Jump to content

Recommended Posts

Hello I have been to this forum before and received incredible help so I have returned with a new issue. My problem is a google redirect virus. Very similar to this recent post from yesterday

http://forums.malwarebytes.org/index.php?s...google+redirect

I know that every problem could be solved differently so I wanted to post before using the same method as that system. I have cleaned the computer with Malwarebytes, Avira Antivirus, and I recently read in a lot of google redirect related problems to try Hitman 3.5 so I used that as well. I have also used HiJack This afterwards to remove unwanted issues, however the google redirect remains present. I think from my research the next step is ComboFix but I wanted to get help because I have never used it.

Thank you in advance this forum is great.

Link to post
Share on other sites

Hello Ham

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites

Thank you for your help. I ran the OTL no problem. Then I ran the GMER and it took 5 hours to scan my computer. When I went to save the log file my comp froze and I am going to have to re do the scan throughout the night and Ill post tomorrow morning. In the meantime here are the 2 scans from the OTL. Thanks

OTL logfile created on: 6/3/2010 2:25:20 PM - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Ham\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 487.00 Mb Available Physical Memory | 48.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228.13 Gb Total Space | 168.30 Gb Free Space | 73.77% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HAMMY2

Current User Name: Ham

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ham\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ham\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)

========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (PCI) -- C:\WINDOWS\system32\DRIVERS\pci.sys ()

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)

DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)

DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)

DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)

DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)

DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.)

DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.)

DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 05:01:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/01/26 16:47:32 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/01/26 16:07:47 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Ham\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()

O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Ham\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()

O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL (ATI Technologies Inc.)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_...veX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantaction.com/download/iaplayer.cab (InstantAction Game Launcher)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_...veX_Control.cab (Photo Upload Plugin Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\riparetor.dll File not found

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ham\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/08/21 22:17:32 | 000,002,624 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found

O33 - MountPoints2\{48f6e946-8e78-11dd-8eb2-001372d9f724}\Shell\AutoRun\command - "" = ntdelect.com

O33 - MountPoints2\{48f6e946-8e78-11dd-8eb2-001372d9f724}\Shell\explore\Command - "" = F:\utdetect.com -- File not found

O33 - MountPoints2\{48f6e946-8e78-11dd-8eb2-001372d9f724}\Shell\open\Command - "" = F:\utdetect.com -- File not found

O33 - MountPoints2\{7b0eb120-00f5-11dc-8e4e-001372d9f724}\Shell\AutoRun\command - "" = ntdelect.com

O33 - MountPoints2\{7b0eb120-00f5-11dc-8e4e-001372d9f724}\Shell\explore\Command - "" = F:\utdetect.com -- File not found

O33 - MountPoints2\{7b0eb120-00f5-11dc-8e4e-001372d9f724}\Shell\open\Command - "" = F:\utdetect.com -- File not found

O33 - MountPoints2\{e5a211d1-993e-11db-8e43-001372d9f724}\Shell\AutoRun\command - "" = ntdelect.com

O33 - MountPoints2\{e5a211d1-993e-11db-8e43-001372d9f724}\Shell\explore\Command - "" = F:\utdetect.com -- File not found

O33 - MountPoints2\{e5a211d1-993e-11db-8e43-001372d9f724}\Shell\open\Command - "" = F:\utdetect.com -- File not found

O33 - MountPoints2\{eec7069f-a5d6-11dc-8e70-001372d9f724}\Shell\AutoRun\command - "" = F:\mvxm.cmd -- File not found

O33 - MountPoints2\{eec7069f-a5d6-11dc-8e70-001372d9f724}\Shell\explore\Command - "" = F:\mvxm.cmd -- File not found

O33 - MountPoints2\{eec7069f-a5d6-11dc-8e70-001372d9f724}\Shell\open\Command - "" = F:\mvxm.cmd -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 04:22:48 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (69256455022182400)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/03 14:22:52 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ham\Desktop\OTL.exe

[2010/06/03 01:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Desktop\The_Black_Keys-Brothers-2010-CaHeSo

[2010/06/02 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Desktop\DJ_Green_Lantern-Jadakiss-The_Champ_Is_Here_3

[2010/05/31 10:49:30 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2010/05/31 10:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/05/31 10:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/05/31 10:35:15 | 005,937,984 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Ham\Desktop\HitmanPro35.exe

[2010/05/30 22:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Local Settings\Application Data\ryrnosrnt

[2010/05/29 22:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Local Settings\Application Data\ughhlitfa

[2010/05/27 22:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Local Settings\Application Data\nnhnqppsi

[2010/05/26 17:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Desktop\Johnny_Cash-American_VI_Aint_No_Grave-2010-FRAY

[2010/05/25 22:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Desktop\Solomon_Burke-_Nashville

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/03 14:23:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/06/03 14:23:10 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Ham\NTUSER.DAT

[2010/06/03 14:22:53 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ham\Desktop\OTL.exe

[2010/06/03 14:18:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/03 14:18:34 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/06/03 14:18:11 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\gyisfuqu.job

[2010/06/03 14:18:11 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\qjvxqukg.job

