). I ran all the scans in normal mode under my user name, here are the results.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-01-03 00:30:54Windows 5.1.2600 Service Pack 3Running: y3w3fr8q.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\axgdypog.sys---- System - GMER 1.0.15 ----SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA77FB1DA]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xA77FB7AE]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xA77FD1EA]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xA77FCB9C]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xA77FA950]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA77FEB7C]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xA77FB5AE]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xA77FAD92]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xA77FAF92]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xA77FCEAC]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xA77FF084]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xA77FB0A8]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xA77FB110]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xA77FCD5E]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xA77FE620]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xA77FC9F8]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xA77FAAB2]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xA77FB3B2]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xA77FEBA6]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xA77FB2FE]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xA77FB178]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xA77FAE7C]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xA77FAC5A]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xA77FE888]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xA77FA5D2]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xA77FDA74]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xA77FA734]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xA77FEF56]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xA77FA3D0]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xA77FD08C]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xA77FB6AC]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xA77FE71A]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xA77FEBD0]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xA77FAB08]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xA77FECB4]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xA77FEDE0]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xA77FE54C]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xA77FB47E]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xA77FB4F0]Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccessCode \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous---- Kernel code sections - GMER 1.0.15 ----.text ntoskrnl.exe!_abnormal_termination + 31C 804E2978 4 Bytes CALL A088D0FC .text ntoskrnl.exe!_abnormal_termination + 36C 804E29C8 1 Byte [74].text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [b4, EC, 7F, A7, E0, ED, 7F, ...] {MOV AH, 0xec; JG 0xffffffffffffffab; LOOPNZ 0xfffffffffffffff3; JG 0xffffffffffffffaf; DEC ESP; IN EAX, 0x7f; CMPSD }.text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP A78129E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab).text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512919 5 Bytes JMP A7812626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)---- User code sections - GMER 1.0.15 ----? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1064] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1064] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1232] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1232] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }---- Devices - GMER 1.0.15 ----AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)---- EOF - GMER 1.0.15 ----ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6211# api_version=3.0.2# EOSSerial=52a1bb0f2eef6f4f9a1e8ab4bd252741# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2010-01-03 08:26:43# local_time=2010-01-03 01:26:43 (-0700, US Mountain Standard Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=512 16777215 100 0 0 0 0 0# compatibility_mode=1281 16774501 100 100 9973447 35124861 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=143587# found=0# cleaned=0# scan_time=2724 Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 3, 2010 ID:179172 Share Posted January 3, 2010 Kevin,I'll address the MBAM issue in next round.The Eset scan is very good, and on the initial review, the Gmer scan looks good.Please do the following, so I can review.Step 1Download RootRepeal from one of these links:>> Link 1<<or >>Link 2<<or >>Link 3<<SAVE the zip download to your Desktop. Extract the archive to a folder you create such as C:\RootRepealDouble-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).Click the "File" tab (located at the bottom of the RootRepeal screen)Click the "Scan" buttonIn the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:Click OK and the file scan will beginWhen the scan is done, there will be files listed, but most if not all of them will be legitimateClick the "Save Report" ButtonSave the log file to your Documents folderPost the content of the RootRepeal file scan log in your next reply.Step 2Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exeClose all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!Exit OTL by clicking the X at top right.Download Security Check by screen317 and save it to your Desktop: here or hereRun Security Check Follow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.Then copy/paste the following into your post (in order):the contents of Rootrepeal logthe contents of OTL.txtthe contents of Extras.txt the contents of checkup.txt Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply. Link to post Share on other sites More sharing options...
Kevinw103 Posted January 3, 2010 Author ID:179209 Share Posted January 3, 2010 OK here it is!ROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2010/01/03 12:16Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Hidden/Locked Files-------------------Path: c:\documents and settings\dad\local settings\temp\~df3d36.tmpStatus: Allocation size mismatch (API: 16384, Raw: 0)Path: c:\documents and settings\all users\application data\kaspersky lab\avp8\data\av3.tmpStatus: Allocation size mismatch (API: 271777792, Raw: 0)OTL logfile created on: 1/3/2010 12:19:57 PM - Run 1OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\Dad\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 293.49 Gb Total Space | 259.96 Gb Free Space | 88.58% Space Free | Partition Type: NTFSDrive D: | 4.58 Gb Total Space | 0.37 Gb Free Space | 8.14% Space Free | Partition Type: FAT32E: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: YOUR-F78BF48CE2Current User Name: DadLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/01/03 12:17:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exePRC - [2009/08/07 20:30:22 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exePRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2009/06/28 16:24:54 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2009/01/06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exePRC - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exePRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exePRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exePRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2008/01/09 05:44:20 | 06,922,240 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exePRC - [2007/03/02 12:46:12 | 00,446,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exePRC - [2005/05/06 21:56:08 | 00,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exePRC - [2004/10/22 11:53:06 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exePRC - [1998/05/07 09:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe========== Modules (SafeList) ==========MOD - [2010/01/03 12:17:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2009/08/29 19:59:50 | 00,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)SRV - [2009/08/07 20:30:22 | 00,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)SRV - [2009/08/07 20:30:17 | 00,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)SRV - [2009/07/15 11:48:20 | 00,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)SRV - [2009/06/28 16:24:50 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)SRV - [2009/06/19 18:28:45 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)SRV - [2007/03/20 21:20:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)SRV - [2007/03/02 12:46:12 | 00,446,464 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)SRV - [2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)========== Driver Services (SafeList) ==========DRV - [2009/11/12 19:07:15 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)DRV - [2009/08/29 19:59:50 | 00,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)DRV - [2009/08/29 19:59:49 | 00,226,832 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)DRV - [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)DRV - [2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)DRV - [2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV - [2008/04/13 11:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)DRV - [2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)DRV - [2008/03/13 18:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)DRV - [2007/12/14 18:04:24 | 00,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)DRV - [2007/11/02 14:51:28 | 00,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)DRV - [2007/11/02 14:36:10 | 00,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)DRV - [2007/03/02 12:53:18 | 01,972,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2007/01/22 18:33:00 | 00,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)DRV - [2006/11/28 21:46:20 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)DRV - [2005/01/26 09:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)DRV - [2005/01/25 06:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)DRV - [2005/01/19 17:21:56 | 00,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)DRV - [2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV)DRV - [2004/12/07 20:08:58 | 00,172,672 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)DRV - [2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)DRV - [2004/08/03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2003/12/02 18:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)DRV - [2003/11/11 18:41:00 