Jump to content

Recommended Posts

Please bear with me as I am new to all this.

I had a pc that showed it had rootkit.win32.tdss.d virus. I ran malwarebytes off of a thumb drive and it got most of the virus, I since have tried tdskiller.exe, symantecs vundo removal tool, malewarebytes ect to complete removal.

Malewarebytes finds 2 registry keys infected and says it will remove but upon reboot machine still shows those keys. I have tried to manually remove the keys and after I leave the folder and return the keys has respawned. I will post the logs I can find.

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as Charlie Adamson on 06/10/2010 at 12:28:43.

Processes terminated by Rkill or while it was running:

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Documents and Settings\Charlie Adamson\Local Settings\Temporary Internet Files\Content.IE5\BW4L6185\fixvundo[1].exe

C:\Documents and Settings\Charlie Adamson\Local Settings\Temporary Internet Files\Content.IE5\BW4L6185\rkill[1].com

Rkill completed on 06/10/2010 at 12:28:51.

13:29:56:156 1784 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

13:29:56:156 1784 ================================================================================

13:29:56:156 1784 SystemInfo:

13:29:56:156 1784 OS Version: 5.1.2600 ServicePack: 3.0

13:29:56:156 1784 Product type: Workstation

13:29:56:156 1784 ComputerName: DJ57W7C1

13:29:56:156 1784 UserName: Charlie Adamson

13:29:56:156 1784 Windows directory: C:\WINDOWS

13:29:56:156 1784 Processor architecture: Intel x86

13:29:56:156 1784 Number of processors: 2

13:29:56:156 1784 Page size: 0x1000

13:29:56:156 1784 Boot type: Normal boot

13:29:56:156 1784 ================================================================================

13:30:01:078 1784 Initialize success

13:30:01:078 1784

13:30:01:078 1784 Scanning Services ...

13:30:01:203 1784 Raw services enum returned 334 services

13:30:01:218 1784

13:30:01:218 1784 Scanning Drivers ...

13:30:02:390 1784 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

13:30:02:531 1784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:30:02:625 1784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:30:02:953 1784 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

13:30:03:000 1784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:30:03:062 1784 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

13:30:03:140 1784 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:30:03:343 1784 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

13:30:03:671 1784 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

13:30:03:703 1784 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

13:30:03:718 1784 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

13:30:03:765 1784 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

13:30:03:796 1784 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

13:30:03:906 1784 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

13:30:04:000 1784 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

13:30:04:296 1784 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

13:30:04:406 1784 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

13:30:04:437 1784 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

13:30:04:562 1784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:30:04:625 1784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:30:04:953 1784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:30:05:078 1784 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

13:30:05:125 1784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:30:05:281 1784 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) C:\WINDOWS\system32\AWINDIS5.SYS

13:30:05:640 1784 b57w2k (bb1a2a73f993b623f99e03ed2f9e014c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

13:30:05:765 1784 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

13:30:06:031 1784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:30:06:156 1784 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

13:30:06:156 1784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:30:06:171 1784 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

13:30:06:484 1784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:30:06:562 1784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:30:06:765 1784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:30:06:843 1784 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

13:30:07:031 1784 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

13:30:07:125 1784 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

13:30:07:296 1784 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

13:30:07:500 1784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:30:07:781 1784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:30:08:343 1784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:30:08:765 1784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:30:08:859 1784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:30:09:218 1784 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

13:30:09:375 1784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:30:09:906 1784 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:30:10:453 1784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:30:10:796 1784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:30:10:875 1784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:30:11:140 1784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:30:11:328 1784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:30:11:593 1784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:30:11:718 1784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:30:12:046 1784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:30:12:437 1784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:30:12:609 1784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:30:12:890 1784 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

13:30:13:328 1784 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

13:30:13:843 1784 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

13:30:14:203 1784 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

13:30:14:312 1784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:30:14:406 1784 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

13:30:14:562 1784 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

13:30:14:625 1784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:30:14:906 1784 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys

13:30:15:109 1784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:30:15:265 1784 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