[2010/06/03 14:18:11 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\haqqsijm.job

[2010/06/03 14:18:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/03 14:18:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/03 14:18:05 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/03 14:16:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ham\ntuser.ini

[2010/06/03 14:14:15 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010/06/03 14:14:15 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2010/06/03 09:27:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/06/03 03:50:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/06/03 02:37:59 | 116,602,922 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\DRKTNKLTR[www.mp3boo.com].zip

[2010/06/03 01:19:38 | 083,330,586 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\Cypress_Hill-Rise_Up-2010-FTD.zip

[2010/06/03 00:54:16 | 054,793,172 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\Black Keys - Thickfreakness.zip

[2010/06/03 00:52:28 | 075,870,665 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\The_Black_Keys-Brothers-2010-CaHeSo.rar

[2010/06/02 23:47:30 | 000,089,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ham\MSSSerif120.fon

[2010/06/02 21:16:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/06/02 15:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/06/02 14:29:11 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\iTunes.lnk

[2010/06/01 01:24:41 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\HiJackThis.lnk

[2010/06/01 01:21:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2010/05/31 22:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/05/31 10:36:08 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk

[2010/05/31 10:35:18 | 005,937,984 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Ham\Desktop\HitmanPro35.exe

[2010/05/27 14:10:31 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/05/27 14:10:31 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\3E321B113E.sys

[2010/05/26 00:38:33 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/05/25 21:46:25 | 047,388,078 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\Solomon_Burke-_Nashville.zip

[2010/05/22 23:49:13 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\LA Reporters Offer.doc

[2010/05/21 12:44:05 | 000,421,677 | ---- | M] () -- C:\Documents and Settings\Ham\My Documents\IMG00206.jpg

[2010/05/21 11:19:20 | 041,526,703 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\Johnny_Cash-American_VI_Aint_No_Grave-2010-FRAY-RW.zip

[2010/05/20 19:01:33 | 000,267,264 | ---- | M] () -- C:\Documents and Settings\Ham\My Documents\Veto Proof.doc

[2010/05/13 23:19:32 | 000,304,640 | ---- | M] () -- C:\Documents and Settings\Ham\My Documents\Read Dead offer.doc

[2010/05/12 05:01:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gutiguga

[2010/06/03 14:14:15 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2010/06/03 14:14:15 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2010/06/03 02:37:59 | 116,602,922 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\DRKTNKLTR[www.mp3boo.com].zip

[2010/06/03 01:19:38 | 083,330,586 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\Cypress_Hill-Rise_Up-2010-FTD.zip

[2010/06/03 00:54:16 | 054,793,172 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\Black Keys - Thickfreakness.zip

[2010/06/03 00:52:28 | 075,870,665 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\The_Black_Keys-Brothers-2010-CaHeSo.rar

[2010/06/01 01:23:27 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys

[2010/05/31 10:36:18 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/05/31 10:36:08 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk

[2010/05/25 21:46:25 | 047,388,078 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\Solomon_Burke-_Nashville.zip

[2010/05/22 23:49:13 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\LA Reporters Offer.doc

[2010/05/21 12:44:05 | 000,421,677 | ---- | C] () -- C:\Documents and Settings\Ham\My Documents\IMG00206.jpg

[2010/05/21 11:19:20 | 041,526,703 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\Johnny_Cash-American_VI_Aint_No_Grave-2010-FRAY-RW.zip

[2010/05/20 19:01:33 | 000,267,264 | ---- | C] () -- C:\Documents and Settings\Ham\My Documents\Veto Proof.doc

[2010/05/10 21:19:08 | 000,304,640 | ---- | C] () -- C:\Documents and Settings\Ham\My Documents\Read Dead offer.doc

[2008/12/13 02:46:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008/11/14 00:58:37 | 001,561,162 | -HS- | C] () -- C:\WINDOWS\System32\cralexne.ini

[2008/10/18 20:15:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2008/10/18 20:14:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini

[2008/06/12 03:04:09 | 000,000,364 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008/03/21 18:30:08 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2006/12/31 19:10:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini

[2006/07/22 11:06:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI

[2006/07/19 18:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/18 22:15:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UltimateBuddy.INI

[2006/07/17 19:10:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2006/07/17 16:35:42 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2006/07/17 16:35:42 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3E321B113E.sys

[2006/07/17 15:44:25 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2006/07/10 14:00:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/07/10 13:53:30 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/07/10 13:42:11 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI

[2006/07/10 13:20:06 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini

[2006/07/10 13:20:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2006/07/10 13:19:50 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL

[2006/07/10 13:18:54 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/08/03 23:07:48 | 000,068,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\pci.sys

[2004/01/28 11:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll

[2004/01/28 11:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[2004/01/28 11:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini

[1999/03/21 21:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/02/26 11:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2009/02/26 11:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar

[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream

[2010/05/31 10:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2008/09/25 21:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/01/26 03:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2010/03/17 17:43:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2006/12/31 19:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ham\Application Data\acccore

[2006/07/17 15:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ham\Application Data\Aim

[2007/01/07 16:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ham\Application Data\COWON

[2009/01/26 18:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ham\Application Data\GarageGames

[2006/07/17 19:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ham\Application Data\Leadertech

[2008/03/21 18:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ham\Application Data\webex

[2010/06/03 14:23:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/06/02 21:16:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/06/02 15:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/06/03 03:50:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/06/03 09:27:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/06/03 14:18:11 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\gyisfuqu.job

[2010/06/03 14:18:11 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\haqqsijm.job

[2010/06/03 14:18:11 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\qjvxqukg.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/06/03 14:18:04 | 000,008,953 | ---- | M] () -- C:\aaw7boot.log

[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/08/21 22:17:32 | 000,002,624 | ---- | M] () -- C:\autorun.PNF

[2010/03/17 21:44:27 | 000,000,209 | RHS- | M] () -- C:\boot.ini

[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2006/07/10 13:24:08 | 000,007,111 | RH-- | M] () -- C:\dell.sdr

[2010/06/03 14:18:05 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys

[2006/08/04 19:23:46 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS

[2009/06/17 12:47:18 | 000,002,856 | -H-- | M] () -- C:\IPH.PH

[2010/05/26 00:35:19 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/03/18 07:18:59 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/06/03 14:18:04 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

[2010/01/26 02:23:55 | 000,013,432 | ---- | M] () -- C:\SAFEBOOT_REPAIR.TXT

[2006/07/10 13:46:58 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

[2010/06/01 01:06:40 | 000,021,056 | ---- | M] () -- C:\TDSSKiller.2.2.8_01.06.2010_01.06.34_log.txt

[2010/06/01 01:10:34 | 000,021,036 | ---- | M] () -- C:\TDSSKiller.2.2.8_01.06.2010_01.10.15_log.txt

[2010/06/01 01:22:28 | 000,021,082 | ---- | M] () -- C:\TDSSKiller.2.2.8_01.06.2010_01.22.20_log.txt

[2010/03/17 17:36:53 | 000,021,082 | ---- | M] () -- C:\TDSSKiller.2.2.8_17.03.2010_17.36.43_log.txt

[2010/04/26 11:46:01 | 000,019,510 | ---- | M] () -- C:\TDSSKiller.2.2.8_26.04.2010_11.46.00_log.txt

[2010/05/30 22:43:48 | 000,021,056 | ---- | M] () -- C:\TDSSKiller.2.2.8_30.05.2010_22.43.34_log.txt

[2010/05/31 11:13:42 | 000,021,056 | ---- | M] () -- C:\TDSSKiller.2.2.8_31.05.2010_11.13.32_log.txt

[2010/05/31 11:22:28 | 000,021,082 | ---- | M] () -- C:\TDSSKiller.2.2.8_31.05.2010_11.22.25_log.txt

[2009/04/23 16:41:33 | 000,001,424 | ---- | M] () -- C:\UBSoftUpdate.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll

[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/06/01 01:22:58 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

[2010/03/18 17:09:21 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys

[2010/06/03 14:18:34 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

[2010/03/17 17:44:40 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 6/3/2010 2:25:20 PM - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Ham\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 487.00 Mb Available Physical Memory | 48.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228.13 Gb Total Space | 168.30 Gb Free Space | 73.77% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HAMMY2

Current User Name: Ham

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [!ezcddaxa] -- "C:\Program Files\Easy CD-DA Extractor 10\convert.exe" "%1" ()

Directory [!ezcddaxb] -- "C:\Program Files\Easy CD-DA Extractor 10\burn.exe" "%1" ()

Directory [!ezcddaxc] -- "C:\Program Files\Easy CD-DA Extractor 10\burn2.exe" "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)

"C:\WINDOWS\system32\logonui.exe" = C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui -- (Microsoft Corporation)

"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv -- (Microsoft Corporation)

"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService -- (Apple, Inc.)

"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)

"C:\WINDOWS\system32\services.exe" = C:\WINDOWS\system32\services.exe:*:Enabled:services -- (Microsoft Corporation)

"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore -- (Microsoft Corporation)

"C:\Program Files\Digital Line Detect\DLG.exe" = C:\Program Files\Digital Line Detect\DLG.exe:*:Enabled:DLG -- (BVRP Software)

"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)

"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data

"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA

"{12452C5A-32E2-40C6-808D-DA4FB6DC35A5}" = ATI Catalyst Control Center

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer

"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support

"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon

"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder

"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer

"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes

"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections

"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch

Link to post
Share on other sites

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/31/2010 10:22:23 AM | Computer Name = HAMMY2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: The connection with the server was terminated abnormally

Error - 5/31/2010 10:22:23 AM | Computer Name = HAMMY2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: This network connection does not exist.

Error - 5/31/2010 10:52:00 AM | Computer Name = HAMMY2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: A connection with the server could not be established

Error - 5/31/2010 11:41:18 AM | Computer Name = HAMMY2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: A connection with the server could not be established

Error - 6/1/2010 1:11:55 AM | Computer Name = HAMMY2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: A connection with the server could not be established

Error - 6/1/2010 1:24:16 AM | Computer Name = HAMMY2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: A connection with the server could not be established

Error - 6/1/2010 5:27:41 AM | Computer Name = HAMMY2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: A connection with the server could not be established

Error - 6/1/2010 5:27:41 AM | Computer Name = HAMMY2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: This network connection does not exist.

Error - 6/2/2010 5:58:20 AM | Computer Name = HAMMY2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: A connection with the server could not be established

Error - 6/3/2010 6:19:27 AM | Computer Name = HAMMY2 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: A connection with the server could not be established

[ System Events ]

Error - 6/2/2010 3:50:00 AM | Computer Name = HAMMY2 | Source = Schedule | ID = 7901

Description = The At3.job command failed to start due to the following error: %%2147942402

Error - 6/2/2010 9:27:00 AM | Computer Name = HAMMY2 | Source = Schedule | ID = 7901

Description = The At4.job command failed to start due to the following error: %%2147942402

Error - 6/2/2010 3:00:00 PM | Computer Name = HAMMY2 | Source = Schedule | ID = 7901

Description = The At2.job command failed to start due to the following error: %%2147942402

Error - 6/2/2010 9:16:00 PM | Computer Name = HAMMY2 | Source = Schedule | ID = 7901

Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 6/3/2010 3:50:00 AM | Computer Name = HAMMY2 | Source = Schedule | ID = 7901

Description = The At3.job command failed to start due to the following error: %%2147942402

Error - 6/3/2010 8:56:02 AM | Computer Name = HAMMY2 | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 6/3/2010 9:27:00 AM | Computer Name = HAMMY2 | Source = Schedule | ID = 7901

Description = The At4.job command failed to start due to the following error: %%2147942402

Error - 6/3/2010 2:18:34 PM | Computer Name = HAMMY2 | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

Error - 6/3/2010 2:18:34 PM | Computer Name = HAMMY2 | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

Error - 6/3/2010 2:18:39 PM | Computer Name = HAMMY2 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Beep

Link to post
Share on other sites

Here is the GMER scan...

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-04 09:21:24

Windows 5.1.2600 Service Pack 3

Running: m9fbu974.exe; Driver: C:\DOCUME~1\Ham\LOCALS~1\Temp\fftdipod.sys

---- System - GMER 1.0.15 ----

SSDT B4F0F1DE ZwCreateKey

SSDT B4F0F1D4 ZwCreateThread

SSDT B4F0F1E3 ZwDeleteKey

SSDT B4F0F1ED ZwDeleteValueKey

SSDT B4F0F1F2 ZwLoadKey

SSDT B4F0F1C0 ZwOpenProcess

SSDT B4F0F1C5 ZwOpenThread

SSDT B4F0F1FC ZwReplaceKey

SSDT B4F0F1F7 ZwRestoreKey

SSDT B4F0F1E8 ZwSetValueKey

SSDT B4F0F1CF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FAC 80504848 4 Bytes CALL 7505393E

init C:\WINDOWS\system32\drivers\sigfilt.sys entry point in "init" section [0xEDA56F80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[160] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A

.text C:\WINDOWS\Explorer.EXE[160] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A

.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A

.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C

.text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F2000A

.text C:\WINDOWS\System32\svchost.exe[1216] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E1000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \FileSystem\Fastfat \Fat A96D3D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Looking at your system now, one or more of the identified infections is a backdoor Trojan\Rootkit.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

===============

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

===============

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

13:39:07:775 3884 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

13:39:07:775 3884 ================================================================================

13:39:07:775 3884 SystemInfo:

13:39:07:775 3884 OS Version: 5.1.2600 ServicePack: 3.0

13:39:07:775 3884 Product type: Workstation

13:39:07:775 3884 ComputerName: HAMMY2

13:39:07:775 3884 UserName: Ham

13:39:07:775 3884 Windows directory: C:\WINDOWS

13:39:07:775 3884 Processor architecture: Intel x86

13:39:07:775 3884 Number of processors: 2

13:39:07:775 3884 Page size: 0x1000

13:39:07:775 3884 Boot type: Normal boot

13:39:07:775 3884 ================================================================================

13:39:08:306 3884 Initialize success

13:39:08:306 3884

13:39:08:306 3884 Scanning Services ...

13:39:08:759 3884 Raw services enum returned 370 services

13:39:08:759 3884

13:39:08:759 3884 Scanning Drivers ...

13:39:10:712 3884 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

13:39:10:790 3884 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:39:10:853 3884 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:39:10:931 3884 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

13:39:11:040 3884 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:39:11:197 3884 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

13:39:11:306 3884 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:39:11:353 3884 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

13:39:11:384 3884 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

13:39:11:447 3884 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

13:39:11:478 3884 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

13:39:11:493 3884 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

13:39:11:540 3884 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

13:39:11:728 3884 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

13:39:11:759 3884 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

13:39:11:853 3884 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

13:39:11:900 3884 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

13:39:11:962 3884 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

13:39:12:072 3884 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

13:39:12:103 3884 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:39:12:165 3884 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys

13:39:12:243 3884 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

13:39:12:322 3884 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:39:12:368 3884 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:39:12:493 3884 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

13:39:12:556 3884 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

13:39:12:618 3884 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys

13:39:12:697 3884 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

13:39:12:712 3884 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:39:12:728 3884 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

13:39:12:728 3884 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

13:39:12:806 3884 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:39:12:868 3884 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:39:12:915 3884 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:39:13:071 3884 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

13:39:13:290 3884 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

13:39:13:431 3884 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

13:39:13:556 3884 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys

13:39:13:696 3884 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

13:39:13:743 3884 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

13:39:13:821 3884 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:39:13:884 3884 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

13:39:13:900 3884 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

13:39:13:900 3884 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

13:39:13:915 3884 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

13:39:13:931 3884 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

13:39:13:931 3884 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

13:39:13:978 3884 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

13:39:13:993 3884 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

13:39:14:009 3884 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

13:39:14:056 3884 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:39:14:181 3884 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:39:14:212 3884 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:39:14:306 3884 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:39:14:368 3884 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

13:39:14:462 3884 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:39:14:556 3884 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

13:39:14:587 3884 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

13:39:14:681 3884 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

13:39:14:728 3884 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

13:39:14:759 3884 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:39:14:806 3884 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:39:14:884 3884 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:39:14:946 3884 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:39:15:009 3884 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:39:15:071 3884 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:39:15:118 3884 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:39:15:181 3884 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:39:15:228 3884 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

13:39:15:321 3884 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:39:15:384 3884 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:39:15:400 3884 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:39:15:446 3884 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

13:39:15:462 3884 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

13:39:15:525 3884 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

13:39:15:587 3884 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:39:15:618 3884 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

13:39:15:712 3884 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

13:39:15:790 3884 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:39:15:853 3884 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:39:15:931 3884 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

13:39:15:993 3884 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:39:16:040 3884 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:39:16:103 3884 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:39:16:150 3884 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:39:16:212 3884 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:39:16:259 3884 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:39:16:290 3884 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:39:16:353 3884 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:39:16:400 3884 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:39:16:462 3884 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:39:16:525 3884 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:39:16:571 3884 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

13:39:16:587 3884 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:39:16:650 3884 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:39:16:696 3884 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys

13:39:16:743 3884 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

13:39:16:790 3884 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

13:39:16:837 3884 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:39:16:900 3884 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:39:16:900 3884 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

13:39:16:946 3884 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:39:17:025 3884 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:39:17:071 3884 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:39:17:118 3884 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys

13:39:17:150 3884 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

13:39:17:212 3884 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:39:17:306 3884 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:39:17:353 3884 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:39:17:400 3884 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:39:17:462 3884 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:39:17:540 3884 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:39:17:634 3884 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:39:17:790 3884 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

13:39:17:884 3884 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

13:39:17:931 3884 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

13:39:18:025 3884 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:39:18:040 3884 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

13:39:18:118 3884 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:39:18:165 3884 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:39:18:212 3884 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:39:18:275 3884 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

13:39:18:337 3884 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:39:18:415 3884 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:39:18:462 3884 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:39:18:509 3884 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:39:18:556 3884 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:39:18:634 3884 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:39:18:790 3884 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:39:18:853 3884 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:39:18:962 3884 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

13:39:18:993 3884 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:39:19:071 3884 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:39:19:118 3884 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:39:19:181 3884 PCI (739ca9769cc869ddcb4029964a7bab87) C:\WINDOWS\system32\DRIVERS\pci.sys

13:39:19:181 3884 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: 739ca9769cc869ddcb4029964a7bab87, Fake md5: 9e7aab956e33e1b2694055ca75458207

13:39:19:181 3884 File "C:\WINDOWS\system32\DRIVERS\pci.sys" infected by TDSS rootkit ... 13:39:21:321 3884 Backup copy found, using it..

13:39:21:384 3884 will be cured on next reboot

13:39:21:556 3884 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:39:21:618 3884 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:39:21:759 3884 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

13:39:21:821 3884 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

13:39:21:915 3884 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:39:21:978 3884 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:39:22:056 3884 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:39:22:150 3884 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:39:22:196 3884 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

13:39:22:275 3884 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

13:39:22:353 3884 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

13:39:22:431 3884 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

13:39:22:509 3884 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

13:39:22:587 3884 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:39:22:681 3884 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:39:22:759 3884 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:39:22:853 3884 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:39:22:931 3884 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:39:22:962 3884 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:39:23:056 3884 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:39:23:196 3884 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

13:39:23:259 3884 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:39:23:306 3884 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys

13:39:23:353 3884 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:39:23:400 3884 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:39:23:431 3884 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:39:23:478 3884 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:39:23:603 3884 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys

13:39:23:743 3884 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

13:39:23:775 3884 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

13:39:23:821 3884 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

13:39:23:868 3884 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:39:23:931 3884 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:39:23:962 3884 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

13:39:24:025 3884 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

13:39:24:134 3884 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys

13:39:24:165 3884 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

13:39:24:243 3884 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:39:24:306 3884 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:39:24:384 3884 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

13:39:24:446 3884 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

13:39:24:478 3884 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

13:39:24:556 3884 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

13:39:24:650 3884 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:39:24:712 3884 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:39:24:775 3884 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:39:24:821 3884 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:39:24:868 3884 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:39:24:900 3884 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

13:39:24:978 3884 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:39:25:056 3884 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

13:39:25:118 3884 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:39:25:196 3884 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

13:39:25:228 3884 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:39:25:337 3884 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

13:39:25:368 3884 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:39:25:415 3884 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:39:25:462 3884 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

13:39:25:540 3884 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:39:25:603 3884 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:39:25:650 3884 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:39:25:696 3884 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:39:25:743 3884 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:39:25:806 3884 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

13:39:25:884 3884 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

13:39:25:946 3884 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:39:26:009 3884 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:39:26:181 3884 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:39:26:290 3884 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

13:39:26:368 3884 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

13:39:26:978 3884 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

13:39:27:025 3884 Reboot required for cure complete..

13:39:27:478 3884 Cure on reboot scheduled successfully

13:39:27:478 3884

13:39:27:478 3884 Completed

13:39:27:478 3884

13:39:27:478 3884 Results:

13:39:27:478 3884 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

13:39:27:478 3884 File objects infected / cured / cured on reboot: 1 / 0 / 1

13:39:27:478 3884

13:39:27:478 3884 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

ComboFix 10-06-03.01 - Ham 06/04/2010 13:56:17.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.584 [GMT -4:00]

Running from: c:\documents and settings\Ham\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Ham\Local Settings\Temporary Internet Files\fbk.sts

c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\fbk.sts

c:\windows\system32\cralexne.ini

c:\windows\system32\Data

c:\windows\Tasks\gyisfuqu.job

c:\windows\Tasks\haqqsijm.job

c:\windows\Tasks\qjvxqukg.job

c:\windows\wiaserviv.log

.

((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))

.

2010-05-31 14:49 . 2010-06-01 05:21 12872 ----a-w- c:\windows\system32\bootdelete.exe

2010-05-31 14:36 . 2010-06-04 17:42 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-05-31 14:36 . 2010-05-31 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-05-31 14:36 . 2010-05-31 14:36 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-05-31 02:38 . 2010-05-31 08:17 -------- d-----w- c:\documents and settings\Ham\Local Settings\Application Data\ryrnosrnt

2010-05-30 02:13 . 2010-05-30 02:32 -------- d-----w- c:\documents and settings\Ham\Local Settings\Application Data\ughhlitfa

2010-05-28 02:56 . 2010-05-28 04:01 -------- d-----w- c:\documents and settings\Ham\Local Settings\Application Data\nnhnqppsi

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-04 17:40 . 2004-08-04 03:07 68224 ----a-w- c:\windows\system32\drivers\pci.sys

2010-06-01 05:22 . 2004-08-04 02:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-05-27 18:10 . 2006-07-17 20:35 88 --sh--r- c:\windows\system32\3E321B113E.sys

2010-05-27 18:10 . 2006-07-17 20:35 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-05-26 04:38 . 2010-03-18 01:39 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-05-26 04:35 . 2010-03-16 07:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-29 19:39 . 2010-03-16 07:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-03-16 07:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-18 22:49 . 2006-07-17 20:35 47896 ----a-w- c:\documents and settings\Ham\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-18 21:09 . 2010-03-16 15:08 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-03-17 21:44 . 2010-03-17 21:44 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-16 05:24 . 2010-03-16 05:24 3748 ----a-w- c:\windows\system32\evfolorip.dat

2010-03-14 23:57 . 2010-03-14 23:57 3748 ----a-w- c:\windows\system32\dlletdllje.dat

2010-03-14 20:31 . 2010-03-14 20:31 3748 ----a-w- c:\windows\system32\ewinhje.dat

2010-03-14 18:53 . 2010-02-04 23:44 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-03-14 15:48 . 2010-03-14 15:48 3748 ----a-w- c:\windows\system32\wicowex.dat

2010-03-10 06:15 . 2005-08-16 08:18 420352 ----a-w- c:\windows\system32\vbscript.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-05-31 5937984]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]

2006-04-06 01:31 57344 ----a-w- c:\program files\ATI Multimedia\main\atidtct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

2006-04-06 01:35 102400 ----a-w- c:\program files\ATI Multimedia\main\LaunchPd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-08-06 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2009-03-02 16:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

2005-09-15 13:47 57344 ------w- c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

2005-09-08 09:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-10-05 07:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-09-29 18:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]

2005-02-08 03:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2006-07-10 17:54 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 14:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 14:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-02-19 18:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]

2005-05-19 12:54 1345520 ----a-w- c:\windows\system32\CTMBHA.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-02-01 04:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

2004-12-22 21:40 24576 ----a-w- c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2008-10-29 03:10 1410296 ----a-w- c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-12-18 01:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

2005-09-19 11:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

"c:\\Program Files\\Digital Line Detect\\DLG.exe"=

"c:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\xampp\\apache\\bin\\httpd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/17/2010 5:44 PM 64288]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/16/2010 11:08 AM 108289]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1314704]

.

Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:44]

2010-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.espn.com/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Ham\Start Menu\Programs\UltimateBet\UltimateBet.lnk

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

SafeBoot-klmdb.sys

MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe

MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe

MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe

MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe

MSConfigStartUp-MSKDetectorExe - c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe

MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe

MSConfigStartUp-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe

MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-04 14:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2420)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTsvcCDA.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2010-06-04 14:16:35 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-04 18:16

Pre-Run: 180,804,050,944 bytes free

Post-Run: 183,309,430,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - F7C3167555FD70DE0CFA1F8E0CAFF2BA

Link to post
Share on other sites

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Nothing found with Malwarebytes, here is the log anyway...

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4170

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/4/2010 9:55:16 PM

mbam-log-2010-06-04 (21-55-16).txt

Scan type: Quick scan

Objects scanned: 137970

Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ESET found 1 item and removed

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=ae7a768c72b27342a7def04acdc2dc35

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-06-05 04:07:18

# local_time=2010-06-05 12:07:18 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775125 100 94 0 47421764 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=102087

# found=1

# cleaned=1

# scan_time=7588

C:\Qoobox\Quarantine\C\WINDOWS\system32\cralexne.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    c:\documents and settings\Ham\Local Settings\Application Data\ryrnosrnt
    c:\documents and settings\Ham\Local Settings\Application Data\ughhlitfa
    c:\documents and settings\Ham\Local Settings\Application Data\nnhnqppsi
    c:\windows\system32\evfolorip.dat
    c:\windows\system32\dlletdllje.dat
    c:\windows\system32\ewinhje.dat
    c:\windows\system32\wicowex.dat


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

================================Follow up scan=================================

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

After that let me know how things are running and let me know of any other issues.

Link to post
Share on other sites

First OTL scan...

========== FILES ==========

c:\documents and settings\Ham\Local Settings\Application Data\ryrnosrnt folder moved successfully.

c:\documents and settings\Ham\Local Settings\Application Data\ughhlitfa folder moved successfully.

c:\documents and settings\Ham\Local Settings\Application Data\nnhnqppsi folder moved successfully.

c:\windows\system32\evfolorip.dat moved successfully.

c:\windows\system32\dlletdllje.dat moved successfully.

c:\windows\system32\ewinhje.dat moved successfully.

c:\windows\system32\wicowex.dat moved successfully.

OTL by OldTimer - Version 3.2.5.3 log created on 06052010_224049

Link to post
Share on other sites

OTL logfile created on: 6/5/2010 10:43:12 PM - Run 2

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Ham\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 728.00 Mb Available Physical Memory | 71.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228.13 Gb Total Space | 170.68 Gb Free Space | 74.82% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HAMMY2

Current User Name: Ham

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ham\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ham\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)

========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)

DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)

DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)

DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)

DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)

DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.)

DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.)

DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 05:01:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/01/26 16:47:32 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/06/04 14:04:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Ham\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()

O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Ham\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()

O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL (ATI Technologies Inc.)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_...veX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantaction.com/download/iaplayer.cab (InstantAction Game Launcher)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_...veX_Control.cab (Photo Upload Plugin Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ham\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/08/21 22:17:32 | 000,002,624 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/05 22:40:49 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/06/05 10:12:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/06/04 21:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/06/04 13:54:00 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/06/04 13:50:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/06/04 13:50:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/06/04 13:50:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/06/04 13:50:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/06/04 13:50:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/04 13:49:53 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/04 13:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Desktop\tdsskiller

[2010/06/03 14:22:52 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ham\Desktop\OTL.exe

[2010/06/03 01:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Desktop\The_Black_Keys-Brothers-2010-CaHeSo

[2010/06/02 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Desktop\DJ_Green_Lantern-Jadakiss-The_Champ_Is_Here_3

[2010/05/31 10:49:30 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2010/05/31 10:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/05/31 10:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/05/31 10:35:15 | 005,937,984 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Ham\Desktop\HitmanPro35.exe

[2010/05/26 17:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Desktop\Johnny_Cash-American_VI_Aint_No_Grave-2010-FRAY

[2010/05/25 22:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ham\Desktop\Solomon_Burke-_Nashville

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/05 17:44:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/06/05 00:44:41 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/06/05 00:43:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/05 00:42:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/05 00:42:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/05 00:42:40 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/05 00:41:44 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Ham\NTUSER.DAT

[2010/06/05 00:41:44 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ham\ntuser.ini

[2010/06/04 15:39:22 | 000,089,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ham\MSSSerif120.fon

[2010/06/04 14:04:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/04 14:04:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/06/04 13:54:05 | 000,000,279 | RHS- | M] () -- C:\boot.ini

[2010/06/04 13:38:05 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\Ham\Desktop\ComboFix.exe

[2010/06/04 13:36:50 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\tdsskiller.zip

[2010/06/03 20:38:19 | 006,384,476 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\Eminem feat. Pink - Won't Back Down (Produced by DJ Khalil).mp3

[2010/06/03 14:35:32 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\m9fbu974.exe

[2010/06/03 14:22:53 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ham\Desktop\OTL.exe

[2010/06/03 02:37:59 | 116,602,922 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\DRKTNKLTR[www.mp3boo.com].zip

[2010/06/03 01:19:38 | 083,330,586 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\Cypress_Hill-Rise_Up-2010-FTD.zip

[2010/06/03 00:54:16 | 054,793,172 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\Black Keys - Thickfreakness.zip

[2010/06/03 00:52:28 | 075,870,665 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\The_Black_Keys-Brothers-2010-CaHeSo.rar

[2010/06/02 14:29:11 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\iTunes.lnk

[2010/06/01 01:24:41 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\HiJackThis.lnk

[2010/06/01 01:21:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2010/05/31 22:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/05/31 10:36:08 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk

[2010/05/31 10:35:18 | 005,937,984 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Ham\Desktop\HitmanPro35.exe

[2010/05/27 14:10:31 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/05/27 14:10:31 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\3E321B113E.sys

[2010/05/26 00:38:33 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/05/25 21:46:25 | 047,388,078 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\Solomon_Burke-_Nashville.zip

[2010/05/22 23:49:13 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\LA Reporters Offer.doc

[2010/05/21 12:44:05 | 000,421,677 | ---- | M] () -- C:\Documents and Settings\Ham\My Documents\IMG00206.jpg

[2010/05/21 11:19:20 | 041,526,703 | ---- | M] () -- C:\Documents and Settings\Ham\Desktop\Johnny_Cash-American_VI_Aint_No_Grave-2010-FRAY-RW.zip

[2010/05/20 19:01:33 | 000,267,264 | ---- | M] () -- C:\Documents and Settings\Ham\My Documents\Veto Proof.doc

[2010/05/13 23:19:32 | 000,304,640 | ---- | M] () -- C:\Documents and Settings\Ham\My Documents\Read Dead offer.doc

[2010/05/12 05:01:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gutiguga

[2010/06/04 13:54:05 | 000,000,209 | ---- | C] () -- C:\Boot.bak

[2010/06/04 13:54:01 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/06/04 13:50:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/06/04 13:50:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/06/04 13:50:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/06/04 13:50:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/06/04 13:50:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/06/04 13:38:02 | 003,702,826 | R--- | C] () -- C:\Documents and Settings\Ham\Desktop\ComboFix.exe

[2010/06/04 13:36:48 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\tdsskiller.zip

[2010/06/03 20:38:11 | 006,384,476 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\Eminem feat. Pink - Won't Back Down (Produced by DJ Khalil).mp3

[2010/06/03 14:35:30 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\m9fbu974.exe

[2010/06/03 02:37:59 | 116,602,922 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\DRKTNKLTR[www.mp3boo.com].zip

[2010/06/03 01:19:38 | 083,330,586 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\Cypress_Hill-Rise_Up-2010-FTD.zip

[2010/06/03 00:54:16 | 054,793,172 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\Black Keys - Thickfreakness.zip

[2010/06/03 00:52:28 | 075,870,665 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\The_Black_Keys-Brothers-2010-CaHeSo.rar

[2010/06/01 01:23:27 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys

[2010/05/31 10:36:18 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/05/31 10:36:08 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk

[2010/05/25 21:46:25 | 047,388,078 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\Solomon_Burke-_Nashville.zip

[2010/05/22 23:49:13 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\LA Reporters Offer.doc

[2010/05/21 12:44:05 | 000,421,677 | ---- | C] () -- C:\Documents and Settings\Ham\My Documents\IMG00206.jpg

[2010/05/21 11:19:20 | 041,526,703 | ---- | C] () -- C:\Documents and Settings\Ham\Desktop\Johnny_Cash-American_VI_Aint_No_Grave-2010-FRAY-RW.zip

[2010/05/20 19:01:33 | 000,267,264 | ---- | C] () -- C:\Documents and Settings\Ham\My Documents\Veto Proof.doc

[2010/05/10 21:19:08 | 000,304,640 | ---- | C] () -- C:\Documents and Settings\Ham\My Documents\Read Dead offer.doc

[2008/12/13 02:46:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008/10/18 20:15:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2008/10/18 20:14:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini

[2008/06/12 03:04:09 | 000,000,364 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008/03/21 18:30:08 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2006/12/31 19:10:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini

[2006/07/22 11:06:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI

[2006/07/19 18:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/18 22:15:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UltimateBuddy.INI

[2006/07/17 19:10:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2006/07/17 16:35:42 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2006/07/17 16:35:42 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3E321B113E.sys

[2006/07/17 15:44:25 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2006/07/10 14:00:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/07/10 13:53:30 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/07/10 13:42:11 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI

[2006/07/10 13:20:06 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini

[2006/07/10 13:20:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2006/07/10 13:19:50 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL

[2006/07/10 13:18:54 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/01/28 11:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll

[2004/01/28 11:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[2004/01/28 11:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini

[1999/03/21 21:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gutiguga


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • You can close OTL then.

==========

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.