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB)DRV - [2002/11/18 15:51:40 | 00,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)DRV - [2001/08/17 20:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)DRV - [2001/08/17 19:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduserIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduserIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/08/29 19:12:23 | 00,000,000 | ---D | M]O1 HOSTS File: (794 bytes) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO1 - Hosts: 127.0.0.1 activate.adobe.comO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1236234214734 (MUWebControl Class)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2005/01/26 21:53:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2001/07/27 20:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/01/03 12:17:19 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe[2010/01/03 00:36:05 | 00,000,000 | ---D | C] -- C:\Program Files\ESET[2010/01/02 14:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\FixPolicies[2010/01/02 12:45:09 | 00,000,000 | -HSD | C] -- C:\RECYCLER[2010/01/02 12:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Malwarebytes[2010/01/02 12:15:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2010/01/02 12:15:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2010/01/02 12:15:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2010/01/02 12:15:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2010/01/02 12:15:07 | 00,000,000 | ---D | C] -- C:\Qoobox[2010/01/02 11:51:25 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\TFC.exe[2010/01/02 11:49:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Yahoo![2010/01/02 11:49:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Google[2010/01/02 11:33:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2010/01/02 11:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT[2010/01/01 18:39:36 | 00,000,000 | ---D | C] -- C:\abcd[2010/01/01 18:33:35 | 00,000,000 | ---D | C] -- C:\Program Files\explorer[2010/01/01 18:20:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan[2009/12/24 15:51:59 | 00,000,000 | ---D | C] -- C:\MGtools[2009/12/24 15:44:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dad\Desktop\HJTInstall.exe[2009/12/24 15:35:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard[2009/12/24 15:34:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Macromedia[2009/12/24 15:33:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Adobe[2009/12/24 15:33:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dad\PrivacIE[2009/12/24 15:32:57 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Dad\Application Data\Microsoft[2009/12/24 15:32:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dad\SendTo[2009/12/24 15:32:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dad\Recent[2009/12/24 15:32:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dad\Application Data[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\Start Menu[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\My Documents\My Videos[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\My Documents\My Pictures[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\My Documents\My Music[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\My Documents[2009/12/24 15:32:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dad\Favorites[2009/12/24 15:32:57 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dad\IETldCache[2009/12/24 15:32:57 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dad\Cookies[2009/12/24 15:32:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dad\Templates[2009/12/24 15:32:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dad\PrintHood[2009/12/24 15:32:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dad\NetHood[2009/12/24 15:32:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dad\Local Settings[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\WINDOWS[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Symantec[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\SampleView[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Real[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft Help[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\InterMute[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Identities[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Google[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\ApplicationHistory[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Apple Computer[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Apple Computer[2009/12/24 15:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}[2009/12/24 15:23:21 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009/12/24 15:23:20 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009/12/24 15:23:20 | 00,000,000 | ---D | C] -- C:\Program Files\Mapp[2009/12/24 10:52:23 | 00,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX[2009/12/24 10:52:23 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache[2009/12/20 14:57:16 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\rsvcrt.dll[2009/07/03 10:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2009/03/16 10:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google[2009/03/16 10:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple[2005/05/06 21:44:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2005/05/06 21:44:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[2005/05/06 21:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft========== Files - Modified Within 30 Days ==========[2010/01/03 12:17:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe[2010/01/03 12:06:52 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Dad\settings.dat[2010/01/03 12:05:59 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\RootRepeal.zip[2010/01/03 12:05:39 | 00,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT[2010/01/03 12:04:24 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job[2010/01/03 12:03:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/01/03 12:03:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/01/03 12:03:06 | 04,598,304 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat[2010/01/03 12:03:06 | 00,622,624 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat[2010/01/03 12:03:06 | 00,037,004 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx[2010/01/03 12:03:06 | 00,003,208 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx[2010/01/03 12:02:54 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\Dad\NTUSER.DAT[2010/01/03 12:02:54 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dad\ntuser.ini[2010/01/03 10:16:34 | 00,000,458 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/01/02 14:26:30 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\FixPolicies.exe[2010/01/02 12:21:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010/01/02 12:13:18 | 03,817,629 | R--- | M] () -- C:\Documents and Settings\Dad\Desktop\Combo-Fix.exe[2010/01/02 11:51:25 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\TFC.exe[2010/01/01 19:55:09 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2010/01/01 19:24:18 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\y3w3fr8q.exe[2010/01/01 17:29:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009/12/26 19:20:45 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk[2009/12/25 00:37:36 | 01,568,656 | -H-- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db[2009/12/24 15:57:27 | 00,108,838 | ---- | M] () -- C:\MGlogs.zip[2009/12/24 15:50:46 | 02,386,270 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\MGtools.exe[2009/12/24 15:44:50 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dad\Desktop\HJTInstall.exe[2009/12/24 15:36:13 | 07,451,168 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\SUPERAntiSpyware.exe[2009/12/24 10:52:23 | 00,917,504 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX[2009/12/23 01:15:54 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini[2009/12/20 14:57:21 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\rsvcrt.dll[2009/12/20 14:57:21 | 00,142,848 | ---- | M] () -- C:\WINDOWS\remsel32.dll[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe[2009/12/09 08:43:26 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009/12/09 08:43:26 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009/12/09 08:43:26 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009/12/08 23:00:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2009/12/07 10:36:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job========== Files Created - No Company Name ==========[2010/01/03 12:06:52 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Dad\settings.dat[2010/01/03 12:05:59 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\RootRepeal.zip[2010/01/02 14:41:01 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\y3w3fr8q.exe[2010/01/02 14:26:29 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\FixPolicies.exe[2010/01/02 12:15:30 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe[2010/01/02 12:15:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2010/01/02 12:15:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2010/01/02 12:15:30 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe[2010/01/02 12:15:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2010/01/02 12:13:18 | 03,817,629 | R--- | C] () -- C:\Documents and Settings\Dad\Desktop\Combo-Fix.exe[2009/12/24 20:18:14 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2009/12/24 15:52:00 | 00,108,838 | ---- | C] () -- C:\MGlogs.zip[2009/12/24 15:50:43 | 02,386,270 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\MGtools.exe[2009/12/24 15:36:12 | 07,451,168 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\SUPERAntiSpyware.exe[2009/12/24 15:32:58 | 00,001,132 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Help and Support.lnk[2009/12/24 15:32:57 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Dad\ntuser.ini[2009/12/24 15:32:56 | 01,310,720 | -H-- | C] () -- C:\Documents and Settings\Dad\NTUSER.DAT[2009/12/24 15:23:24 | 00,000,458 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2009/12/23 01:15:54 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini[2009/12/20 14:57:16 | 00,142,848 | ---- | C] () -- C:\WINDOWS\remsel32.dll[2009/08/29 19:16:33 | 00,017,905 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ofylyr._dl[2009/08/29 19:16:33 | 00,016,451 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rodyky.exe[2009/08/29 19:16:33 | 00,012,623 | ---- | C] () -- C:\Program Files\Common Files\edisile.dat[2009/08/29 19:09:06 | 00,019,594 | ---- | C] () -- C:\Program Files\Common