13:30:15:312 1784 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:30:15:359 1784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:30:15:843 1784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:30:16:046 1784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:30:16:312 1784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:30:16:687 1784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:30:17:062 1784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:30:17:328 1784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:30:17:484 1784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:30:17:578 1784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:30:17:687 1784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:30:17:937 1784 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys

13:30:18:046 1784 KLFLTDEV (adda474c9b18fd829a6c8351485c4842) C:\WINDOWS\system32\DRIVERS\klfltdev.sys

13:30:18:343 1784 KLIF (7391ea3fc728c3a7d2c99822d20fe11d) C:\WINDOWS\system32\DRIVERS\klif.sys

13:30:18:765 1784 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys

13:30:19:046 1784 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

13:30:19:546 1784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:30:19:671 1784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:30:22:703 1784 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

13:30:23:031 1784 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

13:30:23:453 1784 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

13:30:23:687 1784 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

13:30:23:859 1784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:30:23:968 1784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:30:24:390 1784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:30:24:828 1784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:30:25:281 1784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:30:25:640 1784 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

13:30:26:343 1784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:30:26:921 1784 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:30:27:234 1784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:30:27:734 1784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:30:28:062 1784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:30:28:312 1784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:30:28:515 1784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:30:28:843 1784 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

13:30:29:187 1784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:30:29:468 1784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:30:29:906 1784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:30:30:093 1784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:30:30:546 1784 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

13:30:30:828 1784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:30:31:328 1784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:30:31:765 1784 NETGEAR_WG311T_SERVICE (9cf525462cc61fc0eb072825845cb494) C:\WINDOWS\system32\DRIVERS\wg311tn5.sys

13:30:32:421 1784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:30:32:687 1784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:30:33:000 1784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:30:34:000 1784 nv (a93a67f645ea424f0752f8887860fb5f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:30:34:187 1784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:30:34:765 1784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:30:35:125 1784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:30:35:640 1784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:30:35:953 1784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:30:36:203 1784 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys

13:30:36:531 1784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:30:37:156 1784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:30:37:484 1784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:30:39:421 1784 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

13:30:40:031 1784 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

13:30:40:875 1784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:30:41:203 1784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:30:41:781 1784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:30:42:437 1784 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

13:30:43:140 1784 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

13:30:43:921 1784 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

13:30:44:328 1784 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

13:30:44:812 1784 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

13:30:45:250 1784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:30:45:578 1784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:30:45:828 1784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:30:46:187 1784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:30:46:765 1784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:30:47:265 1784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:30:47:890 1784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:30:48:609 1784 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

13:30:49:093 1784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:30:49:375 1784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:30:50:031 1784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:30:50:375 1784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:30:50:515 1784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:30:50:640 1784 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

13:30:50:859 1784 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

13:30:51:140 1784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:30:51:593 1784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:30:51:750 1784 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

13:30:51:984 1784 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys

13:30:53:015 1784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:30:53:250 1784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:30:53:546 1784 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

13:30:54:015 1784 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

13:30:54:250 1784 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

13:30:54:406 1784 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

13:30:54:640 1784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:30:54:953 1784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:30:55:312 1784 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

13:30:55:734 1784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:30:56:171 1784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:30:56:437 1784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:30:56:859 1784 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

13:30:57:062 1784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:30:57:484 1784 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

13:30:57:921 1784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:30:58:171 1784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:30:58:750 1784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:30:59:296 1784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:30:59:578 1784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:31:00:125 1784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:31:00:718 1784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:31:01:015 1784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:31:01:421 1784 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

13:31:01:875 1784 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

13:31:02:453 1784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:31:03:078 1784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:31:03:531 1784 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

13:31:04:390 1784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:31:04:687 1784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:31:05:250 1784 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:31:05:296 1784

13:31:05:296 1784 Completed

13:31:05:296 1784

13:31:05:296 1784 Results:

13:31:05:296 1784 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

13:31:05:296 1784 File objects infected / cured / cured on reboot: 0 / 0 / 0

13:31:05:296 1784

13:31:05:296 1784 KLMD(ARK) unloaded successfully

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

6/10/2010 9:39:40 AM

mbam-log-2010-06-10 (09-39-40).txt

Scan type: Full scan (C:\|)

Objects scanned: 203368

Time elapsed: 1 hour(s), 7 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 10

Registry Values Infected: 7

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 19

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\govegomu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{21e49450-bb9e-4486-8972-fa490144d629} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\molubarit (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{21e49450-bb9e-4486-8972-fa490144d629} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fizulizir (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\govegomu.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\govegomu.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\fuweyofa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\genakoso.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\govegomu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\gunesaka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\herurata.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kugeyugu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kuyusume.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\liguluva.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lohemifa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nelufuyu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pagifali.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\renazuvi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sagobuho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tadagagu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tifukako.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zuzogomi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\Program Files\alot\bin\alot.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ziwafume.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\lizazopi.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

6/10/2010 10:41:55 AM

mbam-log-2010-06-10 (10-41-55).txt

Scan type: Full scan (C:\|F:\|)

Objects scanned: 204528

Time elapsed: 45 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 4

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\nolomipu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{45587eac-69c3-4111-aa33-2aab4db97afe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\molubarit (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{45587eac-69c3-4111-aa33-2aab4db97afe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pewarumad (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nolomipu.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nolomipu.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\genakoso.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\nolomipu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\zuzogomi.dll (Trojan.Vundo.H) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

6/10/2010 11:53:13 AM

mbam-log-2010-06-10 (11-53-13).txt

Scan type: Full scan (C:\|)

Objects scanned: 204230

Time elapsed: 1 hour(s), 0 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

6/10/2010 1:18:58 PM

mbam-log-2010-06-10 (13-18-58).txt

Scan type: Full scan (C:\|)

Objects scanned: 204197

Time elapsed: 46 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I always still find the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yetiyayesa still there and the updates one....

Link to post
Share on other sites

Hello jsl3f5

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites

OTL Results:

OTL.txt...........................................

OTL logfile created on: 6/14/2010 12:35:28 PM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Charlie Adamson\My Documents\malware

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 75.00 Mb Available Physical Memory | 15.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.45 Gb Total Space | 62.62 Gb Free Space | 84.10% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DJ57W7C1

Current User Name: Charlie Adamson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Charlie Adamson\My Documents\malware\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\UTGO9KD33.EXE (Malwarebytes Corporation)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)

PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)

PRC - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()

PRC - C:\Program Files\Wave Systems Corp\common\DataServer.exe (Wave Systems Corp.)

PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)

PRC - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)

PRC - C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe ( )

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Charlie Adamson\My Documents\malware\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found

SRV - (CLTNetCnService) -- File not found

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)

SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (Cwbrxd) -- C:\WINDOWS\cwbrxd.exe (IBM Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()

SRV - (DataSvr2) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe (Wave Systems Corp.)

SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)

========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)

DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)

DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)

DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\pbadrv.sys (Dell Inc)

DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)

DRV - (NETGEAR_WG311T_SERVICE) -- C:\WINDOWS\system32\drivers\wg311tn5.sys (Atheros Communications, Inc.)

DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)

DRV - (AWINDIS5) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/22 08:29:20 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {18702c4e-e926-4520-9995-91021128b6cc} - File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe ( )

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [molubarit] C:\WINDOWS\System32\ninapelu.DLL File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [yetiyayesa] File not found

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)

O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (veseyusi.dll) - File not found

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\kloehk.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (c:\windows\system32\ninapelu.dll) - C:\WINDOWS\System32\ninapelu.dll File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O21 - SSODL: zazatenih - {6f920a4b-2538-4f3b-b293-e85b36ccbe84} - C:\WINDOWS\System32\ninapelu.dll File not found

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {6f920a4b-2538-4f3b-b293-e85b36ccbe84} - tokatiluy - C:\WINDOWS\System32\ninapelu.dll File not found

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a090d6f7-94ef-11db-922d-000fb5237508}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Error starting restore point: System Restore is disabled.

Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/06/10 13:14:44 | 000,000,000 | ---D | C] -- C:\VundoFix Backups

[2010/06/10 08:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/06/10 08:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie Adamson\Application Data\Malwarebytes

[2010/06/10 07:43:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/06/10 07:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/06/10 07:43:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/06/10 07:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/06/10 07:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie Adamson\My Documents\malware

[2010/06/08 11:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/06/08 11:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/14 12:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/14 10:38:29 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Charlie Adamson\Desktop\Microsoft Excel.lnk

[2010/06/14 10:35:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml

[2010/06/14 10:35:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/14 10:35:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/14 10:35:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/14 10:34:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/14 10:34:55 | 534,409,216 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/14 10:32:05 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Charlie Adamson\NTUSER.DAT

[2010/06/14 10:31:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Charlie Adamson\ntuser.ini

[2010/06/10 14:14:27 | 000,001,758 | -H-- | M] () -- C:\Documents and Settings\Charlie Adamson\My Documents\Default.rdp

[2010/06/10 12:30:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/10 07:44:48 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\Class11

[2010/06/10 07:44:48 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4

[2010/06/09 08:08:16 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\lipulone.dll

[2010/06/09 08:08:16 | 000,000,000 | -HS- | M] () -- C:\kelinepe.dll

[2010/06/09 07:14:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/06/02 16:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll

[2010/06/02 16:06:30 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll

[2010/06/02 16:06:28 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/10 10:47:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/10 07:44:48 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Class11

[2010/06/10 07:44:48 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\Band4

[2010/06/09 08:08:16 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\lipulone.dll

[2010/06/09 08:08:16 | 000,000,000 | -HS- | C] () -- C:\kelinepe.dll

[2010/03/14 06:57:14 | 000,100,352 | -HS- | C] () -- C:\WINDOWS\System32\detovina.dll

[2008/02/27 09:56:53 | 000,020,529 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll

[2008/02/27 09:56:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll

[2008/02/27 09:56:52 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll

[2008/02/27 09:56:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll

[2008/02/27 09:56:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll

[2008/02/27 09:56:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll

[2008/02/27 09:56:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll

[2008/02/27 09:56:52 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll

[2007/11/27 07:31:11 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll

[2007/11/27 07:31:11 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

[2007/11/27 07:31:10 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\owl52f.dll

[2007/11/27 07:31:10 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw32000c.dll

[2007/11/27 07:31:10 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw320007.dll

[2006/12/21 15:55:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/12/21 12:52:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2006/12/12 08:23:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/12/12 08:16:45 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll

[2006/12/12 08:16:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll

[2006/12/12 07:58:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/12/12 07:56:48 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll

[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll

[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll

[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll

[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll

[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll

[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll

[2006/06/12 11:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll

[2006/05/22 09:37:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll

[2006/05/22 09:32:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll

[2006/05/22 09:32:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll

[2006/05/22 09:32:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll

[2006/05/22 09:31:52 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll

[2006/05/22 09:31:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll

[2006/05/22 09:31:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll

[2006/05/22 09:31:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll

[2006/05/22 09:31:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll

[2006/05/22 09:31:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll

[2006/05/22 09:31:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll

[2006/05/16 13:34:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll

[2006/05/16 13:33:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll

[2006/05/15 20:08:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll

[2006/05/15 19:52:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll

[2006/05/15 19:52:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll

[2006/05/15 19:51:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll

[2006/05/15 19:51:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll

[2006/05/15 19:51:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll

[2006/05/15 19:51:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll

[2006/05/15 19:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll

[2006/05/15 19:51:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll

[2006/05/15 19:50:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll

[2006/05/15 19:50:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll

[2005/12/01 15:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll

[2005/09/20 14:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll

[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/11 18:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004/08/11 18:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004/08/11 18:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004/08/11 18:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004/08/11 18:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2004/07/21 16:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll

[2004/07/20 15:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

[2004/03/18 19:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll

[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/05/11 16:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2006/12/12 08:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp

[2008/04/19 06:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie Adamson\Application Data\alot

[2007/03/02 12:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie Adamson\Application Data\Image Zone Express

[2010/06/10 07:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie Adamson\Application Data\Wave Systems Corp

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/05/11 16:11:36 | 000,001,024 | ---- | M] () -- C:\.rnd

[2008/10/03 18:51:34 | 000,231,900 | ---- | M] () -- C:\ALPC_Drivers_RevF.zip

[2009/03/31 07:30:42 | 000,019,124 | ---- | M] () -- C:\ASLog.txt

[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2006/12/21 11:53:11 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2006/12/12 07:58:24 | 000,005,425 | RH-- | M] () -- C:\dell.sdr

[2007/07/11 17:54:14 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log

[2010/06/14 10:34:55 | 534,409,216 | -HS- | M] () -- C:\hiberfil.sys

[2006/12/21 12:12:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS

[2010/06/09 08:08:16 | 000,000,000 | -HS- | M] () -- C:\kelinepe.dll

[2010/02/04 15:01:29 | 000,256,000 | ---- | M] () -- C:\LG prospect list.xls

[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/04/14 07:16:03 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/06/14 10:34:54 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

[2010/04/06 17:41:34 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

[2010/06/10 12:28:51 | 000,000,767 | ---- | M] () -- C:\rkill.log

[2010/06/10 08:16:19 | 000,043,466 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_10.06.2010_08.15.28_log.txt

[2010/06/10 10:49:43 | 000,042,518 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_10.06.2010_10.49.34_log.txt

[2010/06/10 13:31:05 | 000,042,518 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_10.06.2010_13.29.56_log.txt

[2010/06/10 13:49:56 | 000,000,239 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2010/03/11 07:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll

[2010/03/11 07:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

[2008/04/13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/04/02 14:32:00 | 000,223,760 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

[2010/06/10 08:17:49 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys

< End of report >

================================

extras.txt

OTL Extras logfile created on: 6/14/2010 12:35:28 PM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Charlie Adamson\My Documents\malware

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 75.00 Mb Available Physical Memory | 15.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.45 Gb Total Space | 62.62 Gb Free Space | 84.10% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DJ57W7C1

Current User Name: Charlie Adamson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)

"C:\WINDOWS\system32\HPZipm12.exe" = C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12 -- (HP)

"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" = C:\Program Files\LogMeIn\x86\LogMeInSystray.exe:*:Enabled:LogMeInSystray -- (LogMeIn, Inc.)

"C:\WINDOWS\stsystra.exe" = C:\WINDOWS\stsystra.exe:*:Enabled:stsystra -- (SigmaTel, Inc.)

"C:\Program Files\Java\jre6\bin\jucheck.exe" = C:\Program Files\Java\jre6\bin\jucheck.exe:*:Enabled:jucheck -- (Sun Microsystems, Inc.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqSTE08 -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\Google\Update\GoogleUpdate.exe" = C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate -- (Google Inc.)

"C:\Program Files\STWin4\soiltrak.exe" = C:\Program Files\STWin4\soiltrak.exe:*:Enabled:soiltrak -- ( )

"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore -- (Microsoft Corporation)

"C:\WINDOWS\system32\ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business

"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications

"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software

"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager

"{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25

"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp

"{0CDD5599-836A-4650-8BE7-F33D8D915A0D}" = dj6980

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext

"{10213B42-5D5F-45FB-9D0A-8A6CEADE80E2}" = AgriDNA

"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar

"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D10E608-A4A3-40AD-B91C-6D963BBD91D5}" = LP6980_Help

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm

"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter

"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade

"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series

"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8CE90089-DCC9-4393-A535-802072333C35}" = Preboot Manager

"{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 for Windows Workstations

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{A49306CE-84C6-4024-BAD2-80FE34679069}" = NETGEAR Wireless Adapter WG311T

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems

"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8

"{B7776501-BBE4-4181-AC0C-C9AF3EDF56C7}" = Farm Works Software

"{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}" = Atmel TPM Driver Installer 3.0.3.15

"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{D648B20B-A789-407E-8CA4-9BDDBBE342C8}" = upekmsi

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad

"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant

"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg

"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards

"{EDABA4A8-8B7E-488A-A85C-17406C1C62CA}" = LP6980Trb

"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center

"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems

"{F2B8F8EE-4811-4A28-9305-6640CD007115}" = Wave Infrastructure Installer

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)

"alotToolbar" = ALOT Toolbar

"ClientAccessExpress" = IBM iSeries Access for Windows

"ClientAccessExpressSP" = IBM iSeries Access for Windows SI31388

"Coupon Printer for Windows4.0" = Coupon Printer for Windows

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"HP Imaging Device Functions" = HP Imaging Device Functions 6.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0

"HPExtendedCapabilities" = HP Extended Capabilities 6.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software

"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager

"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite

"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade

"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update

"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad

"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards

"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center

"InstallWIX_{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 for Windows Workstations

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"SearchAssist" = SearchAssist

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 4.5.0.452

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/10/2010 12:19:43 PM | Computer Name = DJ57W7C1 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting

module unknown, version 0.0.0.0, fault address 0x0b40f3ba.

Error - 6/10/2010 12:23:42 PM | Computer Name = DJ57W7C1 | Source = MPSampleSubmission | ID = 5000

Description =

Error - 6/10/2010 2:22:50 PM | Computer Name = DJ57W7C1 | Source = Broadcom ASF IP Monitor | ID = 0

Description = !ERROR 53 Refreshing BMAPI data

Error - 6/10/2010 3:45:05 PM | Computer Name = DJ57W7C1 | Source = Broadcom ASF IP Monitor | ID = 0

Description = !ERROR 53 Refreshing BMAPI data

Error - 6/10/2010 4:36:46 PM | Computer Name = DJ57W7C1 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/10/2010 4:36:52 PM | Computer Name = DJ57W7C1 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/10/2010 4:37:18 PM | Computer Name = DJ57W7C1 | Source = Application Hang | ID = 1001

Description = Fault bucket 1780371397.

Error - 6/10/2010 4:37:18 PM | Computer Name = DJ57W7C1 | Source = Application Hang | ID = 1001

Description = Fault bucket 1780371397.

Error - 6/14/2010 11:31:47 AM | Computer Name = DJ57W7C1 | Source = Userenv | ID = 1512

Description = Windows cannot unload your registry file. The memory used by the registry

has not been freed. This is often caused by services running as a user account,

try configuring the services to run in either the LocalService or NetworkService

account. If this problem persists, contact your administrator. DETAIL - Insufficient

system resources exist to complete the requested service.

Error - 6/14/2010 11:35:09 AM | Computer Name = DJ57W7C1 | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 6/7/2010 2:31:10 PM | Computer Name = DJ57W7C1 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC000009A'

while processing the file 'WCESCOMM.LOG' on the volume 'HarddiskVolume2'. It has

stopped monitoring the volume.

Error - 6/7/2010 3:26:46 PM | Computer Name = DJ57W7C1 | Source = System Error | ID = 1003

Description = Error code 1000008e, parameter1 c0000017, parameter2 8056d666, parameter3

f7da291c, parameter4 00000000.

Error - 6/7/2010 8:52:26 PM | Computer Name = DJ57W7C1 | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for Start with the following error:

%%5

Error - 6/8/2010 12:41:15 PM | Computer Name = DJ57W7C1 | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 6/14/2010 7:55:54 AM | Computer Name = DJ57W7C1 | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 192.168.1.3 on

the Network Card with network address 000FB5237508.

Error - 6/14/2010 1:29:13 PM | Computer Name = DJ57W7C1 | Source = Service Control Manager | ID = 7034

Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.

It has done this 1 time(s).

Error - 6/14/2010 1:29:19 PM | Computer Name = DJ57W7C1 | Source = Service Control Manager | ID = 7034

Description = The LiveUpdate Notice Service service terminated unexpectedly. It

has done this 1 time(s).

Error - 6/14/2010 1:36:32 PM | Computer Name = DJ57W7C1 | Source = SRService | ID = 104

Description = The System Restore initialization process failed.

Error - 6/14/2010 1:36:33 PM | Computer Name = DJ57W7C1 | Source = Service Control Manager | ID = 7023

Description = The System Restore Service service terminated with the following error:

%%2

Error - 6/14/2010 1:51:24 PM | Computer Name = DJ57W7C1 | Source = Service Control Manager | ID = 7034

Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done

this 1 time(s).

< End of report >

Link to post
Share on other sites

Hey......We may have finally got somewhere.....not sure......................Combofix finally ran properly and looks like it may have removed some of my registry issues....here is log

===================

ComboFix 10-06-14.01 - Charlie Adamson 06/14/2010 13:22:50.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.119 [GMT -5:00]

Running from: c:\documents and settings\Charlie Adamson\My Documents\malware\ComboFix.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Charlie Adamson\Application Data\alot

c:\documents and settings\Charlie Adamson\Application Data\alot\BrowserSearch\BrowserSearch.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_0\Button_0.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_0\Button_0.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_1\Button_1.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_1\Button_1.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_10\Button_10.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_10\Button_10.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_11\Button_11.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_11\Button_11.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_2\Button_2.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_2\Button_2.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_3\Button_3.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_3\Button_3.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_4\Button_4.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_4\Button_4.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_5\Button_5.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_5\Button_5.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_6\Button_6.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_6\Button_6.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_7\Button_7.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_7\Button_7.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_8\Button_8.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_8\Button_8.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_9\Button_9.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Button_9\Button_9.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\configurator\configurator.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\configurator\configurator.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\ErrorSearch\ErrorSearch.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\postInstallLayout\postInstallLayout.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\products\products.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\products\products.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\alert-icon.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\clear.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\cloudy.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\default_281_alot_weather_widget.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\foggy.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\haze.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\mcloud.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\ncloudy.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\nmcloud.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\pcloud.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_2\images\rain.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_3\images\default_246_alot_weather_radar.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_4\images\default_247_alot_weather_detailed.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_5\images\default_248_alot_weather_severe.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Button_6\images\default_249_default_243_alot_news_mrkt_nyt.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\domains.dat

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\alot_brand.png

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\spinner.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_bottom.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_caption.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_error_close.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp

c:\documents and settings\Charlie Adamson\Application Data\alot\TimerManager\TimerManager.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\TimerManager\TimerManager.xml.backup

c:\documents and settings\Charlie Adamson\Application Data\alot\toolbar.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\ToolbarSearch\ToolbarSearch.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Updater\Updater.xml

c:\documents and settings\Charlie Adamson\Application Data\alot\Updater\Updater.xml.backup

c:\documents and settings\Charlie Adamson\g2mdlhlpx.exe

c:\program files\alot

c:\program files\alot\alotUninst.exe

c:\windows\lipulone.dll

c:\windows\system32\veseyusi.dll

.

((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))

.

2010-06-10 18:14 . 2010-06-10 18:14 -------- d-----w- C:\VundoFix Backups

2010-06-10 13:32 . 2010-05-03 21:03 922400 ----a-w- c:\documents and settings\Charlie Adamson\Application Data\Sun\Java\JRERunOnce.exe

2010-06-10 13:24 . 2010-06-10 13:24 -------- d-----w- c:\documents and settings\Charlie Adamson\Application Data\Malwarebytes

2010-06-10 12:43 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-10 12:43 . 2010-06-10 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-10 12:43 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-10 12:43 . 2010-06-10 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-09 13:08 . 2010-06-09 13:08 0 --sha-w- C:\kelinepe.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-14 18:33 . 2010-04-02 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-06-14 11:55 . 2009-05-11 21:11 -------- d-----w- c:\program files\LogMeIn

2010-06-10 13:32 . 2006-12-12 13:11 -------- d-----w- c:\program files\Common Files\Java

2010-06-10 13:17 . 2004-08-11 23:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys

2010-06-10 12:39 . 2006-12-21 16:53 -------- d-----w- c:\documents and settings\Charlie Adamson\Application Data\Wave Systems Corp

2010-06-02 21:06 . 2009-05-11 21:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-06-02 21:06 . 2009-05-11 21:12 29568 ----a-w- c:\windows\system32\LMIport.dll

2010-06-02 21:06 . 2009-05-11 21:11 87424 ----a-w- c:\windows\system32\LMIinit.dll

2010-05-13 12:20 . 2006-12-12 13:19 -------- d-----w- c:\program files\Google

2010-05-05 08:02 . 2010-04-02 19:33 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-05-05 08:02 . 2010-04-02 19:33 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-04-02 20:00 . 2010-04-02 20:00 51728 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP60MP4\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.4.1212\fssync.dll

2010-03-29 15:29 . 2009-11-06 15:52 79488 ----a-w- c:\documents and settings\Charlie Adamson\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-03-14 11:57 . 2010-03-14 11:57 100352 --sha-w- c:\windows\system32\detovina.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]

"AS00_Gear311T"="c:\program files\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2004-05-12 458752]

"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-08 24627]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2009-09-23 315736]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-1-30 192512]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-06-02 21:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\WINDOWS\\system32\\HPZipm12.exe"=

"c:\\Program Files\\LogMeIn\\x86\\LogMeInSystray.exe"=

"c:\\WINDOWS\\stsystra.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\jucheck.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\STWin4\\soiltrak.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 6:25 PM 65536]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]

R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [12/21/2006 11:57 AM 16194]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [9/3/2009 4:24 PM 24848]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]

R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [12/21/2006 3:11 PM 346784]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 9:59 AM 135664]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/12/2006 8:19 AM 30192]

.

Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 14:59]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 14:59]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = localhost

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

TCP: {B2C878F2-CED4-4E62-A60A-8CE5C973966F} = 4.2.2.1

.

- - - - ORPHANS REMOVED - - - -

BHO-{18702c4e-e926-4520-9995-91021128b6cc} - zuzogomi.dll

HKLM-Run-yetiyayesa - genakoso.dll

HKLM-Run-molubarit - c:\windows\system32\ninapelu.dll

SharedTaskScheduler-{6f920a4b-2538-4f3b-b293-e85b36ccbe84} - c:\windows\system32\ninapelu.dll

SSODL-zazatenih-{6f920a4b-2538-4f3b-b293-e85b36ccbe84} - c:\windows\system32\ninapelu.dll

SafeBoot-klmdb.sys

AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-14 13:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\KB982381-IE7.log 16378 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1220)

c:\windows\system32\waveGina.dll

c:\windows\system32\AmRes_en.dll

c:\program files\Wave Systems Corp\Dell Preboot Manager\BiosManager.dll

c:\windows\system32\pbadrvdll.dll

c:\windows\system32\LMIinit.dll

c:\program files\Wave Systems Corp\Authentication Manager\authcontrol.dll

c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll

c:\program files\Wave Systems Corp\Authentication Manager\upek.dll

c:\windows\system32\BioAPI100.dll

c:\windows\system32\BIOAPI_MDS300.dll

c:\windows\system\tfmessbsp.dll

- - - - - - - > 'lsass.exe'(1276)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

c:\windows\system32\AmRes_en.dll

c:\program files\Wave Systems Corp\Authentication Manager\authcontrol.dll

c:\program files\Wave Systems Corp\Authentication Manager\UserCredentialStore.dll

c:\program files\Wave Systems Corp\Common\CryptoManager.dll

c:\windows\system32\tcg15.dll

c:\windows\system32\Tsp.dll

c:\windows\system32\wclient14.dll

c:\windows\system32\TspPopup_ENU.dll

- - - - - - - > 'Explorer.exe'(2112)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Wave Systems Corp\Common\DataServer.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\progra~1\MICROS~3\wcescomm.exe

c:\progra~1\MICROS~3\rapimgr.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2010-06-14 13:43:47 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-14 18:43

Pre-Run: 67,225,686,016 bytes free

Post-Run: 68,075,892,736 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 091481A0A38EAE14C48706AC631A6256

Link to post
Share on other sites

Ok if that is an issue what do I do about it???? Also after running malware again for 2 infected files then removed them. After reboot and new scan.... so far no detections....I am about 1/2 done on most recent scan and had detected 1 before now all times previously.

Link to post
Share on other sites

Toastee is not a malware helper please do not take his advice.

If he were he would have access to post.

jsl3f5 I will be with you momentarily.

Please post the most recent log from malwarebytes.

Please do not do fixes on your own.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.