jsl3f5 Posted June 10, 2010 ID:265352 Share Posted June 10, 2010 Please bear with me as I am new to all this.I had a pc that showed it had rootkit.win32.tdss.d virus. I ran malwarebytes off of a thumb drive and it got most of the virus, I since have tried tdskiller.exe, symantecs vundo removal tool, malewarebytes ect to complete removal.Malewarebytes finds 2 registry keys infected and says it will remove but upon reboot machine still shows those keys. I have tried to manually remove the keys and after I leave the folder and return the keys has respawned. I will post the logs I can find.This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Charlie Adamson on 06/10/2010 at 12:28:43. Processes terminated by Rkill or while it was running: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Documents and Settings\Charlie Adamson\Local Settings\Temporary Internet Files\Content.IE5\BW4L6185\fixvundo[1].exeC:\Documents and Settings\Charlie Adamson\Local Settings\Temporary Internet Files\Content.IE5\BW4L6185\rkill[1].comRkill completed on 06/10/2010 at 12:28:51. 13:29:56:156 1784 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:4813:29:56:156 1784 ================================================================================13:29:56:156 1784 SystemInfo:13:29:56:156 1784 OS Version: 5.1.2600 ServicePack: 3.013:29:56:156 1784 Product type: Workstation13:29:56:156 1784 ComputerName: DJ57W7C113:29:56:156 1784 UserName: Charlie Adamson13:29:56:156 1784 Windows directory: C:\WINDOWS13:29:56:156 1784 Processor architecture: Intel x8613:29:56:156 1784 Number of processors: 213:29:56:156 1784 Page size: 0x100013:29:56:156 1784 Boot type: Normal boot13:29:56:156 1784 ================================================================================13:30:01:078 1784 Initialize success13:30:01:078 1784 13:30:01:078 1784 Scanning Services ...13:30:01:203 1784 Raw services enum returned 334 services13:30:01:218 1784 13:30:01:218 1784 Scanning Drivers ...13:30:02:390 1784 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS13:30:02:531 1784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys13:30:02:625 1784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys13:30:02:953 1784 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys13:30:03:000 1784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys13:30:03:062 1784 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys13:30:03:140 1784 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys13:30:03:343 1784 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys13:30:03:671 1784 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys13:30:03:703 1784 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys13:30:03:718 1784 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys13:30:03:765 1784 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys13:30:03:796 1784 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys13:30:03:906 1784 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys13:30:04:000 1784 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys13:30:04:296 1784 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys13:30:04:406 1784 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys13:30:04:437 1784 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys13:30:04:562 1784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys13:30:04:625 1784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys13:30:04:953 1784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys13:30:05:078 1784 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys13:30:05:125 1784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys13:30:05:281 1784 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) C:\WINDOWS\system32\AWINDIS5.SYS13:30:05:640 1784 b57w2k (bb1a2a73f993b623f99e03ed2f9e014c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys13:30:05:765 1784 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys13:30:06:031 1784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys13:30:06:156 1784 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys13:30:06:156 1784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys13:30:06:171 1784 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys13:30:06:484 1784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys13:30:06:562 1784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys13:30:06:765 1784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys13:30:06:843 1784 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys13:30:07:031 1784 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys13:30:07:125 1784 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys13:30:07:296 1784 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys13:30:07:500 1784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys13:30:07:781 1784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys13:30:08:343 1784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys13:30:08:765 1784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys13:30:08:859 1784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys13:30:09:218 1784 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys13:30:09:375 1784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys13:30:09:906 1784 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys13:30:10:453 1784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys13:30:10:796 1784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys13:30:10:875 1784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys13:30:11:140 1784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys13:30:11:328 1784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys13:30:11:593 1784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys13:30:11:718 1784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys13:30:12:046 1784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys13:30:12:437 1784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys13:30:12:609 1784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys13:30:12:890 1784 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys13:30:13:328 1784 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys13:30:13:843 1784 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys13:30:14:203 1784 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys13:30:14:312 1784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys13:30:14:406 1784 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys13:30:14:562 1784 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys13:30:14:625 1784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys13:30:14:906 1784 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys13:30:15:109 1784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys13:30:15:265 1784 