Files\zoxityhe.pif[2009/08/29 19:09:06 | 00,018,326 | ---- | C] () -- C:\Program Files\Common Files\epet.exe[2009/08/29 19:09:06 | 00,016,775 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dohoxek.sys[2009/08/29 19:09:06 | 00,016,735 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rexokiwadi.ban[2009/08/29 19:09:06 | 00,016,381 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\urof.dll[2009/08/29 19:09:06 | 00,015,722 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ejewol.exe[2009/08/29 19:09:06 | 00,015,373 | ---- | C] () -- C:\Program Files\Common Files\ipapyty.dl[2009/08/29 19:09:06 | 00,011,083 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ubukusazyb.dll[2009/08/29 18:56:49 | 00,018,669 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jevoxoqic.dl[2009/08/29 18:56:49 | 00,010,467 | ---- | C] () -- C:\Program Files\Common Files\acadyc.ban[2009/08/29 18:56:49 | 00,010,295 | ---- | C] () -- C:\Program Files\Common Files\esob.ban[2009/08/16 21:45:05 | 00,018,883 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pyjeronapu.ban[2009/08/16 21:45:05 | 00,018,361 | ---- | C] () -- C:\Program Files\Common Files\hyguwu.lib[2009/08/16 21:45:05 | 00,016,674 | ---- | C] () -- C:\WINDOWS\System32\jycesok.dll[2009/08/16 21:45:05 | 00,014,317 | ---- | C] () -- C:\Program Files\Common Files\nyse.db[2009/08/16 21:45:05 | 00,014,258 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hojozanari.bin[2009/08/16 21:45:05 | 00,013,957 | ---- | C] () -- C:\WINDOWS\System32\ahefufapa.sys[2009/08/16 21:45:05 | 00,013,060 | ---- | C] () -- C:\WINDOWS\senoga.sys[2009/08/16 21:45:05 | 00,011,892 | ---- | C] () -- C:\Program Files\Common Files\ywypym._dl[2009/08/16 21:45:05 | 00,011,029 | ---- | C] () -- C:\Program Files\Common Files\cequsaw.db[2009/08/16 21:45:05 | 00,010,767 | ---- | C] () -- C:\Program Files\Common Files\omeq.scr[2009/08/16 21:45:05 | 00,010,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sugo.bin[2009/08/16 21:34:01 | 00,014,213 | ---- | C] () -- C:\WINDOWS\nevemus.sys[2009/08/16 21:34:01 | 00,012,735 | ---- | C] () -- C:\Program Files\Common Files\xogi._sy[2009/08/16 21:19:46 | 00,017,397 | ---- | C] () -- C:\Program Files\Common Files\exijaveba.ban[2009/08/16 21:19:46 | 00,017,088 | ---- | C] () -- C:\WINDOWS\System32\hubylul.sys[2009/08/16 21:19:46 | 00,016,954 | ---- | C] () -- C:\Program Files\Common Files\hoku.lib[2009/08/16 21:19:46 | 00,015,591 | ---- | C] () -- C:\Program Files\Common Files\woqy.bin[2009/08/16 21:19:46 | 00,013,865 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vuhutu.lib[2009/08/16 21:19:46 | 00,012,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oguk.scr[2009/08/16 21:19:46 | 00,011,169 | ---- | C] () -- C:\Program Files\Common Files\guhyqabi.bin[2009/08/16 21:19:46 | 00,010,642 | ---- | C] () -- C:\Program Files\Common Files\yvuradacil.dl[2009/08/16 20:09:26 | 00,017,453 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oseviletyj.lib[2009/08/16 20:09:26 | 00,017,194 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kazug.dll[2009/08/16 20:09:26 | 00,016,933 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\epatug._dl[2009/08/16 20:09:26 | 00,013,986 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xujot.db[2009/08/16 20:09:26 | 00,010,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ozimilyl._sy[2009/06/02 13:55:24 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\Systemdrv.sys[2009/06/02 13:54:47 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2009/05/10 21:37:57 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib[2009/05/09 23:23:47 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2009/03/04 18:29:19 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini[2005/05/06 23:06:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2005/05/06 23:03:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2005/05/06 23:03:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2005/05/06 23:03:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2005/05/06 23:03:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2005/05/06 23:03:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2005/05/06 23:03:06 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2005/05/06 22:26:07 | 00,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS[2005/05/06 22:25:56 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll[2005/05/06 22:21:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2005/05/06 22:08:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll[2005/05/06 22:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll[2005/05/06 22:05:40 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll[2005/05/06 22:05:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll[2005/05/06 22:05:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll[2005/05/06 21:50:28 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini[2005/05/06 21:48:36 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll[2005/05/06 21:48:36 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll[2005/05/06 21:48:07 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll[2005/04/01 11:34:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini[2005/01/19 22:45:40 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll[2005/01/19 22:45:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll[2004/06/15 21:38:00 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini[2003/04/10 22:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll========== LOP Check ==========[2009/04/01 22:29:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software[2009/03/13 18:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure[2009/06/02 13:54:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio[2009/03/07 15:28:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic[2009/05/10 21:37:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft[2009/08/07 20:29:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software[2009/08/01 18:13:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip[2009/03/04 20:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}[2009/08/07 20:29:35 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}[2005/05/06 22:46:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\InterMute[2005/05/06 22:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\SampleView[2010/01/03 12:04:24 | 00,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job========== Purity Check ==========< End of report >OTL Extras logfile created on: 1/3/2010 12:19:57 PM - Run 1OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\Dad\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 293.49 Gb Total Space | 259.96 Gb Free Space | 88.58% Space Free | Partition Type: NTFSDrive D: | 4.58 Gb Total Space | 0.37 Gb Free Space | 8.14% Space Free | Partition Type: FAT32E: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: YOUR-F78BF48CE2Current User Name: DadLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)Directory [scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusOverride" = 1"FirewallOverride" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]"DisableMonitoring" = 1"" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled: Link to post Share on other sites More sharing options...
Kevinw103 Posted January 3, 2010 Author ID:179211 Share Posted January 3, 2010 here is the last one that wouldn't fit in last add reply Results of screen317's Security Check version 0.99.1 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Kaspersky Internet Security 2009 Kaspersky Internet Security 2009 `````````````````````````````` Anti-malware/Other Utilities Check: TuneUp Utilities 2009 Java 6 Update 15 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 6.0.1 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent ``````````````````````````````DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 3, 2010 ID:179260 Share Posted January 3, 2010 Step 1De-install LimeWire and any other peer-filesharing app. And confirm that you have done so.I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware."File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."Step 2 See this topic in the AumHa Security forum and get the latest Java run-timehttp://aumha.net/viewtopic.php?f=26&t=42611Step 3Use your browser to go here at Virustotal websiteClick the Browse button and then navigate to C:\Documents and Settings\All Users\Application Data\rodyky.exethen click the Submit button.The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.Repeat the same steps for each one of the following files:C:\Program Files\Common Files\epet.exeC:\Documents and Settings\All Users\Application Data\dohoxek.sysC:\Documents and Settings\All Users\Application Data\urof.dllC:\Documents and Settings\All Users\Application Data\ejewol.exeC:\Documents and Settings\All Users\Application Data\ubukusazyb.dllC:\Documents and Settings\All Users\Application Data\pyjeronapu.banC:\Documents and Settings\All Users\Application Data\hojozanari.binC:\WINDOWS\senoga.sysC:\WINDOWS\nevemus.sysC:\Program Files\Common Files\guhyqabi.binC:\WINDOWS\System32\Systemdrv.sysSave the results for each, and post back here in a reply.Step 4Please download and run the Trend Micro Sysclean Package on your computer.NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.Trend Micro Damage Cleanup EngineMake sure you read this document to understand how to use the program. Trend Micro Sysclean Package README 1stBasically there are 3 parts that need to be downloaded and SAVED from these links:Download Sysclean PackageDownload Virus Pattern Files that will be a LPTxxx.ZIP fileDownload Spyware Pattern Files this is a SSAPIPTNxxx.ZIPIt is the 4th listed file, under title "Detection and Cleanup (Trend Micro Anti-Spyware) – Ssapiptn.Da5"Create a brand new folder to copy these files to.As an example: C:\DCEThen open each of the zipped archive files and copy their contents to C:\DCECopy the file sysclean.com to the new folder C:\DCE as well.Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.How To Use Compressed (Zipped) Folders in Windows XPCompress and uncompress files (zip files) in VistaStep 5Please perform this online scan: F-Secure Online Scanner The online scanner is on the bottom right of the page. Follow the directions in the F-Secure page for proper Installation. You may receive an alert on the address bar at this point to install the ActiveX control. Click on that alert and then click "Install ActiveX component". Read the license agreement and click "Accept". Click "Custom Scan" and be sure the following are checked:Scan whole System Scan all files Scan whole system for rootkits Scan whole system for spyware Scan inside archives Use advanced heuristics When the scan completes, click the "I want to decide item by item" button. For each item found, Select "Disinfect" and click "Next". When done, click the "Show Report" button, then copy and paste the entire report into your next replyStep 6Reply with copies of the following:The reports from Virustotalthe Sysclean logthe F-Secure online scan report Link to post Share on other sites More sharing options...
Kevinw103 Posted January 4, 2010 Author ID:179815 Share Posted January 4, 2010 OK, here is the requested scans:Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: C:\Documents and Settings\All Users\Application Data\rodyky.exeAntivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.03 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.03 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.03 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.03 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 16451 bytes MD5...: 0e0ec506781d1696fd0d1b2cbdf25fa8 SHA1..: 5e1ccaf9b814a240db9cf6efeec6b1c23f2b191e SHA256: 3839d0489a44ce70f2ae88bb3e71068a500c44c440bb738bb49ad887cfb7d054 ssdeep: 384:mmptThF3SqzvRC2rJedDqFERDHcKbMC9MCZWcFd+9YYy4Xmj:B3rRvJiDRT4iMCpF49YYNmPEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- pdfid.: - trid..: Unknown! sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: UnsignedC:\Program Files\Common Files\epet.exeAntivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 18326 bytes MD5...: f27f595cdf2f6baae10c294b4122ee81 SHA1..: a442586dfcf6928dc330ca08966d2eccd1bffdec SHA256: f27ce0b4c7426530bae2cd1a16ab3f7a361cc76e6d5714b9f3488b7c51c87298 ssdeep: 384:5MAF5ysziZkXbVixMPFwvj4tIfE88zpfuq6M/X+M:5M4csOZSVXP6bcd7Yq6M/XZPEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- pdfid.: - trid..: MPEG Video (100.0%) sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: UnsignedC:\Documents and Settings\All Users\Application Data\dohoxek.sysAntivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 16775 bytes MD5...: 19b248578015dbfe83299e919784d204 SHA1..: e9f6fb62d098bfc8241ed8bd0ba91ba344b155ce SHA256: c6be9eb7d13c121492c9f75e752709685c894c40d7fa6a39cd215537df05402c ssdeep: 384:E3Lz2YG1qLE5YpqiqHPahbSAeZaUMxSdQPlKDvpD5KJPhH:E3Lz6qLdqtHPr5fQPlKND5KHPEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsignedpdfid.: - trid..: MPEG Video (74.9%)BONK lossless/lossy audio compressor (25.0%) C:\Documents and Settings\All Users\Application Data\urof.dllAntivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 16381 bytes MD5...: 274595e36f847efae73b93fec8de3a97 SHA1..: e928ecaaf3115f021a2bfc442965b3d1af98975c SHA256: 58d15f0bb176adb535e93e62e76c36710eb04e5ac6d42192073d59b8e97668b8 ssdeep: 384:uOcdtN+729u+1arj8jEAvTZaW3FP3XPYE0bG:uOx2x1k8jJpFP3fa6PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- trid..: Unknown! pdfid.: - sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsigned C:\Documents and Settings\All Users\Application Data\ejewol.exeAntivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 15722 bytes MD5...: 59dad43173354f0a18c566ea985a695c SHA1..: 0424bcc714d651c4711091759b190f8ee03dd73a SHA256: 0d915791c6b6bb2aa17bbcb5820c67c5e1b4dd6e77d72f3479e3f98f18b86950 ssdeep: 384:MfX1eJPGucgIZrd93h079FXbtjOmb8zfYxYEp2T/K324:iFeJPGuPCrdQJlJjOc8bYxtk/K35PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- pdfid.: - sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsignedtrid..: MPEG Video (100.0%) C:\Documents and Settings\All Users\Application Data\ubukusazyb.dllAntivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 11083 bytes MD5...: fe35824977f2fb0f5e7d4c40e6298e34 SHA1..: 8b3dda3f0661d67828531815ed502ca501ae7bdc SHA256: 06d7a5ed6ae087337b956f83314672f244ef1e9aa7102f0f2e0dd7ff117d0b34 ssdeep: 192:QfLOw8tlWySPk6VxYgda1xcl+KsL9U0YZPFAKdCvuogT8Xt9Co2oWPmFMZKpzziX:QRCWyGVxYGkxG+KEUNHFCvlgT8h2PPmkPEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- pdfid.: - sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsignedtrid..: MPEG Video (100.0%) File pyjeronapu.ban received on 2010.01.03 23:25:58 (UTC)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/40 (0%)Loading server information... Your file is queued in position: 1.Estimated start time is between 40 and 57 seconds.Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 18883 bytes MD5...: 79325f8eab5aac24cd83ce033af31eb7 SHA1..: 692c8535896d7daf083e4afbf127bc1b00daf5b9 SHA256: 41525f920d6a166af20ea2a3a6d59ce265fda86d8d9edc96c189c7398bf2ac4b ssdeep: 384:03UNjcWFiLvXY0hIJHOM9aYbuKpVB3QXRe3YpyL7:nNgfY0OjRFBAXRuV7PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsignedpdfid.: - trid..: MPEG Video (100.0%) File hojozanari.bin received on 2010.01.03 23:28:00 (UTC)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/40 (0%)Loading server information... Your file is queued in position: 2.Estimated start time is between 50 and 71 seconds.Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 14258 bytes MD5...: fb5d6ca5cf71580a10157adafe20ca09 SHA1..: c260cfbd111685ae6e6e9f1f63a26376d3729186 SHA256: e5f78b0ccffd082fc55b75a8d144b34555fc6578cc9ce4c12f69ff71cd849b99 ssdeep: 384:b92SvfN+AFqOSLqjIKJ9mhtx2zFrrtoKPXK:baqgCzmPx2xrrtB6PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsignedpdfid.: - trid..: MPEG Video (100.0%) File senoga.sys received on 2010.01.03 23:30:44 (UTC)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/39 (0%)Loading server information... Your file is queued in position: 8.Estimated start time is between 110 and 157 seconds.Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 13060 bytes MD5...: e1a17d257d0bb9c3a51450085811378a SHA1..: 180e863703d816df1bbaeb1a64e00678b1c357ac SHA256: 34b1b9b08d37bddc43730d4aa808ac748b5b9fb76026187e74920097f9d455c7 ssdeep: 192:K5Bw6ZGQParGB4e6Cv1YMMsE30BaT+ex57q4LX+PkaHkV9IHe4tH8GexIIr/KXuN:yLPcmd6CdYlkgT+EZKPCIHeSjg/K4PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsignedpdfid.: - trid..: MPEG Video (100.0%) File nevemus.sys received on 2010.01.03 23:33:36 (UTC)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/40 (0%)Loading server information... Your file is queued in position: 1.Estimated start time is between 40 and 57 seconds.Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 14213 bytes MD5...: 70721e23d161e3c703ccec305babc2ad SHA1..: 0c15e359415c2b00e0c1258543bfe59576b4148e SHA256: 010c7d13724d8b93b64fe5d0d200dc438fc9cde4c53ff81d6bb3581023756826 ssdeep: 384:R2tTd1l4tdTdAuzrMuFlG4PkBQzxR3YqD8cJZyFQM:R2tBf4tkuzDbPwQAqwcLBMPEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- pdfid.: - trid..: Unknown! sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: UnsignedFile guhyqabi.bin received on 2010.01.03 23:36:31 (UTC)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/40 (0%)Loading server information... Your file is queued in position: 1.Estimated start time is between 40 and 57 seconds.Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 11169 bytes MD5...: 0850ac289002cf3ea7a51549d2737d10 SHA1..: 82316f0002301f2ea5d89112111c20888e2ad54d SHA256: 3d28087fd9c5cef3e1458970f10dd303f0018a05d13db264ee29557957bc49a6 ssdeep: 192:6hNBHHq62CyPZ+HRe4u7Z9FILGiz24cRLqhPgX/uMXiYzWQ0uIsUx:6hTHIZ+nud9Udz24cEuX/uMXiizExPEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- pdfid.: - trid..: Unknown! sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: UnsignedFile Systemdrv.sys received on 2010.01.03 23:41:56 (UTC)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/40 (0%)Loading server information... Your file is queued in position: 1.Estimated start time is between 40 and 57 seconds.Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.04 - Ikarus T3.1.1.79.0 2009.12.31 - Jiangmin 13.0.900 2010.01.03 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.04 - McAfee 5850 2010.01.03 - McAfee+Artemis 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.03 - Microsoft 1.5302 2010.01.04 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.04 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.04 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.130 2010.01.04 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Additional information File size: 14 bytes MD5...: 58d904a2fa970bc23b636c47cb60e649 SHA1..: 480556e9f81dbeec70c59cd54a21303bcf232d33 SHA256: e8fe555c024b59bff681e653e4bb1b5550f4d8052147a335d8487d6d3a976545 ssdeep: 3:Sc8y:S5yPEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsignedtrid..: Generic INI configuration (100.0%) pdfid.: - /--------------------------------------------------------------\| Trend Micro System Cleaner || Copyright 2009-2010, Trend Micro, Inc. || http://www.trendmicro.com |\--------------------------------------------------------------/2010-01-03, 17:12:39, Auto-clean mode specified.2010-01-03, 17:12:40, Initialized Rootkit Driver version 2.2.0.1004.2010-01-03, 17:12:40, Running scanner "C:\DCE\TSC.BIN"...2010-01-03, 17:13:03, Scanner "C:\DCE\TSC.BIN" has finished running.2010-01-03, 17:13:03, TSC Log: Link to post Share on other sites More sharing options...
Kevinw103 Posted January 5, 2010 Author ID:180072 Share Posted January 5, 2010 I can run MalwareBytes do updates, everything seems fine. Is there anything else that I need to do. Your advise is appriciated. Thanks Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 10, 2010 ID:182513 Share Posted January 10, 2010 Sorry for delay in getting back to you.I'm going to have you do a special, scripted run of Combofix, after getting the latest version.Please follow directions carefully.Step 1Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).It will close all programs when run, so make sure you have saved all your work before you begin.Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.IF prompted to Reboot, reply "Yes".Step 2Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDELETE the prior copy of Combo-fix.exe on your Desktop {with red-lion icon} !Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop. Link 1 Link 2 Link 3 * IMPORTANT !!! SAVE AS Combo-Fix.exe to your DesktopIf your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop. Step 3Now, Open notepad and copy/paste the text in the quotebox below into it:File::C:\747948A813CB3DD5749F03CF63Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.Step 4Start your MBAM MalwareBytes' Anti-Malware. Click the Settings Tab. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button. At this time of posting, the current definitions are # 3533 and the latest program version is 1.44When done, click the Scanner tab.Do a Quick Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Reply with copy of C:\Combofix.txtand the latest MBAM scan log Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 6, 2010 ID:195117 Share Posted February 6, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts