Jump to content

MBAM removed a lot but not all of it

wacokid

By wacokid
in Resolved Malware Removal Logs

 Share

Recommended Posts

wacokid

wacokid

Posted
Posted

Hi,

I'm helping a friend with a seriously infected laptop, I ran MBAM and it removed a ton of stuff but not all of it. Some of the symptoms include browser redirects, blank pop ups that close on their own, delete browsing history pop ups and files that I know are bad. Also the certstore.dat file that MBAM removes always comes back.

Any help is greatly appreciated.

Thanks.

Bob.

1st log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5363

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/21/2011 3:08:49 AM

mbam-log-2011-01-21 (03-08-49).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 292115

Time elapsed: 55 minute(s), 57 second(s)

Memory Processes Infected: 26

Memory Modules Infected: 1

Registry Keys Infected: 3

Registry Values Infected: 83

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 50

Memory Processes Infected:

c:\Windows\mdm .exe (Trojan.Ertfor) -> 3664 -> Unloaded process successfully.

c:\Windows\mdm .exe (Trojan.Ertfor) -> 4060 -> Unloaded process successfully.

c:\Windows\mdm .exe (Trojan.Ertfor) -> 3984 -> Unloaded process successfully.

c:\Windows\lsass .exe (Trojan.Ertfor) -> 484 -> Unloaded process successfully.

c:\Windows\lsass .exe (Trojan.Ertfor) -> 4996 -> Unloaded process successfully.

c:\Windows\lsass .exe (Trojan.Ertfor) -> 4512 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\svchost .exe (Backdoor.Bot) -> 6092 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\svchost .exe (Backdoor.Bot) -> 5124 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\svchost .exe (Backdoor.Bot) -> 5224 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\svchost .exe (Backdoor.Bot) -> 3208 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\lsass .exe (Backdoor.Bot) -> 6124 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\lsass .exe (Backdoor.Bot) -> 5088 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\lsass .exe (Backdoor.Bot) -> 5504 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\lsass .exe (Backdoor.Bot) -> 5704 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> 4196 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\avp .exe (Trojan.Downloader.Gen) -> 2312 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\avp .exe (Trojan.Downloader.Gen) -> 5488 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\avp .exe (Trojan.Downloader.Gen) -> 5344 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\avp .exe (Trojan.Downloader.Gen) -> 5340 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\winamp .exe (Trojan.Downloader.Gen) -> 5096 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\winamp .exe (Trojan.Downloader.Gen) -> 4460 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\winamp .exe (Trojan.Downloader.Gen) -> 5100 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\winamp .exe (Trojan.Downloader.Gen) -> 5584 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\csrss .exe (Trojan.Downloader.Gen) -> 3200 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\csrss .exe (Trojan.Downloader.Gen) -> 4128 -> Unloaded process successfully.

c:\Users\Stefan\AppData\Local\Temp\csrss .exe (Trojan.Downloader.Gen) -> 5920 -> Unloaded process successfully.

Memory Modules Infected:

c:\Windows\System32\v7qi6oob.dll (Trojan.Ertfor) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NefYCxl (Trojan.Ertfor) -> Value: uPc+kt0NefYCxl -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NefYCxl (Trojan.Ertfor) -> Value: uPc+kt0NefYCxl -> Delete on reboot.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NefYCxl (Trojan.Ertfor) -> Value: uPc+kt0NefYCxl -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsH (Trojan.Ertfor) -> Value: MqsH -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsHlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Ertfor) -> Value: MqsHlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsHlla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 (Trojan.Ertfor) -> Value: MqsHlla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsHlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (Trojan.Ertfor) -> Value: MqsHlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsuK (Trojan.Ertfor) -> Value: MqsuK -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsuKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 (Trojan.Ertfor) -> Value: MqsuKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsuKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Ertfor) -> Value: MqsuKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsuKla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 (Trojan.Ertfor) -> Value: MqsuKla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsuKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (Trojan.Ertfor) -> Value: MqsuKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsuKla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Ertfor) -> Value: MqsuKla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgrsJK (Backdoor.Bot) -> Value: LvikZkfgrsJK -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpuj (Backdoor.Bot) -> Value: LvikZkfgpuj -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPOTI (Trojan.Ertfor) -> Value: MqmPOTI -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPOTI (Trojan.Ertfor) -> Value: MqmPOTI -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpEK (Backdoor.Bot) -> Value: LvikZkfgpEK -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pquvejefifinohaz (Trojan.Hiloti) -> Value: Pquvejefifinohaz -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpuc (Trojan.Agent) -> Value: LvikZkfgpuc -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpuc (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0 (Trojan.Agent) -> Value: LvikZkfgpuc (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpuc (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Agent) -> Value: LvikZkfgpuc (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpuc (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.401.1 Safari/533.9 (Trojan.Agent) -> Value: LvikZkfgpuc (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.401.1 Safari/533.9 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpuc (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Agent) -> Value: LvikZkfgpuc (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpuc (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (Trojan.Agent) -> Value: LvikZkfgpuc (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpuc (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 (Trojan.Agent) -> Value: LvikZkfgpuc (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPwg (Trojan.Dropper) -> Value: MqmPwg -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPwga/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Dropper) -> Value: MqmPwga/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPwga/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 (Trojan.Dropper) -> Value: MqmPwga/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPwga/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 (Trojan.Dropper) -> Value: MqmPwga/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPwg (Trojan.Dropper) -> Value: MqmPwg -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPwga/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Dropper) -> Value: MqmPwga/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPwga/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 (Trojan.Dropper) -> Value: MqmPwga/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPwga/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 (Trojan.Dropper) -> Value: MqmPwga/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgrse (Trojan.Agent) -> Value: LvikZkfgrse -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgrse (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (Trojan.Agent) -> Value: LvikZkfgrse (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgrse (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Agent) -> Value: LvikZkfgrse (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgrse (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.401.1 Safari/533.9 (Trojan.Agent) -> Value: LvikZkfgrse (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.401.1 Safari/533.9 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgrse (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Agent) -> Value: LvikZkfgrse (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mqsuc (Trojan.PWS) -> Value: Mqsuc -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mqsuc (Trojan.PWS) -> Value: Mqsuc -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mqsuc (Trojan.PWS) -> Value: Mqsuc -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsZ (Trojan.Downloader) -> Value: MqsZ -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsZ (Trojan.Downloader) -> Value: MqsZ -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader) -> Value: MqsZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqsZ (Trojan.Downloader) -> Value: MqsZ -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpZ (Trojan.Downloader.Gen) -> Value: LvikZkfgpZ -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpZ0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader.Gen) -> Value: LvikZkfgpZ0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgspe (Trojan.Downloader.Gen) -> Value: LvikZkfgspe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgspe (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (Trojan.Downloader.Gen) -> Value: LvikZkfgspe (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgme (Trojan.Downloader.Gen) -> Value: LvikZkfgme -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgnyc (Trojan.Downloader.Gen) -> Value: LvikZkfgnyc -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgsPc (Trojan.Downloader.Gen) -> Value: LvikZkfgsPc -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgrta (Trojan.Downloader.Gen) -> Value: LvikZkfgrta -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgrsN (Trojan.Downloader.Gen) -> Value: LvikZkfgrsN -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpH (Trojan.Downloader.Gen) -> Value: LvikZkfgpH -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpH0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader.Gen) -> Value: LvikZkfgpH0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpuK (Trojan.Downloader.Gen) -> Value: LvikZkfgpuK -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpuK (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 (Trojan.Downloader.Gen) -> Value: LvikZkfgpuK (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgmN (Trojan.Downloader.Gen) -> Value: LvikZkfgmN -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgspI (Trojan.Downloader.Gen) -> Value: LvikZkfgspI -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgnyK (Trojan.Downloader.Gen) -> Value: LvikZkfgnyK -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgmSc (Trojan.Downloader.Gen) -> Value: LvikZkfgmSc -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgrsJc (Trojan.Downloader.Gen) -> Value: LvikZkfgrsJc -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgny0 (Trojan.Downloader.Gen) -> Value: LvikZkfgny0 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgmJc (Trojan.Downloader.Gen) -> Value: LvikZkfgmJc -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpEc (Trojan.Downloader.Gen) -> Value: LvikZkfgpEc -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpEch.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV

ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV

mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr

zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq

/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr

AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq

M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA

ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA

mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/

zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV

/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/

AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V

M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V

Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA

AAj/APcJHEiwoMGDCBMqXFgwEzGGECNKnEixosWLGDMqzJRpX6ZJGkOKtKhM2ciTKC0S60gQDUiE

JhnGJEnM5MyUBZU9xAnR5r560IAKDUp0KNB9JZHWU1a06VKkk9C49JnUZ8enMU1+zKQsk5ikP4mG

HWrS6ExlWJEi1akT2lm1aksezekTYk2eeFNGFRP1JbSVCmNyRAltoM67BZ/CVCo36ESweSP/nDxS

DBpie18m7DiJpUK+aCxPuilwaU3ShuOibVyPYmuCJVEXXvw4rOR9aFIzfH3QYcHQLkNT1ryv8yQx

lpMnD+yQ9FGbQT2LnL02Ie/SVSPOHHw7t0bfCUFL/0XzEThQrZlavzXM9rRJse9hD5Qe0vRB0m4h

V+ROsrRE4pQhRJ1AfVkmVXLHeceSZ8E1ApxHHxX0V0kPucVYXFip91NZqF2k33WwKTPJiH3JtxFH

IFK0VyYDBvhbYMgB5yByHNGHEEti2EhQgiNeRqGJHcJlEFMbKvWXhXIlRYxbS8XmXmxdiRZcjwAa

9NpZDumYk4m6xdQaUAlypVtxewEHHF8QeiamizcKJAYxYiw0YUkfReVSnAY5BmRia1W12pNKxlbP

lC71NZpAq2U0yUNZ7RQSdVeOFZeQbBLEEWAF4WkQS+S5qSmiNTlqKXfAJdmnSUue1mRbqCKqW1Qf

if/Wl3f3nZqoQLPNtl6aBGFKEIiopSjhQlSCBtdbrekan6Y3PRSndKFRuGRsTEK5alktRVVPVAxN

2Vmh3IJo4X1B4kqZsFDRt+ZA6I4pUZADgkTlXgJJJ+5RaRXGIXsi8rlRldfNOmuD9SKE3D6FKSaf

cxFdx517vjJk3LCuWjlRbi16xFeBVd317EqDPRsbpcdyqeF8IIknMK1kBucVojMVJkZ+SyVsmJ7t

MsQVhWDppFDGKNeZnsU5JwQgeAUVWN4+mjZHJ0TCESQlSPmaaHNMGTf4Mo1i3CBqnwkBTVBhTw75

NUSfNtRZhOcxBWVWFYNIq5YIDTxiwVtF6KqdPd7/qRm3SIlZNLv+eYkwR8jd0LVlrpar55ZIhdrV

r4adPZDYAzFuHW5eTRxidaxCyTR4mA/k3ptM4zZvoXdm4t2IEZKX9uKfojXQDY1QF2RXoSFHe4z7

nmwTahBrFTFsS4Z0cJ6/fbUV7JU21K+gb9OpU0cuk0deifMV6rqDa2+qaQzkszym78wXp3jivyv+

NTQFAj5pXWrpDtfxBw0uNZ7ldp37jhzpjJVYUiXVxWp9lkFLetCwmvSUBHY5YqBgZpUjv+DGMjeI

AWdyUy6mLS5AXvld4krHniZVSW8wSV7JSJi+lqQtaQaIQQEJtBXyrERKrHvZfADAwx72cBL1COD2

/2BCrZUsxSsuqRP5+EemiPTugusLzQ3Wd5Os6KRJtcqSxQInKt6gq4PuSp1/rka+GFRMVlIx1FZW

MrKD9DCDN+ihAQBgAOKwsGsxII1JMhgjkMRGOG+j1Gx8FxVG+e4rG3LSQrqCP94grUVItMy6FpKz

qLUEjjEglEEcdRrOGAeFAuFhjoxFjBjw0IybI1wmyFclZcSga/u4YacI9MI+1eMrRAKeiBSnOP0w

x3JY85nFVklHHq6Ahzeg20RWto8VlDFIDvkEWxCSm08eh4c7oZUykEm5hRBjinjSUAbzmLQcDUZ+

aqnJ43B1mkkgsHptg9KlvNlBNBgTAKac4zHxOf9Dc0ENT8DJYCt3Rk1DmS+OdQygYQCwgloiLIw3

4IIB5hJLgdbNKzUCHKMgxLMqYjBHJ9pJ9aB0GlsOaJv49GE+TclDAzgKRMn6ZwxWwkpQMdIrMWFm

SwoiSjEaJ44AsBEYJxEDr4lFDEUt2nHCApofiahDymAf+n5lu+xo6CmIGdKqxJBSAOSoK0TtoSkf

qrwboKEecLyLbyLYUFot70UEMiUxzOdKfApxXcCaT/kGQtQbWJBLApFKk1yyKf6YpHfI0Vcs0cLC

yF1uIXNsqTAF8s0VGCBOq/Gl7ZjXs5nixpl+vYzrPEM+v85Eiply0ynXhrieqi1vtSoqFxBVVFT/

pvBHoqFKhob3Gq+sr15cmWpC1LnJLLXHIQxNaYe4Ss2FJWZfBurMOAVYkG++xEa9u0Fg9xGDyN6z

h2CkYaH0hIaiHhapRd3JtajSlAQRyHzARQoCbUhWKDLRI2wMlUOIoUI35hOfljsIYSsGxlJ2pCR4

1NErE3KT5KA0mV3LoA9feJ2bwG8r6F3UOMe5s/C68L29yUQjeHndyF0PwV/Bn0S4OkeWzmxImYNv

xRKiuB2Vj3pdSSbcGMJSENWEfHWc8YCatBTewKmoeCTGiJfoogG3Syq0bAhH1ue1wxzEY5asSAaP

CVQAyBikgRFQKZPiEGgsMbiXKWWKkWStyYYS/5/LKQ6ieCjjy4krNpiUoVvcWdQbiKhOj2XwXKUi

ItEuyHd+nk+vPmEQ4U6Eq2Jl6KfQ1JMZC6TGsbwd+VpCDAMwhCiMLaWXuxJVy6yEGKc8dZaMiLBU

kbQm6FWcZ9RMPhuFKr/5Tdpl0PQa2nXqLx3J6kGggdj6BjonQGWpl4tT5+HqZpUeaRXTyHeTBT8a

0oeiEzSSg0/tMu1AZ/KlpSJqWliRh4+v5MqpP0EMdteITqfm76WkMteXSNHUiVMm8xzdmknytcV0

XEGzw5wpkD5HfTKczCqVkeXPfHOsJd6hV28gFGy56UzJOVNpR8Szn+BRcY0Frpa0guhD5ujUN/8V

d8G9vU1yUqoePgRAgGVi4yuvMshI0SBfNfWa3uLUngDwWo0e0u9TouW3uFKPhmyyEukidb5mqi2T

YSxyyJnko1IFJ3n4U5HEnVI6MaEjSz18o11jWnoc9ooGWZvRGm2Fc7Gk81PUHdUf6qsjvptc4z5i

lFVqUBluUI5yXlnajCNnL4dXDmLNepxDIvDwLDk1CbEGG4Ya4Jh5fA1RL3/K72S47dwpo0ASLmAA

xekhcdxnD/fZYpMs9duPv/AoBW+ZFSgu24YByjf5eJMaNdpMd1IGlbuGBrPCN9jECW9rW3pMA0g4

st11aEQQU/zooTeq3u6mm9jio5Iobo7eLSb/6S1dr874rtnlXUHBYzUa37BRYRLhZXJO4yCWqSmr

swEZyJDm91NG2rIMFUY6E3mZQzgDUV6Z5FmMpF8n1lFtgmB6hCjmpyOOFlgZxCArExxpNCWgwTfe

0oErQSiuAyvgwzobiETHET8maFBcxVLK1mJQBhH99jwZaCcamCBLZHwD4zKjZG4r84N94zeEYjcb

6IF3gmTcsym+4is8ooHLo3cL0X2Xwn8qRk0OUV4plV4XsSbXM4UPATKwIWEzt0nf1hACBjMYgT5T

Nza8cmVmpRw7IkERRGn4pX++ES2LFWL+coAFFF5igzT5MyDy5hBLdD0QQR10OEObpTwViF8C/xYj

KUZE88FGCCIadFgvNKJuxeVPgSV9tBE9HrFI+CE1iWY8U5glL5Eiz2J1NhJyw+YmsoZC5/dWlrId

NeGFUNM6sGIsjCRlmdNP3dQu+tM4h9FRp1Fe1gMobNEVWTJ079Yei7UTwHgRp9ZHZxdizTgaHQI0

pRM7oREh0EhZmgM5JxEsgPU5AsgQD5El0cGMIaN9MzGMGPQgHqQgzXhqz8US7UJ29YIZg8YypKYg

jtJB3PhYHcIb8ZGOgVg0vSc1x7d/zfhI4VFsDaFqjYg8ymJs+cNgbKhQluRHPuN7EjI4PfeJ5UJ2

KtcmlNJwBBJiEJlR39gRXHGPWnJIyCODGv9xS0l0QZPYHLBmclJVckFJix6iHSMpIMLScHVGe7G0

ak6pRRFhVr4ClFQ5lOwzfI73Ju4WblkCifzzNLexRRHhGV9UNJN2HIrTO/tFas3YOxjXO6pmh4jT

OzpxINf4iiMhb3DyjSwzIB02EvzoH+qYOfLXNdvyeFRZfL4zdGzEEmTDdRjhhZJ5GxFZcN/oOSEi

TKWTMRR1Eo5UEQPyJszIV5sYNhiRMW5XUiHhdr0BK3WilnG5Jk4Tlp92jnjZLQBFQ/aykWRVOq/h

iqCpFiJZfmsjPyASSRU5k2vZX4J5EWKTLCVphnBhPxQhGoDIhnw1cLSpWJQ1T8aRhBLhhAWppJxd

iJ2nSXPNeR37aJ6mM4IIgZB8VScWpxB5ZRF60nTP4zoS0VjbxpLFdZ1huU4S4UVtuF0tdCPUJSBi

+RhCEz4hQT/hcZG0eZvmMozzgSKLpCLueUGzeEhnQjIG0Rf6NqE8SaK2SaEMBqCwcUjuBJRu6ZVn

kkSBaaI0ihdPAZ8DMWJVuZiuA4kveng1GqRCWhkMZ3iCp51Daimwk0TTeGxJSnUgOhABAQA7 (Trojan.Downloader.Gen) -> Value: LvikZkfgpEch.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV

ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV

mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr

zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq

/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr

AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq

M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA

ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA

mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/

zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV

/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/

AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V

M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V

Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA

AAj/APcJHEiwoMGDCBMqXFgwEzGGECNKnEixosWLGDMqzJRpX6ZJGkOKtKhM2ciTKC0S60gQDUiE

JhnGJEnM5MyUBZU9xAnR5r560IAKDUp0KNB9JZHWU1a06VKkk9C49JnUZ8enMU1+zKQsk5ikP4mG

HWrS6ExlWJEi1akT2lm1aksezekTYk2eeFNGFRP1JbSVCmNyRAltoM67BZ/CVCo36ESweSP/nDxS

DBpie18m7DiJpUK+aCxPuilwaU3ShuOibVyPYmuCJVEXXvw4rOR9aFIzfH3QYcHQLkNT1ryv8yQx

lpMnD+yQ9FGbQT2LnL02Ie/SVSPOHHw7t0bfCUFL/0XzEThQrZlavzXM9rRJse9hD5Qe0vRB0m4h

V+ROsrRE4pQhRJ1AfVkmVXLHeceSZ8E1ApxHHxX0V0kPucVYXFip91NZqF2k33WwKTPJiH3JtxFH

IFK0VyYDBvhbYMgB5yByHNGHEEti2EhQgiNeRqGJHcJlEFMbKvWXhXIlRYxbS8XmXmxdiRZcjwAa

9NpZDumYk4m6xdQaUAlypVtxewEHHF8QeiamizcKJAYxYiw0YUkfReVSnAY5BmRia1W12pNKxlbP

lC71NZpAq2U0yUNZ7RQSdVeOFZeQbBLEEWAF4WkQS+S5qSmiNTlqKXfAJdmnSUue1mRbqCKqW1Qf

if/Wl3f3nZqoQLPNtl6aBGFKEIiopSjhQlSCBtdbrekan6Y3PRSndKFRuGRsTEK5alktRVVPVAxN

2Vmh3IJo4X1B4kqZsFDRt+ZA6I4pUZADgkTlXgJJJ+5RaRXGIXsi8rlRldfNOmuD9SKE3D6FKSaf

cxFdx517vjJk3LCuWjlRbi16xFeBVd317EqDPRsbpcdyqeF8IIknMK1kBucVojMVJkZ+SyVsmJ7t

MsQVhWDppFDGKNeZnsU5JwQgeAUVWN4+mjZHJ0TCESQlSPmaaHNMGTf4Mo1i3CBqnwkBTVBhTw75

NUSfNtRZhOcxBWVWFYNIq5YIDTxiwVtF6KqdPd7/qRm3SIlZNLv+eYkwR8jd0LVlrpar55ZIhdrV

r4adPZDYAzFuHW5eTRxidaxCyTR4mA/k3ptM4zZvoXdm4t2IEZKX9uKfojXQDY1QF2RXoSFHe4z7

nmwTahBrFTFsS4Z0cJ6/fbUV7JU21K+gb9OpU0cuk0deifMV6rqDa2+qaQzkszym78wXp3jivyv+

NTQFAj5pXWrpDtfxBw0uNZ7ldp37jhzpjJVYUiXVxWp9lkFLetCwmvSUBHY5YqBgZpUjv+DGMjeI

AWdyUy6mLS5AXvld4krHniZVSW8wSV7JSJi+lqQtaQaIQQEJtBXyrERKrHvZfADAwx72cBL1COD2

/2BCrZUsxSsuqRP5+EemiPTugusLzQ3Wd5Os6KRJtcqSxQInKt6gq4PuSp1/rka+GFRMVlIx1FZW

MrKD9DCDN+ihAQBgAOKwsGsxII1JMhgjkMRGOG+j1Gx8FxVG+e4rG3LSQrqCP94grUVItMy6FpKz

qLUEjjEglEEcdRrOGAeFAuFhjoxFjBjw0IybI1wmyFclZcSga/u4YacI9MI+1eMrRAKeiBSnOP0w

x3JY85nFVklHHq6Ahzeg20RWto8VlDFIDvkEWxCSm08eh4c7oZUykEm5hRBjinjSUAbzmLQcDUZ+

aqnJ43B1mkkgsHptg9KlvNlBNBgTAKac4zHxOf9Dc0ENT8DJYCt3Rk1DmS+OdQygYQCwgloiLIw3

4IIB5hJLgdbNKzUCHKMgxLMqYjBHJ9pJ9aB0GlsOaJv49GE+TclDAzgKRMn6ZwxWwkpQMdIrMWFm

SwoiSjEaJ44AsBEYJxEDr4lFDEUt2nHCApofiahDymAf+n5lu+xo6CmIGdKqxJBSAOSoK0TtoSkf

qrwboKEecLyLbyLYUFot70UEMiUxzOdKfApxXcCaT/kGQtQbWJBLApFKk1yyKf6YpHfI0Vcs0cLC

yF1uIXNsqTAF8s0VGCBOq/Gl7ZjXs5nixpl+vYzrPEM+v85Eiply0ynXhrieqi1vtSoqFxBVVFT/

pvBHoqFKhob3Gq+sr15cmWpC1LnJLLXHIQxNaYe4Ss2FJWZfBurMOAVYkG++xEa9u0Fg9xGDyN6z

h2CkYaH0hIaiHhapRd3JtajSlAQRyHzARQoCbUhWKDLRI2wMlUOIoUI35hOfljsIYSsGxlJ2pCR4

1NErE3KT5KA0mV3LoA9feJ2bwG8r6F3UOMe5s/C68L29yUQjeHndyF0PwV/Bn0S4OkeWzmxImYNv

xRKiuB2Vj3pdSSbcGMJSENWEfHWc8YCatBTewKmoeCTGiJfoogG3Syq0bAhH1ue1wxzEY5asSAaP

CVQAyBikgRFQKZPiEGgsMbiXKWWKkWStyYYS/5/LKQ6ieCjjy4krNpiUoVvcWdQbiKhOj2XwXKUi

ItEuyHd+nk+vPmEQ4U6Eq2Jl6KfQ1JMZC6TGsbwd+VpCDAMwhCiMLaWXuxJVy6yEGKc8dZaMiLBU

kbQm6FWcZ9RMPhuFKr/5Tdpl0PQa2nXqLx3J6kGggdj6BjonQGWpl4tT5+HqZpUeaRXTyHeTBT8a

0oeiEzSSg0/tMu1AZ/KlpSJqWliRh4+v5MqpP0EMdteITqfm76WkMteXSNHUiVMm8xzdmknytcV0

XEGzw5wpkD5HfTKczCqVkeXPfHOsJd6hV28gFGy56UzJOVNpR8Szn+BRcY0Frpa0guhD5ujUN/8V

d8G9vU1yUqoePgRAgGVi4yuvMshI0SBfNfWa3uLUngDwWo0e0u9TouW3uFKPhmyyEukidb5mqi2T

YSxyyJnko1IFJ3n4U5HEnVI6MaEjSz18o11jWnoc9ooGWZvRGm2Fc7Gk81PUHdUf6qsjvptc4z5i

lFVqUBluUI5yXlnajCNnL4dXDmLNepxDIvDwLDk1CbEGG4Ya4Jh5fA1RL3/K72S47dwpo0ASLmAA

xekhcdxnD/fZYpMs9duPv/AoBW+ZFSgu24YByjf5eJMaNdpMd1IGlbuGBrPCN9jECW9rW3pMA0g4

st11aEQQU/zooTeq3u6mm9jio5Iobo7eLSb/6S1dr874rtnlXUHBYzUa37BRYRLhZXJO4yCWqSmr

swEZyJDm91NG2rIMFUY6E3mZQzgDUV6Z5FmMpF8n1lFtgmB6hCjmpyOOFlgZxCArExxpNCWgwTfe

0oErQSiuAyvgwzobiETHET8maFBcxVLK1mJQBhH99jwZaCcamCBLZHwD4zKjZG4r84N94zeEYjcb

6IF3gmTcsym+4is8ooHLo3cL0X2Xwn8qRk0OUV4plV4XsSbXM4UPATKwIWEzt0nf1hACBjMYgT5T

Nza8cmVmpRw7IkERRGn4pX++ES2LFWL+coAFFF5igzT5MyDy5hBLdD0QQR10OEObpTwViF8C/xYj

KUZE88FGCCIadFgvNKJuxeVPgSV9tBE9HrFI+CE1iWY8U5glL5Eiz2J1NhJyw+YmsoZC5/dWlrId

NeGFUNM6sGIsjCRlmdNP3dQu+tM4h9FRp1Fe1gMobNEVWTJ079Yei7UTwHgRp9ZHZxdizTgaHQI0

pRM7oREh0EhZmgM5JxEsgPU5AsgQD5El0cGMIaN9MzGMGPQgHqQgzXhqz8US7UJ29YIZg8YypKYg

jtJB3PhYHcIb8ZGOgVg0vSc1x7d/zfhI4VFsDaFqjYg8ymJs+cNgbKhQluRHPuN7EjI4PfeJ5UJ2

KtcmlNJwBBJiEJlR39gRXHGPWnJIyCODGv9xS0l0QZPYHLBmclJVckFJix6iHSMpIMLScHVGe7G0

ak6pRRFhVr4ClFQ5lOwzfI73Ju4WblkCifzzNLexRRHhGV9UNJN2HIrTO/tFas3YOxjXO6pmh4jT

OzpxINf4iiMhb3DyjSwzIB02EvzoH+qYOfLXNdvyeFRZfL4zdGzEEmTDdRjhhZJ5GxFZcN/oOSEi

TKWTMRR1Eo5UEQPyJszIV5sYNhiRMW5XUiHhdr0BK3WilnG5Jk4Tlp92jnjZLQBFQ/aykWRVOq/h

iqCpFiJZfmsjPyASSRU5k2vZX4J5EWKTLCVphnBhPxQhGoDIhnw1cLSpWJQ1T8aRhBLhhAWppJxd

iJ2nSXPNeR37aJ6mM4IIgZB8VScWpxB5ZRF60nTP4zoS0VjbxpLFdZ1huU4S4UVtuF0tdCPUJSBi

+RhCEz4hQT/hcZG0eZvmMozzgSKLpCLueUGzeEhnQjIG0Rf6NqE8SaK2SaEMBqCwcUjuBJRu6ZVn

kkSBaaI0ihdPAZ8DMWJVuZiuA4kveng1GqRCWhkMZ3iCp51Daimwk0TTeGxJSnUgOhABAQA7 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgsp3 (Trojan.Downloader.Gen) -> Value: LvikZkfgsp3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgpu0 (Trojan.Downloader.Gen) -> Value: LvikZkfgpu0 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgmJK (Trojan.Downloader.Gen) -> Value: LvikZkfgmJK -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgsp0c (Trojan.Downloader.Gen) -> Value: LvikZkfgsp0c -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvikZkfgnyj (Trojan.Downloader.Gen) -> Value: LvikZkfgnyj -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AV8 (Rogue.Antivirus8) -> Value: AV8 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPOTZ (Trojan.Downloader.Gen) -> Value: MqmPOTZ -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPOTZ (Trojan.Downloader.Gen) -> Value: MqmPOTZ -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPz9 (Trojan.Downloader.Gen) -> Value: MqmPz9 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPz9a/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader.Gen) -> Value: MqmPz9a/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPz9a/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 (Trojan.Downloader.Gen) -> Value: MqmPz9a/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPz9 (Trojan.Downloader.Gen) -> Value: MqmPz9 -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPz9a/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader.Gen) -> Value: MqmPz9a/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPz9a/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 (Trojan.Downloader.Gen) -> Value: MqmPz9a/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fnufazuyuf (Trojan.Agent.U) -> Value: Fnufazuyuf -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files (x86)\AV8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.

Files Infected:

c:\Windows\System32\v7qi6oob.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Windows\mdm .exe (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Windows\lsass .exe (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\svchost .exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\lsass .exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\Windows\Temp\oi02lu68gk .exe (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\mdm .exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Local\mrirebyJ.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\3254148362.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\setup.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\Windows\System32\wvkud9te.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\v7qi6oob.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\wvkud9te.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\config\systemprofile\AppData\Local\mrirebyJ.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\Temp\avp32 .exe (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Windows\Temp\bvhsgt.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Windows\Temp\hkvsp.exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\Windows\Temp\jsdfaot.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\Temp\nbla0cff9zf0d9v1.exe (Trojan.Malex) -> Quarantined and deleted successfully.

c:\Windows\Temp\nvsvc32 .exe (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Windows\Temp\spoolsv .exe (Trojan.Ertfor) -> Quarantined and deleted successfully.

c:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\iexplorer.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\Temp\spoolsv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\lsass.exe (Trojan.PWS) -> Quarantined and deleted successfully.

c:\Windows\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\mdm.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\winamp.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\avp.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\svchost .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\mdm .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\lsass .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\avp .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\winamp .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\csrss .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\svchost .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\csrss .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\avp .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\mdm .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\winamp .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\lsass .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\avp .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\winamp .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Users\Stefan\AppData\Local\Temp\csrss .exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Windows\Temp\oi02lu68gk.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Windows\Temp\nvsvc32.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Local\omufufuf.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

********************************************************************************

*****************************

last log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5566

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/22/2011 12:56:23 PM

mbam-log-2011-01-22 (12-56-23).txt

Scan type: Quick scan

Objects scanned: 157775

Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

********************************************************************************

***********************

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Stefan at 14:13:28.16 on Sat 01/22/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2649 [GMT -6:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k netsvcs

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv .exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher .exe

C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext .exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor .exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2 .exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline .exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Stefan\Desktop\dds.com

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.verizon.net/central/appmanager/portal/vzcentral#Scene_1

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

uURLSearchHooks: H - No File

mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

mWinlogon: Userinit=userinit.exe,

BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - C:\Program Files (x86)\alot\bin\alot.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File

TB-X64: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File

TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe

mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

mRun-x64: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe

mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-12 55856]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-18 689472]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-5-18 172704]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-24 215552]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-24 393728]

S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2008-4-1 24576]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-25 1255736]

=============== Created Last 30 ================

2011-01-22 19:05:13 82434 ----a-w- C:\PROGRA~3\8KQ5cGJd.exe

2011-01-21 21:59:30 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{CDAC1CD5-7B0E-43C8-A960-CA49EBCE1D5D}\mpengine.dll

2011-01-21 21:59:30 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-01-21 04:24:01 -------- d-----w- C:\Users\Stefan\AppData\Roaming\Malwarebytes

2011-01-21 04:23:57 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-21 04:23:56 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-01-21 04:23:53 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-01-21 04:23:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-19 15:56:02 -------- d-----w- C:\PROGRA~3\Citrix

2011-01-19 15:55:37 -------- d-----w- C:\Users\Stefan\AppData\Local\Citrix

2011-01-19 15:55:36 103784 ----a-w- C:\Users\Stefan\GoToAssistDownloadHelper.exe

2011-01-19 15:55:03 -------- d-----w- C:\Users\Stefan\AppData\Local\Deployment

2011-01-19 15:55:03 -------- d-----w- C:\Users\Stefan\AppData\Local\Apps

2011-01-13 01:08:50 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-01-13 01:08:50 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-01-13 01:08:50 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2011-01-13 01:08:50 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2011-01-13 01:08:50 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-01-13 01:08:50 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-01-13 01:08:49 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-01-13 01:08:49 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2011-01-13 01:08:49 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2011-01-13 01:08:49 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2010-12-30 16:56:23 -------- d-----w- C:\Users\Stefan\AppData\Local\ElevatedDiagnostics

==================== Find3M ====================

2011-01-21 19:43:35 79874 ----a-w- C:\PROGRA~3\8KQ5cGJd.old

2010-11-29 23:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-11-29 23:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-11-29 20:46:05 53248 ----a-w- C:\Windows\SysWow64\FastUv32.dll

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll

2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec

2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe

2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

============= FINISH: 14:14:08.28 ===============

Link to post
Share on other sites
  • Replies 78
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Maniac

Maniac

Posted
Posted

Hello Bob! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

  • Download OTL (by OldTimer):
    1. OTL.exe
    2. OTL.com
    3. OTL.scr

    [*]Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.

    [*]When the window appears, underneath Output at the top change it to Minimal Output.

    [*]Under the Standard Registry box change it to All.

    [*]Check the boxes beside LOP Check and Purity Check.

    [*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites
wacokid

wacokid

Posted
  • Author
Posted

Hello Borislav,

Thanks for such a fast reply!

OTL logfile created on: 1/22/2011 2:57:38 PM - Run 1

OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Stefan\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283.40 Gb Total Space | 229.72 Gb Free Space | 81.06% Space Free | Partition Type: NTFS

Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe ()

PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor .exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()

PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv .exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher .exe ()

PRC - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext .exe (Microsoft Corp.)

PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline .exe ()

PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2 .exe (Creative Technology Ltd)

PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)

SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (FastUserSwitchingCompatibility) -- C:\Windows\SysWOW64\FastUv32.dll ()

SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)

SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/appmanager/...central#Scene_1

IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/18 11:58:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{6D6DC1A3-48A0-446F-A038-49DC620EDF89}: C:\Windows\system32\config\systemprofile\AppData\Local\{6D6DC1A3-48A0-446F-A038-49DC620EDF89}\ [2010/11/28 16:06:54 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)

O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ()

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe ()

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe ()

O4 - HKLM..\Run: [DellSupportCenter] File not found

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe ()

O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe ()

O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe ()

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe ()

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ()

O4 - HKCU..\Run: [msnmsgr] File not found

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)

O4 - HKLM..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0...inAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/22 14:54:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe

[2011/01/21 14:27:34 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Stefan\Desktop\mbam-setup.exe

[2011/01/21 03:58:56 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Stefan\Desktop\HijackThis.exe

[2011/01/20 22:24:01 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes

[2011/01/20 22:23:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/01/20 22:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/01/20 22:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/01/20 22:23:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/01/20 22:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/01/20 22:22:54 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Stefan\Desktop\rtm123.exe

[2011/01/19 09:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix

[2011/01/19 09:55:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Citrix

[2011/01/19 09:55:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Deployment

[2011/01/19 09:55:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Apps

[2011/01/12 19:08:50 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll

[2011/01/12 19:08:50 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll

[2010/12/30 10:56:23 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\ElevatedDiagnostics

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/22 14:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe

[2011/01/22 14:50:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/22 14:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job

[2011/01/22 13:53:17 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/22 13:53:17 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/22 13:50:30 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/01/22 13:50:30 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/01/22 13:50:30 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/01/22 13:45:50 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/22 13:14:39 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2011/01/22 13:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job

[2011/01/22 13:06:49 | 000,082,434 | ---- | M] () -- C:\ProgramData\8KQ5cGJd.exe

[2011/01/22 13:06:49 | 000,000,112 | ---- | M] () -- C:\ProgramData\2807yup1.dat

[2011/01/22 13:03:09 | 000,624,128 | ---- | M] () -- C:\Users\Stefan\Desktop\dds.com

[2011/01/21 17:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job

[2011/01/21 16:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job

[2011/01/21 15:18:44 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job

[2011/01/21 14:29:48 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/21 14:27:38 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Stefan\Desktop\mbam-setup.exe

[2011/01/21 13:43:35 | 000,079,874 | ---- | M] () -- C:\ProgramData\8KQ5cGJd.old

[2011/01/21 12:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job

[2011/01/21 11:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job

[2011/01/21 10:58:40 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job

[2011/01/21 10:58:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job

[2011/01/21 10:58:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job

[2011/01/21 10:58:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job

[2011/01/21 10:58:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job

[2011/01/21 10:58:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job

[2011/01/21 04:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job

[2011/01/21 03:58:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Stefan\Desktop\HijackThis.exe

[2011/01/21 03:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job

[2011/01/21 03:05:36 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job

[2011/01/21 03:05:36 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job

[2011/01/21 03:05:36 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job

[2011/01/20 23:20:34 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Stefan\Desktop\rtm123.exe

[2011/01/20 23:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job

[2011/01/20 22:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job

[2011/01/19 09:55:36 | 000,103,784 | ---- | M] () -- C:\Users\Stefan\GoToAssistDownloadHelper.exe

[2011/01/18 21:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job

[2011/01/18 19:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job

[2011/01/18 18:09:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job

[2011/01/12 20:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job

[2010/12/24 14:45:12 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/22 13:05:13 | 000,082,434 | ---- | C] () -- C:\ProgramData\8KQ5cGJd.exe

[2011/01/22 13:03:08 | 000,624,128 | ---- | C] () -- C:\Users\Stefan\Desktop\dds.com

[2011/01/20 22:23:57 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/19 09:55:36 | 000,103,784 | ---- | C] () -- C:\Users\Stefan\GoToAssistDownloadHelper.exe

[2010/12/17 05:22:28 | 000,000,112 | ---- | C] () -- C:\ProgramData\2807yup1.dat

[2010/12/17 05:22:27 | 000,079,874 | ---- | C] () -- C:\ProgramData\8KQ5cGJd.old

[2010/11/29 14:46:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FastUv32.dll

[2010/09/28 17:53:23 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2010/06/19 07:09:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/06/01 06:01:46 | 000,000,898 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wklnhst.dat

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/07/07 06:33:41 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GARMIN

[2010/12/04 19:51:58 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PCDr

[2010/06/18 12:11:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Template

[2010/05/25 04:25:19 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\WildTangent

[2011/01/21 03:05:36 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At1.job

[2011/01/21 10:58:39 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At10.job

[2011/01/21 10:58:40 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At11.job

[2011/01/21 11:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At12.job

[2011/01/21 12:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At13.job

[2011/01/22 13:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At14.job

[2011/01/22 14:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At15.job

[2011/01/21 15:18:44 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At16.job

[2011/01/21 16:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At17.job

[2011/01/21 17:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At18.job

[2011/01/18 18:09:03 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At19.job

[2011/01/21 03:05:36 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At2.job

[2011/01/18 19:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At20.job

[2011/01/12 20:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At21.job

[2011/01/18 21:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At22.job

[2011/01/20 22:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At23.job

[2011/01/20 23:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At24.job

[2011/01/21 03:05:36 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At3.job

[2011/01/21 03:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At4.job

[2011/01/21 04:09:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At5.job

[2011/01/21 10:58:39 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At6.job

[2011/01/21 10:58:39 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At7.job

[2011/01/21 10:58:39 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At8.job

[2011/01/21 10:58:39 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At9.job

[2010/12/24 14:45:12 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2011/01/13 05:44:16 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/01/22 13:14:39 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 1/22/2011 2:57:38 PM - Run 1

OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Stefan\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283.40 Gb Total Space | 229.72 Gb Free Space | 81.06% Space Free | Partition Type: NTFS

Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableSR" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java 6 Update 17 (64-bit)

"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour

"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks!

Before we go, I need more information about some files. Please visit www.virustotal.com and upload the following files one by one:

C:\Windows\SysWOW64\FastUv32.dll

C:\ProgramData\8KQ5cGJd.exe

C:\ProgramData\2807yup1.dat

Please post the resaults in your next reply.

Link to post
Share on other sites
wacokid

wacokid

Posted
  • Author
Posted

jotti results

Filename: FastUv32.dll

Status: Scan finished. 15 out of 19 scanners reported malware.

Filename: 8KQ5cGJd.exe

Status: Scan finished. 8 out of 19 scanners reported malware.

Filename: 2807yup1.dat

Status: Scan finished. 0 out of 19 scanners reported malware.

These are some of the files I mentioned in my 1st post, they come back after being deleted. The 8kq5cgjd.exe file duplicates itself to another file name and runs as a process also.

My que at virustotal is now 6569 :)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

WOW.... VT is very busy right now

Thank you! :)

First:

  1. Please download the Suspicious File Packer (by Safer Networking Limited) and unzip to your desktop.
  2. Run sfp.exe
  3. Copy the following part of code box into the SFP window:
    C:\Windows\SysWOW64\FastUv32.dll
    C:\ProgramData\8KQ5cGJd.exe


  4. Allow SFP to pack the file and then will be generate a CAB archive on your desktop.

Second:

  1. Please visit this website: Submit Malware Sample
  2. Against the inscription: "Link to topic where this file was requested:", insert links pointing to this topic.
  3. Against the inscription: "Browse to the file you want to submit:", click on the Choose... button. Navigate to the CAB file which will be called requested-files[ * ].cab (the * stands for the date and hour).
  4. Against the inscription: "Leave any comments, further information about this file, or contact information:" should be written as follows:
    Sent at the request of Borislav.
  5. Once you're ready, click the Send File button.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please, uninstall the following applications:

  1. MSN Toolbar
  2. Ask Toolbar
  3. ALOT Toolbar

You can read, how to this here:

Step 2

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:files
C:\Windows\SysWOW64\FastUv32.dll
C:\Windows\*.tmp
C:\Windows\tasks\*.job
C:\ProgramData\8KQ5cGJd.exe
C:\ProgramData\2807yup1.dat
C:\ProgramData\8KQ5cGJd.old

:Commands
[purity]
[emptytemp]
[emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites
wacokid

wacokid

Posted
  • Author
Posted

Ok, it made me restart.

All processes killed

========== FILES ==========

C:\Windows\SysWOW64\FastUv32.dll moved successfully.

C:\Windows\A055FB62CF734839AD83122ABCB92418.TMP folder moved successfully.

C:\Windows\tasks\At1.job moved successfully.

C:\Windows\tasks\At10.job moved successfully.

C:\Windows\tasks\At11.job moved successfully.

C:\Windows\tasks\At12.job moved successfully.

C:\Windows\tasks\At13.job moved successfully.

C:\Windows\tasks\At14.job moved successfully.

C:\Windows\tasks\At15.job moved successfully.

C:\Windows\tasks\At16.job moved successfully.

C:\Windows\tasks\At17.job moved successfully.

C:\Windows\tasks\At18.job moved successfully.

C:\Windows\tasks\At19.job moved successfully.

C:\Windows\tasks\At2.job moved successfully.

C:\Windows\tasks\At20.job moved successfully.

C:\Windows\tasks\At21.job moved successfully.

C:\Windows\tasks\At22.job moved successfully.

C:\Windows\tasks\At23.job moved successfully.

C:\Windows\tasks\At24.job moved successfully.

C:\Windows\tasks\At3.job moved successfully.

C:\Windows\tasks\At4.job moved successfully.

C:\Windows\tasks\At5.job moved successfully.

C:\Windows\tasks\At6.job moved successfully.

C:\Windows\tasks\At7.job moved successfully.

C:\Windows\tasks\At8.job moved successfully.

C:\Windows\tasks\At9.job moved successfully.

C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job moved successfully.

C:\Windows\tasks\SystemToolsDailyTest.job moved successfully.

C:\ProgramData\8KQ5cGJd.exe moved successfully.

C:\ProgramData\2807yup1.dat moved successfully.

C:\ProgramData\8KQ5cGJd.old moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stefan

->Temp folder emptied: 1987666990 bytes

->Temporary Internet Files folder emptied: 49621058 bytes

->Java cache emptied: 7816065 bytes

->Flash cache emptied: 140817 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 50654870 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 107926060 bytes

Total Files Cleaned = 2,102.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Stefan

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.4 log created on 01222011_171439

Files\Folders moved on Reboot...

C:\Users\Stefan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Stefan\AppData\Local\Temp\~DF12002519CB2B868A.TMP not found!

File\Folder C:\Users\Stefan\AppData\Local\Temp\~DF512B05A1CF86D707.TMP not found!

File\Folder C:\Users\Stefan\AppData\Local\Temp\~DF51E49A8C624FDBA1.TMP not found!

File\Folder C:\Users\Stefan\AppData\Local\Temp\~DFF7D4E6F53EE04785.TMP not found!

C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SQM1BZPO\index[1].htm moved successfully.

C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7S3NOVV1\iframe[1].htm moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Good! :)

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites
wacokid

wacokid

Posted
  • Author
Posted

Ok, combofix successful.

ComboFix 11-01-22.01 - Stefan 01/22/2011 17:32:00.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2839 [GMT -6:00]

Running from: c:\users\Stefan\Desktop\Combo-Fix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

c:\programdata\PCDr\5744\Downloads\3f27aeb4-f0e2-4006-92ee-e1f5a49cf45f.dll

c:\programdata\PCDr\5744\Downloads\4b383fe0-07a2-4239-92b0-7200db829d58.dll

c:\programdata\PCDr\5744\Downloads\69282cc9-4087-49e4-b903-9638b4f63ccc.dll

c:\programdata\PCDr\5744\Downloads\79d05ae1-1d2a-46cf-9a29-5dd82888a439.dll

c:\programdata\PCDr\5744\Downloads\ace5304d-f4d3-4e03-9b43-c1113c682910.dll

c:\users\Stefan\GoToAssistDownloadHelper.exe

c:\windows\system32\certstore.dat

c:\windows\SysWow64\certstore.dat

.

((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))

.

2011-01-22 23:36 . 2011-01-22 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-22 23:14 . 2011-01-22 23:14 -------- d-----w- C:\_OTL

2011-01-21 21:59 . 2011-01-20 16:39 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDAC1CD5-7B0E-43C8-A960-CA49EBCE1D5D}\mpengine.dll

2011-01-21 21:59 . 2010-10-19 16:41 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-01-21 04:24 . 2011-01-21 04:24 -------- d-----w- c:\users\Stefan\AppData\Roaming\Malwarebytes

2011-01-21 04:23 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-21 04:23 . 2011-01-21 04:23 -------- d-----w- c:\programdata\Malwarebytes

2011-01-21 04:23 . 2011-01-21 20:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-21 04:23 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-19 15:56 . 2011-01-19 15:56 -------- d-----w- c:\programdata\Citrix

2011-01-19 15:55 . 2011-01-19 15:55 -------- d-----w- c:\users\Stefan\AppData\Local\Citrix

2011-01-19 15:55 . 2011-01-19 15:55 -------- d-----w- c:\users\Stefan\AppData\Local\Deployment

2011-01-19 15:55 . 2011-01-19 15:55 -------- d-----w- c:\users\Stefan\AppData\Local\Apps

2011-01-13 01:08 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2011-01-13 01:08 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-13 01:08 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-13 01:08 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-13 01:08 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-13 01:08 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2011-01-13 01:08 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2011-01-13 01:08 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2011-01-13 01:08 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2011-01-13 01:08 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2010-12-30 16:56 . 2010-12-30 16:56 -------- d-----w- c:\users\Stefan\AppData\Local\ElevatedDiagnostics

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2010-11-04 06:35 . 2010-12-15 11:29 1194496 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 06:31 . 2010-12-15 11:29 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 05:52 . 2010-12-15 11:29 978944 ----a-w- c:\windows\SysWow64\wininet.dll

2010-11-04 05:48 . 2010-12-15 11:29 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-11-04 05:16 . 2010-12-15 11:29 482816 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:41 . 2010-12-15 11:29 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-11-04 04:35 . 2010-12-15 11:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 04:08 . 2010-12-15 11:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-11-02 05:18 . 2010-12-15 11:30 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 05:17 . 2010-12-15 11:30 1169408 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 05:17 . 2010-12-15 11:29 473600 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 05:16 . 2010-12-15 11:30 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 05:10 . 2010-12-15 11:30 464384 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 05:10 . 2010-12-15 11:29 285696 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:40 . 2010-12-15 11:29 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-11-02 04:40 . 2010-12-15 11:29 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-11-02 04:34 . 2010-12-15 11:29 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-11-02 04:34 . 2010-12-15 11:29 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

2010-10-27 05:06 . 2010-12-15 11:30 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-27 04:32 . 2010-12-15 11:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

<pre>
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files (x86)\Common Files\Java\Java Update\jusched .exe
c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files (x86)\Dell DataSafe Online\DataSafeOnline .exe
c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2 .exe
c:\program files (x86)\iTunes\iTunesHelper .exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor .exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext .exe
c:\program files (x86)\QuickTime\QTTask .exe
c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

2010-06-14 00:10 2734688 ----a-w- c:\program files (x86)\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyng.dll" [2010-06-14 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-12-16 40964]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-12-16 40964]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-12-16 40964]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [N/A]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2010-12-16 40964]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-12-16 40964]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-12-16 40964]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]

"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

PHOTOfunSTUDIO 5.2 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-9-28 172544]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-04-01 24576]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.verizon.net/central/appmanager/portal/vzcentral#Scene_1

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)

WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

AddRemove-HijackThis - c:\dell\DOCMRT\Main\HijackThis.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-01-22 17:39:28

ComboFix-quarantined-files.txt 2011-01-22 23:39

Pre-Run: 248,743,735,296 bytes free

Post-Run: 248,630,497,280 bytes free

- - End Of File - - 98A8199D33118FC24A9A4D070C9193B8

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Open Notepad and copy and paste the text in the code box below into it:

RenV::
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files (x86)\Common Files\Java\Java Update\jusched .exe
c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files (x86)\Dell DataSafe Online\DataSafeOnline .exe
c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2 .exe
c:\program files (x86)\iTunes\iTunesHelper .exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor .exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext .exe
c:\program files (x86)\QuickTime\QTTask .exe
c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher .exe

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites
wacokid

wacokid

Posted
  • Author
Posted

combofix script results

ComboFix 11-01-22.01 - Stefan 01/22/2011 17:53:28.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2656 [GMT -6:00]

Running from: c:\users\Stefan\Desktop\Combo-Fix.exe

Command switches used :: c:\users\Stefan\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))

.

2011-01-22 23:57 . 2011-01-22 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-22 23:14 . 2011-01-22 23:14 -------- d-----w- C:\_OTL

2011-01-21 21:59 . 2011-01-20 16:39 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDAC1CD5-7B0E-43C8-A960-CA49EBCE1D5D}\mpengine.dll

2011-01-21 21:59 . 2010-10-19 16:41 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-01-21 04:24 . 2011-01-21 04:24 -------- d-----w- c:\users\Stefan\AppData\Roaming\Malwarebytes

2011-01-21 04:23 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-21 04:23 . 2011-01-21 04:23 -------- d-----w- c:\programdata\Malwarebytes

2011-01-21 04:23 . 2011-01-21 20:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-21 04:23 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-19 15:56 . 2011-01-19 15:56 -------- d-----w- c:\programdata\Citrix

2011-01-19 15:55 . 2011-01-19 15:55 -------- d-----w- c:\users\Stefan\AppData\Local\Citrix

2011-01-19 15:55 . 2011-01-19 15:55 -------- d-----w- c:\users\Stefan\AppData\Local\Deployment

2011-01-19 15:55 . 2011-01-19 15:55 -------- d-----w- c:\users\Stefan\AppData\Local\Apps

2011-01-13 01:08 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2011-01-13 01:08 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-13 01:08 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-13 01:08 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-13 01:08 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-13 01:08 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2011-01-13 01:08 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2011-01-13 01:08 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2011-01-13 01:08 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2011-01-13 01:08 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2010-12-30 16:56 . 2010-12-30 16:56 -------- d-----w- c:\users\Stefan\AppData\Local\ElevatedDiagnostics

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2010-11-04 06:35 . 2010-12-15 11:29 1194496 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 06:31 . 2010-12-15 11:29 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 05:52 . 2010-12-15 11:29 978944 ----a-w- c:\windows\SysWow64\wininet.dll

2010-11-04 05:48 . 2010-12-15 11:29 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-11-04 05:16 . 2010-12-15 11:29 482816 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:41 . 2010-12-15 11:29 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-11-04 04:35 . 2010-12-15 11:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 04:08 . 2010-12-15 11:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-11-02 05:18 . 2010-12-15 11:30 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 05:17 . 2010-12-15 11:30 1169408 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 05:17 . 2010-12-15 11:29 473600 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 05:16 . 2010-12-15 11:30 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 05:10 . 2010-12-15 11:30 464384 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 05:10 . 2010-12-15 11:29 285696 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:40 . 2010-12-15 11:29 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-11-02 04:40 . 2010-12-15 11:29 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-11-02 04:34 . 2010-12-15 11:29 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-11-02 04:34 . 2010-12-15 11:29 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

2010-10-27 05:06 . 2010-12-15 11:30 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-27 04:32 . 2010-12-15 11:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-01-22_23.36.58 )))))))))))))))))))))))))))))))))))))))))

.

- 2010-05-25 16:05 . 2011-01-22 23:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-25 16:05 . 2011-01-22 23:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-25 16:05 . 2011-01-22 23:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-25 16:05 . 2011-01-22 23:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-01-22 23:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-01-22 23:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

2010-06-14 00:10 2734688 ----a-w- c:\program files (x86)\Zynga\tbZyng.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyng.dll" [2010-06-14 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-11 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

PHOTOfunSTUDIO 5.2 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-9-28 172544]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-04-01 24576]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.verizon.net/central/appmanager/portal/vzcentral#Scene_1

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-msnmsgr - c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)

WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-01-22 17:59:53

ComboFix-quarantined-files.txt 2011-01-22 23:59

ComboFix2.txt 2011-01-22 23:39

Pre-Run: 249,446,432,768 bytes free

Post-Run: 249,405,837,312 bytes free

- - End Of File - - D238311B69402C359456D8916932EF46

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step 2

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

In your next reply, please include these log(s):

  1. ESET Online Scanner
  2. Rootkit Unhooker

Link to post
Share on other sites
wacokid

wacokid

Posted
  • Author
Posted

ESETS ran ok but Rootkit Unhooker doesn't, here's the error: Error loading driver, NTSTATUS code: 0xC000036B

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

C:\dell\docmrt7.bat a variant of Win32/Adware.ADON application deleted - quarantined

C:\dell\DOCMRT\Main\ul.exe a variant of Win32/Adware.ADON application deleted - quarantined

C:\Qoobox\Quarantine\C\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe.vir a variant of Win32/Injector.DTR trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.vir a variant of Win32/Injector.DTR trojan cleaned by deleting - quarantined

C:\Users\Stefan\Desktop\requested-files[2011-01-22_16_28].cab a variant of Win32/Wimpixo.AA trojan deleted - quarantined

C:\_OTL\MovedFiles\01222011_171439\C_Windows\SysWOW64\FastUv32.dll a variant of Win32/Wimpixo.AA trojan cleaned by deleting - quarantined

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Okay, let's try with MBAM and then let me know how are things now.

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.