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys13:30:15:312 1784 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys13:30:15:359 1784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys13:30:15:843 1784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys13:30:16:046 1784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys13:30:16:312 1784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys13:30:16:687 1784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys13:30:17:062 1784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys13:30:17:328 1784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys13:30:17:484 1784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys13:30:17:578 1784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys13:30:17:687 1784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys13:30:17:937 1784 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys13:30:18:046 1784 KLFLTDEV (adda474c9b18fd829a6c8351485c4842) C:\WINDOWS\system32\DRIVERS\klfltdev.sys13:30:18:343 1784 KLIF (7391ea3fc728c3a7d2c99822d20fe11d) C:\WINDOWS\system32\DRIVERS\klif.sys13:30:18:765 1784 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys13:30:19:046 1784 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys13:30:19:546 1784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys13:30:19:671 1784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys13:30:22:703 1784 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys13:30:23:031 1784 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys13:30:23:453 1784 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys13:30:23:687 1784 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys13:30:23:859 1784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys13:30:23:968 1784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys13:30:24:390 1784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys13:30:24:828 1784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys13:30:25:281 1784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys13:30:25:640 1784 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys13:30:26:343 1784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys13:30:26:921 1784 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys13:30:27:234 1784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys13:30:27:734 1784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys13:30:28:062 1784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys13:30:28:312 1784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys13:30:28:515 1784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys13:30:28:843 1784 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys13:30:29:187 1784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys13:30:29:468 1784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys13:30:29:906 1784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys13:30:30:093 1784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys13:30:30:546 1784 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys13:30:30:828 1784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys13:30:31:328 1784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys13:30:31:765 1784 NETGEAR_WG311T_SERVICE (9cf525462cc61fc0eb072825845cb494) C:\WINDOWS\system32\DRIVERS\wg311tn5.sys13:30:32:421 1784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys13:30:32:687 1784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys13:30:33:000 1784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys13:30:34:000 1784 nv (a93a67f645ea424f0752f8887860fb5f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys13:30:34:187 1784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys13:30:34:765 1784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys13:30:35:125 1784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys13:30:35:640 1784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys13:30:35:953 1784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys13:30:36:203 1784 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys13:30:36:531 1784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys13:30:37:156 1784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys13:30:37:484 1784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys13:30:39:421 1784 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys13:30:40:031 1784 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys13:30:40:875 1784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys13:30:41:203 1784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys13:30:41:781 1784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys13:30:42:437 1784 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys13:30:43:140 1784 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys13:30:43:921 1784 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys13:30:44:328 1784 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys13:30:44:812 1784 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys13:30:45:250 1784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys13:30:45:578 1784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys13:30:45:828 1784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys13:30:46:187 1784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys13:30:46:765 1784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys13:30:47:265 1784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys13:30:47:890 1784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys13:30:48:609 1784 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys13:30:49:093 1784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys13:30:49:375 1784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys13:30:50:031 1784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys13:30:50:375 1784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys13:30:50:515 1784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys13:30:50:640 1784 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys13:30:50:859 1784 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys13:30:51:140 1784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys13:30:51:593 1784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys13:30:51:750 1784 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys13:30:51:984 1784 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys13:30:53:015 1784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys13:30:53:250 1784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys13:30:53:546 1784 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys13:30:54:015 1784 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys13:30:54:250 1784 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys13:30:54:406 1784 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys13:30:54:640 1784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys13:30:54:953 1784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys13:30:55:312 1784 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys13:30:55:734 1784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys13:30:56:171 1784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys13:30:56:437 1784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys13:30:56:859 1784 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys13:30:57:062 1784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys13:30:57:484 1784 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys13:30:57:921 1784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys13:30:58:171 1784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys13:30:58:750 1784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys13:30:59:296 1784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys13:30:59:578 1784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys13:31:00:125 1784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS13:31:00:718 1784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys13:31:01:015 1784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys13:31:01:421 1784 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys13:31:01:875 1784 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys13:31:02:453 1784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys13:31:03:078 1784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys13:31:03:531 1784 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys13:31:04:390 1784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys13:31:04:687 1784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys13:31:05:250 1784 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys13:31:05:296 1784 13:31:05:296 1784 Completed13:31:05:296 1784 13:31:05:296 1784 Results:13:31:05:296 1784 Registry objects infected / cured / cured on reboot: 0 / 0 / 013:31:05:296 1784 File objects infected / cured / cured on reboot: 0 / 0 / 013:31:05:296 1784 13:31:05:296 1784 KLMD(ARK) unloaded successfullyMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.116/10/2010 9:39:40 AMmbam-log-2010-06-10 (09-39-40).txtScan type: Full scan (C:\|)Objects scanned: 203368Time elapsed: 1 hour(s), 7 minute(s), 49 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 10Registry Values Infected: 7Registry Data Items Infected: 5Folders Infected: 0Files Infected: 19Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\govegomu.dll (Trojan.Vundo.H) -> Delete on reboot.Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{21e49450-bb9e-4486-8972-fa490144d629} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\molubarit (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{21e49450-bb9e-4486-8972-fa490144d629} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fizulizir (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\govegomu.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\govegomu.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\fuweyofa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\genakoso.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\govegomu.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\gunesaka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\herurata.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\kugeyugu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\kuyusume.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\liguluva.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\lohemifa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\nelufuyu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\pagifali.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\renazuvi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\sagobuho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\tadagagu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\tifukako.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\zuzogomi.dll (Trojan.Vundo.H) -> Delete on reboot.C:\Program Files\alot\bin\alot.dll (Trojan.BHO) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\ziwafume.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\lizazopi.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.116/10/2010 10:41:55 AMmbam-log-2010-06-10 (10-41-55).txtScan type: Full scan (C:\|F:\|)Objects scanned: 204528Time elapsed: 45 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 1Registry Values Infected: 4Registry Data Items Infected: 3Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:c:\WINDOWS\system32\nolomipu.dll (Trojan.Vundo.H) -> Delete on reboot.Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{45587eac-69c3-4111-aa33-2aab4db97afe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\molubarit (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{45587eac-69c3-4111-aa33-2aab4db97afe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pewarumad (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nolomipu.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nolomipu.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\genakoso.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\nolomipu.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\zuzogomi.dll (Trojan.Vundo.H) -> Delete on reboot.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.116/10/2010 11:53:13 AMmbam-log-2010-06-10 (11-53-13).txtScan type: Full scan (C:\|)Objects scanned: 204230Time elapsed: 1 hour(s), 0 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 1Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.116/10/2010 1:18:58 PMmbam-log-2010-06-10 (13-18-58).txtScan type: Full scan (C:\|)Objects scanned: 204197Time elapsed: 46 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 1Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)I always still find the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa still there and the updates one.... Link to post Share on other sites More sharing options...
kahdah Posted June 11, 2010 ID:265814 Share Posted June 11, 2010 Hello jsl3f5Welcome to Malwarebytes.=====================Download OTL to your desktop.Double click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become available.If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKEDIAT/EATDrives/Partition other than Systemdrive (typically only C:\ should be checked)Show All (don't miss this one)Then click the Scan button & wait for it to finish.Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.Save it where you can easily find it, such as your desktop**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entriesClick OK and quit the GMER program.Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.Post that log in your next reply. Link to post Share on other sites More sharing options...
jsl3f5 Posted June 14, 2010 Author ID:267411 Share Posted June 14, 2010 OTL Results:OTL.txt...........................................OTL logfile created on: 6/14/2010 12:35:28 PM - Run 1OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Charlie Adamson\My Documents\malwareWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy510.00 Mb Total Physical Memory | 75.00 Mb Available Physical Memory | 15.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.45 Gb Total Space | 62.62 Gb Free Space | 84.10% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DJ57W7C1Current User Name: Charlie AdamsonLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Processes (SafeList) ==========PRC - C:\Documents and Settings\Charlie Adamson\My Documents\malware\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Malwarebytes' Anti-Malware\UTGO9KD33.EXE (Malwarebytes Corporation)PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)PRC - C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)PRC - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()PRC - C:\Program Files\Wave Systems Corp\common\DataServer.exe (Wave Systems Corp.)PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)PRC - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)PRC - C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe ( )========== Modules (SafeList) ==========MOD - C:\Documents and Settings\Charlie Adamson\My Documents\malware\OTL.exe (OldTimer Tools)MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (LiveUpdate Notice Ex) -- File not foundSRV - (CLTNetCnService) -- File not foundSRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)SRV - (Cwbrxd) -- C:\WINDOWS\cwbrxd.exe (IBM Corporation)SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()SRV - (DataSvr2) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe (Wave Systems Corp.)SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)========== Driver Services (SafeList) ==========DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\pbadrv.sys (Dell Inc)DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)DRV - (NETGEAR_WG311T_SERVICE) -- C:\WINDOWS\system32\drivers\wg311tn5.sys (Atheros Communications, Inc.)DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)DRV - (AWINDIS5) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhostFF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/22 08:29:20 | 000,000,000 | ---D | M]O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (no name) - {18702c4e-e926-4520-9995-91021128b6cc} - File not foundO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O4 - HKLM..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe ( )O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)O4 - HKLM..\Run: [molubarit] C:\WINDOWS\System32\ninapelu.DLL File not foundO4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [yetiyayesa] File not foundO4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O15 - HKCU\..Trusted Domains: ([]msn in My Computer)O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O20 - AppInit_DLLs: (veseyusi.dll) - File not foundO20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\kloehk.dll (Kaspersky Lab)O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll (Kaspersky Lab)O20 - AppInit_DLLs: (c:\windows\system32\ninapelu.dll) - C:\WINDOWS\System32\ninapelu.dll File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)O21 - SSODL: zazatenih - {6f920a4b-2538-4f3b-b293-e85b36ccbe84} - C:\WINDOWS\System32\ninapelu.dll File not foundO22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {6f920a4b-2538-4f3b-b293-e85b36ccbe84} - tokatiluy - C:\WINDOWS\System32\ninapelu.dll File not foundO22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{a090d6f7-94ef-11db-922d-000fb5237508}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 000,000,000 | ---D | M]NetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not foundCREATERESTOREPOINTError starting restore point: System Restore is disabled.Error closing restore point: System Restore is disabled.========== Files/Folders - Created Within 30 Days ==========[2010/06/10 13:14:44 | 000,000,000 | ---D | C] -- C:\VundoFix Backups[2010/06/10 08:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun[2010/06/10 08:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie Adamson\Application Data\Malwarebytes[2010/06/10 07:43:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/06/10 07:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2010/06/10 07:43:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/06/10 07:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010/06/10 07:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie Adamson\My Documents\malware[2010/06/08 11:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia[2010/06/08 11:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/06/14 12:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2010/06/14 10:38:29 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Charlie Adamson\Desktop\Microsoft Excel.lnk[2010/06/14 10:35:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml[2010/06/14 10:35:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/06/14 10:35:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2010/06/14 10:35:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/06/14 10:34:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/06/14 10:34:55 | 534,409,216 | -HS- | M] () -- C:\hiberfil.sys[2010/06/14 10:32:05 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Charlie Adamson\NTUSER.DAT[2010/06/14 10:31:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Charlie Adamson\ntuser.ini[2010/06/10 14:14:27 | 000,001,758 | -H-- | M] () -- C:\Documents and Settings\Charlie Adamson\My Documents\Default.rdp[2010/06/10 12:30:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/06/10 07:44:48 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\Class11[2010/06/10 07:44:48 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4[2010/06/09 08:08:16 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\lipulone.dll[2010/06/09 08:08:16 | 000,000,000 | -HS- | M] () -- C:\kelinepe.dll[2010/06/09 07:14:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk[2010/06/02 16:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll[2010/06/02 16:06:30 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll[2010/06/02 16:06:28 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2010/06/10 10:47:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/06/10 07:44:48 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Class11[2010/06/10 07:44:48 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\Band4[2010/06/09 08:08:16 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\lipulone.dll[2010/06/09 08:08:16 | 000,000,000 | -HS- | C] () -- C:\kelinepe.dll[2010/03/14 06:57:14 | 000,100,352 | -HS- | C] () -- C:\WINDOWS\System32\detovina.dll[2008/02/27 09:56:53 | 000,020,529 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll[2008/02/27 09:56:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll[2008/02/27 09:56:52 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll[2008/02/27 09:56:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll[2008/02/27 09:56:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll[2008/02/27 09:56:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll[2008/02/27 09:56:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll[2008/02/27 09:56:52 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll[2007/11/27 07:31:11 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll[2007/11/27 07:31:11 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll[2007/11/27 07:31:10 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\owl52f.dll[2007/11/27 07:31:10 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw32000c.dll[2007/11/27 07:31:10 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw320007.dll[2006/12/21 15:55:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2006/12/21 12:52:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll[2006/12/12 08:23:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2006/12/12 08:16:45 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll[2006/12/12 08:16:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll[2006/12/12 07:58:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll[2006/12/12 07:56:48 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll[2006/06/12 11:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll[2006/05/22 09:37:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll[2006/05/22 09:32:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll[2006/05/22 09:32:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll[2006/05/22 09:32:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll[2006/05/22 09:31:52 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll[2006/05/22 09:31:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll[2006/05/22 09:31:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll[2006/05/22 09:31:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll[2006/05/22 09:31:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll[2006/05/22 09:31:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll[2006/05/22 09:31:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll[2006/05/16 13:34:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll[2006/05/16 13:33:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll[2006/05/15 20:08:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll[2006/05/15 19:52:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll[2006/05/15 19:52:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll[2006/05/15 19:51:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll[2006/05/15 19:51:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll[2006/05/15 19:51:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll[2006/05/15 19:51:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll[2006/05/15 19:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll[2006/05/15 19:51:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll[2006/05/15 19:50:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll[2006/05/15 19:50:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll[2005/12/01 15:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll[2005/09/20 14:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini[2004/08/11 18:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll[2004/08/11 18:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll[2004/08/11 18:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll[2004/08/11 18:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll[2004/08/11 18:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll[2004/07/21 16:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll[2004/07/20 15:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll[2004/03/18 19:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini========== LOP Check ==========[2009/05/11 16:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn[2006/12/12 08:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp[2008/04/19 06:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie Adamson\Application Data\alot[2007/03/02 12:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie Adamson\Application Data\Image Zone Express[2010/06/10 07:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie Adamson\Application Data\Wave Systems Corp========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2009/05/11 16:11:36 | 000,001,024 | ---- | M] () -- C:\.rnd[2008/10/03 18:51:34 | 000,231,900 | ---- | M] () -- C:\ALPC_Drivers_RevF.zip[2009/03/31 07:30:42 | 000,019,124 | ---- | M] () -- C:\ASLog.txt[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT[2006/12/21 11:53:11 | 000,000,211 | RHS- | M] () -- C:\boot.ini[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2006/12/12 07:58:24 | 000,005,425 | RH-- | M] () -- C:\dell.sdr[2007/07/11 17:54:14 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log[2010/06/14 10:34:55 | 534,409,216 | -HS- | M] () -- C:\hiberfil.sys[2006/12/21 12:12:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS[2010/06/09 08:08:16 | 000,000,000 | -HS- | M] () -- C:\kelinepe.dll[2010/02/04 15:01:29 | 000,256,000 | ---- | M] () -- C:\LG prospect list.xls[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2009/04/14 07:16:03 | 000,250,048 | RHS- | M] () -- C:\ntldr[2010/06/14 10:34:54 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys[2010/04/06 17:41:34 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET[2010/06/10 12:28:51 | 000,000,767 | ---- | M] () -- C:\rkill.log[2010/06/10 08:16:19 | 000,043,466 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_10.06.2010_08.15.28_log.txt[2010/06/10 10:49:43 | 000,042,518 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_10.06.2010_10.49.34_log.txt[2010/06/10 13:31:05 | 000,042,518 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_10.06.2010_13.29.56_log.txt[2010/06/10 13:49:56 | 000,000,239 | ---- | M] () -- C:\VundoFix.txt< %systemroot%\*. /mp /s >< %systemroot%\system32\*.dll /lockedfiles >[2010/03/11 07:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll[2010/03/11 07:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll[2008/04/13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]< %systemroot%\Tasks\*.job /lockedfiles >< %systemroot%\System32\config\*.sav >[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav< %systemroot%\system32\drivers\*.sys /90 >[2010/04/02 14:32:00 | 000,223,760 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys[2010/06/10 08:17:49 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys< End of report >================================extras.txtOTL Extras logfile created on: 6/14/2010 12:35:28 PM - Run 1OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Charlie Adamson\My Documents\malwareWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy510.00 Mb Total Physical Memory | 75.00 Mb Available Physical Memory | 15.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.45 Gb Total Space | 62.62 Gb Free Space | 84.10% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DJ57W7C1Current User Name: Charlie AdamsonLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusOverride" = 0"FirewallOverride" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]"DisableMonitoring" = 1"" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)"C:\WINDOWS\system32\HPZipm12.exe" = C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12 -- (HP)"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" = C:\Program Files\LogMeIn\x86\LogMeInSystray.exe:*:Enabled:LogMeInSystray -- (LogMeIn, Inc.)"C:\WINDOWS\stsystra.exe" = C:\WINDOWS\stsystra.exe:*:Enabled:stsystra -- (SigmaTel, Inc.)"C:\Program Files\Java\jre6\bin\jucheck.exe" = C:\Program Files\Java\jre6\bin\jucheck.exe:*:Enabled:jucheck -- (Sun Microsystems, Inc.)"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqSTE08 -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\Google\Update\GoogleUpdate.exe" = C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate -- (Google Inc.)"C:\Program Files\STWin4\soiltrak.exe" = C:\Program Files\STWin4\soiltrak.exe:*:Enabled:soiltrak -- ( )"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore -- (Microsoft Corporation)"C:\WINDOWS\system32\ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon -- (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager"{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp"{0CDD5599-836A-4650-8BE7-F33D8D915A0D}" = dj6980"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext"{10213B42-5D5F-45FB-9D0A-8A6CEADE80E2}" = AgriDNA"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3D10E608-A4A3-40AD-B91C-6D963BBD91D5}" = LP6980_Help"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update"{8CE90089-DCC9-4393-A535-802072333C35}" = Preboot Manager"{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 for Windows Workstations"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync"{A49306CE-84C6-4024-BAD2-80FE34679069}" = NETGEAR Wireless Adapter WG311T"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8"{B7776501-BBE4-4181-AC0C-C9AF3EDF56C7}" = Farm Works Software"{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}" = Atmel TPM Driver Installer 3.0.3.15"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU"{D648B20B-A789-407E-8CA4-9BDDBBE342C8}" = upekmsi"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards"{EDABA4A8-8B7E-488A-A85C-17406C1C62CA}" = LP6980Trb"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems"{F2B8F8EE-4811-4A28-9305-6640CD007115}" = Wave Infrastructure Installer"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)"alotToolbar" = ALOT Toolbar"ClientAccessExpress" = IBM iSeries Access for Windows"ClientAccessExpressSP" = IBM iSeries Access for Windows SI31388"Coupon Printer for Windows4.0" = Coupon Printer for Windows"Google Chrome" = Google Chrome"Google Desktop" = Google Desktop"HP Imaging Device Functions" = HP Imaging Device Functions 6.0"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0"HPExtendedCapabilities" = HP Extended Capabilities 6.0"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center"InstallWIX_{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 for Windows Workstations"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NVIDIA Drivers" = NVIDIA Drivers"SearchAssist" = SearchAssist"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"GoToMeeting" = GoToMeeting 4.5.0.452========== Last 10 Event Log Errors ==========[ Application Events ]Error - 6/10/2010 12:19:43 PM | Computer Name = DJ57W7C1 | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting module unknown, version 0.0.0.0, fault address 0x0b40f3ba.Error - 6/10/2010 12:23:42 PM | Computer Name = DJ57W7C1 | Source = MPSampleSubmission | ID = 5000Description = Error - 6/10/2010 2:22:50 PM | Computer Name = DJ57W7C1 | Source = Broadcom ASF IP Monitor | ID = 0Description = !ERROR 53 Refreshing BMAPI dataError - 6/10/2010 3:45:05 PM | Computer Name = DJ57W7C1 | Source = Broadcom ASF IP Monitor | ID = 0Description = !ERROR 53 Refreshing BMAPI dataError - 6/10/2010 4:36:46 PM | Computer Name = DJ57W7C1 | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 6/10/2010 4:36:52 PM | Computer Name = DJ57W7C1 | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 6/10/2010 4:37:18 PM | Computer Name = DJ57W7C1 | Source = Application Hang | ID = 1001Description = Fault bucket 1780371397.Error - 6/10/2010 4:37:18 PM | Computer Name = DJ57W7C1 | Source = Application Hang | ID = 1001Description = Fault bucket 1780371397.Error - 6/14/2010 11:31:47 AM | Computer Name = DJ57W7C1 | Source = Userenv | ID = 1512Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Error - 6/14/2010 11:35:09 AM | Computer Name = DJ57W7C1 | Source = Google Update | ID = 20Description = [ System Events ]Error - 6/7/2010 2:31:10 PM | Computer Name = DJ57W7C1 | Source = sr | ID = 1Description = The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'WCESCOMM.LOG' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.Error - 6/7/2010 3:26:46 PM | Computer Name = DJ57W7C1 | Source = System Error | ID = 1003Description = Error code 1000008e, parameter1 c0000017, parameter2 8056d666, parameter3 f7da291c, parameter4 00000000.Error - 6/7/2010 8:52:26 PM | Computer Name = DJ57W7C1 | Source = Service Control Manager | ID = 7006Description = The ScRegSetValueExW call failed for Start with the following error: %%5Error - 6/8/2010 12:41:15 PM | Computer Name = DJ57W7C1 | Source = DCOM | ID = 10010Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.Error - 6/14/2010 7:55:54 AM | Computer Name = DJ57W7C1 | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 192.168.1.3 on the Network Card with network address 000FB5237508.Error - 6/14/2010 1:29:13 PM | Computer Name = DJ57W7C1 | Source = Service Control Manager | ID = 7034Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).Error - 6/14/2010 1:29:19 PM | Computer Name = DJ57W7C1 | Source = Service Control Manager | ID = 7034Description = The LiveUpdate Notice Service service terminated unexpectedly. It has done this 1 time(s).Error - 6/14/2010 1:36:32 PM | Computer Name = DJ57W7C1 | Source = SRService | ID = 104Description = The System Restore initialization process failed.Error - 6/14/2010 1:36:33 PM | Computer Name = DJ57W7C1 | Source = Service Control Manager | ID = 7023Description = The System Restore Service service terminated with the following error: %%2Error - 6/14/2010 1:51:24 PM | Computer Name = DJ57W7C1 | Source = Service Control Manager | ID = 7034Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).< End of report > Link to post Share on other sites More sharing options...
jsl3f5 Posted June 14, 2010 Author ID:267415 Share Posted June 14, 2010 tried to run Gmer 2x...both times after a bit I get blue screen of death.....upon restart windows shows driver issue but I cannot run windows update to correct. Link to post Share on other sites More sharing options...
jsl3f5 Posted June 14, 2010 Author ID:267443 Share Posted June 14, 2010 Hey......We may have finally got somewhere.....not sure......................Combofix finally ran properly and looks like it may have removed some of my registry issues....here is log===================ComboFix 10-06-14.01 - Charlie Adamson 06/14/2010 13:22:50.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.119 [GMT -5:00]Running from: c:\documents and settings\Charlie Adamson\My Documents\malware\ComboFix.exeAV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Charlie Adamson\Application Data\alotc:\documents and settings\Charlie Adamson\Application Data\alot\BrowserSearch\BrowserSearch.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\BrowserSearch\BrowserSearch.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_0\Button_0.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_0\Button_0.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_1\Button_1.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_1\Button_1.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_10\Button_10.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_10\Button_10.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_11\Button_11.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_11\Button_11.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_2\Button_2.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_2\Button_2.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_3\Button_3.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_3\Button_3.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_4\Button_4.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_4\Button_4.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_5\Button_5.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_5\Button_5.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_6\Button_6.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_6\Button_6.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_7\Button_7.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_7\Button_7.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_8\Button_8.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_8\Button_8.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Button_9\Button_9.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Button_9\Button_9.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\configurator\configurator.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\configurator\configurator.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\ErrorSearch\ErrorSearch.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\ErrorSearch\ErrorSearch.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\postInstallLayout\postInstallLayout.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\postInstallLayout\postInstallLayout.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\products\products.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\products\products.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\alert-icon.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\clear.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\cloudy.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\default_281_alot_weather_widget.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\foggy.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\haze.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\mcloud.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\ncloudy.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\nmcloud.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\pcloud.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\rain.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_3\images\default_246_alot_weather_radar.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_4\images\default_247_alot_weather_detailed.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_5\images\default_248_alot_weather_severe.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_6\images\default_249_default_243_alot_news_mrkt_nyt.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\domains.datc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\alot_brand.pngc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\spinner.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_bottom.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_caption.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_error_bg.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_error_close.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_error_icon.bmpc:\documents and settings\Charlie Adamson\Application Data\alot\TimerManager\TimerManager.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\TimerManager\TimerManager.xml.backupc:\documents and settings\Charlie Adamson\Application Data\alot\toolbar.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\ToolbarSearch\ToolbarSearch.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Updater\Updater.xmlc:\documents and settings\Charlie Adamson\Application Data\alot\Updater\Updater.xml.backupc:\documents and settings\Charlie Adamson\g2mdlhlpx.exec:\program files\alotc:\program files\alot\alotUninst.exec:\windows\lipulone.dllc:\windows\system32\veseyusi.dll.((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 ))))))))))))))))))))))))))))))).2010-06-10 18:14 . 2010-06-10 18:14 -------- d-----w- C:\VundoFix Backups2010-06-10 13:32 . 2010-05-03 21:03 922400 ----a-w- c:\documents and settings\Charlie Adamson\Application Data\Sun\Java\JRERunOnce.exe2010-06-10 13:24 . 2010-06-10 13:24 -------- d-----w- c:\documents and settings\Charlie Adamson\Application Data\Malwarebytes2010-06-10 12:43 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-06-10 12:43 . 2010-06-10 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-06-10 12:43 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-06-10 12:43 . 2010-06-10 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-06-09 13:08 . 2010-06-09 13:08 0 --sha-w- C:\kelinepe.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-06-14 18:33 . 2010-04-02 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab2010-06-14 11:55 . 2009-05-11 21:11 -------- d-----w- c:\program files\LogMeIn2010-06-10 13:32 . 2006-12-12 13:11 -------- d-----w- c:\program files\Common Files\Java2010-06-10 13:17 . 2004-08-11 23:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys2010-06-10 12:39 . 2006-12-21 16:53 -------- d-----w- c:\documents and settings\Charlie Adamson\Application Data\Wave Systems Corp2010-06-02 21:06 . 2009-05-11 21:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2010-06-02 21:06 . 2009-05-11 21:12 29568 ----a-w- c:\windows\system32\LMIport.dll2010-06-02 21:06 . 2009-05-11 21:11 87424 ----a-w- c:\windows\system32\LMIinit.dll2010-05-13 12:20 . 2006-12-12 13:19 -------- d-----w- c:\program files\Google2010-05-05 08:02 . 2010-04-02 19:33 97549 ----a-w- c:\windows\system32\drivers\klick.dat2010-05-05 08:02 . 2010-04-02 19:33 113933 ----a-w- c:\windows\system32\drivers\klin.dat2010-04-02 20:00 . 2010-04-02 20:00 51728 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP60MP4\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.4.1212\fssync.dll2010-03-29 15:29 . 2009-11-06 15:52 79488 ----a-w- c:\documents and settings\Charlie Adamson\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll2010-03-14 11:57 . 2010-03-14 11:57 100352 --sha-w- c:\windows\system32\detovina.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]"AS00_Gear311T"="c:\program files\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2004-05-12 458752]"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-08 24627]"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2009-09-23 315736]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-1-30 192512]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2010-06-02 21:06 87424 ----a-w- c:\windows\system32\LMIinit.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 wvauth[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\usmt\\migwiz.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\WINDOWS\\system32\\HPZipm12.exe"="c:\\Program Files\\LogMeIn\\x86\\LogMeInSystray.exe"="c:\\WINDOWS\\stsystra.exe"="c:\\Program Files\\Java\\jre6\\bin\\jucheck.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"="c:\\Program Files\\STWin4\\soiltrak.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 6:25 PM 65536]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [12/21/2006 11:57 AM 16194]R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [9/3/2009 4:24 PM 24848]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [12/21/2006 3:11 PM 346784]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 9:59 AM 135664]S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/12/2006 8:19 AM 30192].Contents of the 'Scheduled Tasks' folder2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 14:59]2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 14:59]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = localhostIE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htmIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.htmlTCP: {B2C878F2-CED4-4E62-A60A-8CE5C973966F} = 4.2.2.1.- - - - ORPHANS REMOVED - - - -BHO-{18702c4e-e926-4520-9995-91021128b6cc} - zuzogomi.dllHKLM-Run-yetiyayesa - genakoso.dllHKLM-Run-molubarit - c:\windows\system32\ninapelu.dllSharedTaskScheduler-{6f920a4b-2538-4f3b-b293-e85b36ccbe84} - c:\windows\system32\ninapelu.dllSSODL-zazatenih-{6f920a4b-2538-4f3b-b293-e85b36ccbe84} - c:\windows\system32\ninapelu.dllSafeBoot-klmdb.sysAddRemove-alotToolbar - c:\program files\alot\alotUninst.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-06-14 13:38Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\KB982381-IE7.log 16378 bytesscan completed successfullyhidden files: 1**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1220)c:\windows\system32\waveGina.dllc:\windows\system32\AmRes_en.dllc:\program files\Wave Systems Corp\Dell Preboot Manager\BiosManager.dllc:\windows\system32\pbadrvdll.dllc:\windows\system32\LMIinit.dllc:\program files\Wave Systems Corp\Authentication Manager\authcontrol.dllc:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dllc:\program files\Wave Systems Corp\Authentication Manager\upek.dllc:\windows\system32\BioAPI100.dllc:\windows\system32\BIOAPI_MDS300.dllc:\windows\system\tfmessbsp.dll- - - - - - - > 'lsass.exe'(1276)c:\windows\system32\wvauth.dllc:\windows\system32\biolsp.dllc:\windows\system32\AmRes_en.dllc:\program files\Wave Systems Corp\Authentication Manager\authcontrol.dllc:\program files\Wave Systems Corp\Authentication Manager\UserCredentialStore.dllc:\program files\Wave Systems Corp\Common\CryptoManager.dllc:\windows\system32\tcg15.dllc:\windows\system32\Tsp.dllc:\windows\system32\wclient14.dllc:\windows\system32\TspPopup_ENU.dll- - - - - - - > 'Explorer.exe'(2112)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\LMIRfsClientNP.dll.------------------------ Other Running Processes ------------------------.c:\program files\Wave Systems Corp\Common\DataServer.exec:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exec:\program files\LogMeIn\x86\RaMaint.exec:\program files\LogMeIn\x86\LogMeIn.exec:\program files\LogMeIn\x86\LMIGuardian.exec:\windows\system32\nvsvc32.exec:\windows\system32\HPZipm12.exec:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exec:\program files\LogMeIn\x86\LMIGuardian.exec:\progra~1\MICROS~3\wcescomm.exec:\progra~1\MICROS~3\rapimgr.exec:\program files\HP\Digital Imaging\bin\hpqSTE08.exe.**************************************************************************.Completion time: 2010-06-14 13:43:47 - machine was rebootedComboFix-quarantined-files.txt 2010-06-14 18:43Pre-Run: 67,225,686,016 bytes freePost-Run: 68,075,892,736 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect- - End Of File - - 091481A0A38EAE14C48706AC631A6256 Link to post Share on other sites More sharing options...
jsl3f5 Posted June 14, 2010 Author ID:267513 Share Posted June 14, 2010 Ok if that is an issue what do I do about it???? Also after running malware again for 2 infected files then removed them. After reboot and new scan.... so far no detections....I am about 1/2 done on most recent scan and had detected 1 before now all times previously. Link to post Share on other sites More sharing options...
kahdah Posted June 14, 2010 ID:267545 Share Posted June 14, 2010 Toastee is not a malware helper please do not take his advice.If he were he would have access to post.jsl3f5 I will be with you momentarily.Please post the most recent log from malwarebytes.Please do not do fixes on your own. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 3, 2010 Staff ID:278899 Share Posted July 3, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts