Antivirus 2009 Issues - ran MBAM but still broken... [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Antivirus 2009 Issues - ran MBAM but still broken... [Solved]

Options

davidstan View Member Profile	Nov 4 2009, 06:48 PM Post #1
Member Posts: 24 OS: Windows XP Media	I had this problem 90% fixed (and this was probably the issue - I didn't complete the clean last week when I should have...) Antivirus 2009 was popping up, and most .exe were blocked - I was able to get MalwareBytes to run (by opening it during the startup), and it found 14 files, I fixed them, but now it is still not working properly. I tried to run exehelper, but no go. I can get explorer open (usually), but only about half the other apps on my desktop... Can't get OTL, etc and others in suggested fixes to download. TIA -David

mpascal View Member Profile	Nov 5 2009, 01:02 AM Post #2
GeekU Senior Posts: 1,350 From: Canada OS: Windows 7 Professional, Ubuntu 9.10	Hi davidstan, Welcome to Geeks To Go! My name is mpascal, and I will be helping you fix your problem. Please keep in mind that I am still in training, so there may be a delay between replies. This is so that my posts can be checked by a resident expert, ensuring an accurate response that will get your computer back to normal as soon as possible. Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible: Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask. Please do not do anything or perform other steps unless I have asked you to do so. Please make sure you post all logs I ask you to, and make sure that the entire log gets posted. If you are unsure of how to reply, or need help with anything regarding the website, please look here I also recommend that you print these instructions as you may be required to boot in safe mode I'm currently getting a response checked by an expert, and will get back to you as soon as possible.

davidstan View Member Profile	Nov 5 2009, 07:59 AM Post #3
Member Posts: 24 OS: Windows XP Media	Hi I was able to get MalwBytes and Kapersky to run last night - (and now it is working much better...) (but still not right...) This post has been edited by davidstan: Nov 5 2009, 02:29 PM

mpascal View Member Profile	Nov 5 2009, 03:16 PM Post #4
GeekU Senior Posts: 1,350 From: Canada OS: Windows 7 Professional, Ubuntu 9.10	Hi davidstan, STEP 1 - Win32kDiag Please download Win32kDiag from one of the links below and save it to your desktop: Link 1 Link 2 Link 3 Double-click on Win32kDiag.exe to run the program - if you are running Windows Vista, right click and select "Run as Administrator" A black command prompt window should open, and begin to scan. Keep in mind that this scan may take a while. Once it has finished, you should see a message in the command prompt that says "Finished! Press any key to exit.." - press any key now. A log file named Win32kdiag.txt will be created on your desktop. Please copy and paste this in your next reply STEP 2 - Reply Please reply with the following: Win32kDiag Log

davidstan View Member Profile	Nov 5 2009, 05:55 PM Post #5
Member Posts: 24 OS: Windows XP Media	I don't think this worked.... Running from: C:\Documents and Settings\Admin\Desktop\DiagTools\Win32kDiag.exe Log file at : C:\Documents and Settings\Admin\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!

mpascal View Member Profile	Nov 6 2009, 01:12 AM Post #6
GeekU Senior Posts: 1,350 From: Canada OS: Windows 7 Professional, Ubuntu 9.10	Hi, Looks like it worked OK, that's what we want it to say I'll have some more instruction for you tomorrow.

mpascal View Member Profile	Nov 6 2009, 11:54 AM Post #7
GeekU Senior Posts: 1,350 From: Canada OS: Windows 7 Professional, Ubuntu 9.10	Hi davidstan, STEP 1 - RootRepeal Download RootRepeal from one of the following locations and save it to your desktop: Link 1. Link 2 Link 3 Double click to start the program Click on the Report tab at the bottom of the program window Click the button In the Select Scan dialog, check: Drivers Files Processes SSDT Stealth Objects Hidden Services Shadow SSDT Click the OK button In the next dialog, select all drives showing Click OK to start the scan Note: The scan can take some time. DO NOT* run any other programs while the scan is running* When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt Go to File, then Exit to close the program If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post STEP 2 - OTL Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply. STEP 3 - Reply Please reply with the following: RootRepeal Log OTL Log

davidstan View Member Profile	Nov 6 2009, 01:07 PM Post #8
Member Posts: 24 OS: Windows XP Media	I ran OTL and RootRepeal I can't attach (attachment editor won't open..) ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/06 13:31 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA97C4000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7B36000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA84C0000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: c:\documents and settings\admin\local settings\temp\~df265a.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\documents and settings\admin\local settings\temp\~df35f0.tmp Status: Allocation size mismatch (API: 65536, Raw: 16384) Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\bases\cache\av1af.tmp Status: Allocation size mismatch (API: 19423232, Raw: 0) SSDT ------------------- #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f535ee #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f53e6e #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f54984 #: 035 Function Name: NtCreateEvent Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f54ef6 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f54150 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52498 #: 043 Function Name: NtCreateMutant Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f54dce #: 044 Function Name: NtCreateNamedPipeFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f531f4 #: 046 Function Name: NtCreatePort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f54c8a #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f533b0 #: 051 Function Name: NtCreateSemaphore Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f55028 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f56c6a #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f53b0c #: 056 Function Name: NtCreateWaitablePort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f54d2c #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f5665c #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52a5c #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52dea #: 066 Function Name: NtDeviceIoControlFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f545d8 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f5762c #: 071 Function Name: NtEnumerateKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52f2c #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52fd6 #: 084 Function Name: NtFsControlFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f543e4 #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f566ee #: 098 Function Name: NtLoadKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52474 #: 099 Function Name: NtLoadKey2 Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52486 #: 108 Function Name: NtMapViewOfSection Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f56d1e #: 111 Function Name: NtNotifyChangeKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f53122 #: 114 Function Name: NtOpenEvent Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f54f98 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f53ef0 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f5263e #: 120 Function Name: NtOpenMutant Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f54e66 #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f537f4 #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f56c94 #: 126 Function Name: NtOpenSemaphore Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f550ca #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f53718 #: 160 Function Name: NtQueryKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f53080 #: 161 Function Name: NtQueryMultipleValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52ca8 #: 167 Function Name: NtQuerySection Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f57036 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f528f8 #: 180 Function Name: NtQueueApcThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f56984 #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52b70 #: 193 Function Name: NtReplaceKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52312 #: 194 Function Name: NtReplyPort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f55454 #: 195 Function Name: NtReplyWaitReceivePort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f5531a #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f563fc #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f59e8e #: 206 Function Name: NtResumeThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f5750e #: 207 Function Name: NtSaveKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f522aa #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f546be #: 213 Function Name: NtSetContextThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f53d2a #: 230 Function Name: NtSetInformationToken Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f55cac #: 237 Function Name: NtSetSecurityObject Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f567e8 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f57176 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f52780 #: 253 Function Name: NtSuspendProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f5725a #: 254 Function Name: NtSuspendThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f57382 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f56588 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f5396c #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f538c2 #: 267 Function Name: NtUnmapViewOfSection Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f56eec #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f53a4c Shadow SSDT ------------------- #: 013 Function Name: NtGdiBitBlt Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64c76 #: 227 Function Name: NtGdiMaskBlt Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64d40 #: 237 Function Name: NtGdiPlgBlt Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64daa #: 292 Function Name: NtGdiStretchBlt Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64cda #: 307 Function Name: NtUserAttachThreadInput Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f6488a #: 312 Function Name: NtUserBuildHwndList Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64e0c #: 323 Function Name: NtUserCallOneParam Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64c42 #: 378 Function Name: NtUserFindWindowEx Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64a78 #: 383 Function Name: NtUserGetAsyncKeyState Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f647f2 #: 414 Function Name: NtUserGetKeyboardState Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64b7a #: 416 Function Name: NtUserGetKeyState Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f6483e #: 460 Function Name: NtUserMessageCall Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f649ca #: 475 Function Name: NtUserPostMessage Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64920 #: 476 Function Name: NtUserPostThreadMessage Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64974 #: 491 Function Name: NtUserRegisterRawInputDevices Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64b0a #: 502 Function Name: NtUserSendInput Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64a2a #: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64742 #: 552 Function Name: NtUserSetWinEventHook Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa9f64798 ==EOF== reated on: 11/6/2009 2:00:43 PM - Run 2 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Admin\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1014.07 Mb Total Physical Memory \| 438.61 Mb Available Physical Memory \| 43.25% Memory free 2.38 Gb Paging File \| 1.99 Gb Available in Paging File \| 83.35% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 107.09 Gb Total Space \| 52.34 Gb Free Space \| 48.87% Space Free \| Partition Type: NTFS Drive D: \| 37.24 Gb Total Space \| 0.52 Gb Free Space \| 1.39% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D5MXCY91 Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( ) PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) PRC - C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe () PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) SRV - (GEARSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software) SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation) ========== Driver Services (SafeList) ========== DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab) DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab) DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (GearAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (SymSnap) -- C:\WINDOWS\system32\drivers\SymSnap.sys (StorageCraft) DRV - (V2IMount) -- C:\WINDOWS\system32\drivers\V2iMount.sys (Symantec Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP) DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP) DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP) DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/28 10:44:01 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/17 19:11:45 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/03 19:41:01 \| 00,000,000 \| ---D \| M] O1 HOSTS File: (148 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 193.169.12.50 winguard2009.microsoft.com O1 - Hosts: 193.169.12.50 winguard-2009.com O1 - Hosts: 193.169.12.50 www.winguard-2009.com O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll ( ) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll ( ) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe File not found O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [DellTransferAgent] C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( ) O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O21 - SSODL: kujinutas - {db56cc15-a137-4fc9-8947-318e6e62efd3} - C:\WINDOWS\System32\wakozawa.dll File not found O22 - SharedTaskScheduler: {db56cc15-a137-4fc9-8947-318e6e62efd3} - kupuhivus - C:\WINDOWS\System32\wakozawa.dll File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 03:43:04 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/06 14:00:10 \| 00,528,896 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe [2009/11/06 13:26:45 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\Admin\Desktop\RootRepeal.exe [2009/11/06 09:23:27 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\AOL [2009/11/05 00:55:52 \| 00,000,000 \| ---D \| C] -- C:\abcd6634a [2009/11/05 00:54:22 \| 00,000,000 \| ---D \| C] -- C:\abcd22185a [2009/11/04 21:40:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Kaspersky Lab [2009/11/04 21:40:24 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2009/11/04 21:39:17 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2009/11/04 21:05:49 \| 67,291,088 \| ---- \| C] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\kav2010_9.0.0.736en.exe [2009/10/30 18:29:34 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Identities [2009/10/30 10:08:30 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Desktop\CLPics [2009/10/28 12:37:25 \| 04,045,528 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup.exe [2009/10/28 10:45:09 \| 25,198,016 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/10/28 10:32:41 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\temp [2009/10/28 08:59:21 \| 00,000,000 \| ---D \| C] -- C:\abcd30018a [2009/10/27 19:27:08 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/27 19:27:07 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/27 19:27:07 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/27 19:11:07 \| 00,153,088 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll [2009/10/27 19:10:54 \| 01,315,328 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll [2009/10/27 19:09:58 \| 00,128,512 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx [2009/10/27 17:54:14 \| 00,050,176 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe [2009/10/27 17:54:14 \| 00,050,176 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe [2009/10/27 17:43:09 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/10/27 17:40:17 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/27 17:40:17 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/27 17:40:17 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/27 17:40:17 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/27 17:40:08 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/27 17:40:07 \| 00,000,000 \| ---D \| C] -- C:\abcd [2009/10/27 12:49:44 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\NtmsData [2009/10/27 12:11:37 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/26 23:47:18 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\BitDefender [2009/10/26 23:45:48 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\BitDefender [2009/10/26 22:59:27 \| 03,550,592 \| ---- \| C] (Sysinternals - www.sysinternals.com) -- C:\explorer.exe.exe [2009/10/26 20:06:28 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Desktop\1026crash [2009/10/26 20:05:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Desktop\DiagTools [2009/10/26 19:59:20 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/10/26 16:59:55 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2009/10/26 16:54:25 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Runscanner.net [2009/10/20 20:34:56 \| 00,219,664 \| ---- \| C] (Kaspersky Lab) -- C:\WINDOWS\System32\klogon.dll [2009/10/17 00:37:17 \| 00,039,036 \| ---- \| C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbmodem.sys [2009/10/17 00:37:17 \| 00,038,144 \| ---- \| C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbdiag.sys [2009/10/17 00:37:17 \| 00,021,344 \| ---- \| C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbbus.sys [2009/10/17 00:37:16 \| 00,000,000 \| ---D \| C] -- C:\Program Files\LG Electronics [2009/10/17 00:35:32 \| 00,044,544 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll [2009/10/17 00:35:30 \| 01,703,936 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2009/10/17 00:35:30 \| 00,244,416 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msflxgrd.ocx [2009/10/17 00:35:29 \| 00,798,773 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCO42D.DLL [2009/10/17 00:35:29 \| 00,419,240 \| ---- \| C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx [2009/10/17 00:35:17 \| 00,929,844 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC42D.DLL [2009/10/17 00:35:17 \| 00,434,252 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCRTD.DLL [2009/10/17 00:35:17 \| 00,291,840 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcirtd.dll [2009/10/17 00:34:23 \| 00,000,000 \| ---D \| C] -- C:\Program Files\LGE GSM PC Sync [2009/10/14 21:18:34 \| 00,036,880 \| ---- \| C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys [2009/10/14 11:12:36 \| 00,315,408 \| ---- \| C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] [1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/06 14:00:14 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe [2009/11/06 13:40:00 \| 00,000,882 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009/11/06 13:29:14 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\Admin\Desktop\settings.dat [2009/11/06 13:26:45 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\Admin\Desktop\RootRepeal.exe [2009/11/06 12:40:03 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/11/06 06:40:01 \| 00,000,878 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/11/05 18:50:25 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/05 18:50:18 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/11/05 18:50:17 \| 10,634,07616 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/05 18:44:41 \| 03,407,872 \| -H-- \| M] () -- C:\Documents and Settings\Admin\NTUSER.DAT [2009/11/05 18:44:41 \| 00,000,178 \| -HS- \| M] () -- C:\Documents and Settings\Admin\ntuser.ini [2009/11/05 01:07:06 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/11/04 21:52:29 \| 00,000,148 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/04 21:41:28 \| 00,108,059 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\klin.dat [2009/11/04 21:41:28 \| 00,095,259 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\klick.dat [2009/11/04 21:05:49 \| 67,291,088 \| ---- \| M] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\kav2010_9.0.0.736en.exe [2009/11/04 20:30:36 \| 00,267,264 \| ---- \| M] () -- C:\WINDOWS\PEV.exe [2009/11/02 21:04:50 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/11/01 20:26:09 \| 00,524,016 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/01 20:26:09 \| 00,442,466 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/01 20:26:09 \| 00,071,732 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/01 10:22:50 \| 00,038,878 \| ---- \| M] () -- C:\Documents and Settings\Admin\Desktop\figures.bmp [2009/10/30 18:29:47 \| 01,974,006 \| ---- \| M] () -- C:\Documents and Settings\Admin\Desktop\check.bmp [2009/10/30 11:58:12 \| 00,001,394 \| ---- \| M] () -- C:\Documents and Settings\Admin\Desktop\Media Center.lnk [2009/10/29 21:55:47 \| 03,778,304 \| -H-- \| M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db [2009/10/29 02:14:13 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/28 13:30:28 \| 00,000,508 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/10/28 12:38:13 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/28 12:37:25 \| 04,045,528 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup.exe [2009/10/28 10:26:17 \| 00,011,168 \| -H-- \| M] () -- C:\WINDOWS\System32\gitehadi [2009/10/27 17:43:15 \| 00,000,279 \| RHS- \| M] () -- C:\boot.ini [2009/10/27 16:37:33 \| 00,064,184 \| ---- \| M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/10/27 12:49:26 \| 00,256,656 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/10/27 12:41:58 \| 03,153,920 \| ---- \| M] () -- C:\Documents and Settings\Admin\secsetup.sdb [2009/10/26 23:03:10 \| 00,000,209 \| ---- \| M] () -- C:\Boot.bak [2009/10/26 22:59:27 \| 03,550,592 \| ---- \| M] (Sysinternals - www.sysinternals.com) -- C:\explorer.exe.exe [2009/10/25 06:11:34 \| 00,077,312 \| ---- \| M] () -- C:\WINDOWS\MBR.exe [2009/10/22 16:15:46 \| 00,274,595 \| ---- \| M] () -- C:\Documents and Settings\Admin\Desktop\BDay09.JPG [2009/10/22 04:19:04 \| 05,939,712 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009/10/22 04:19:04 \| 05,939,712 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009/10/20 20:34:56 \| 00,219,664 \| ---- \| M] (Kaspersky Lab) -- C:\WINDOWS\System32\klogon.dll [2009/10/20 14:51:28 \| 00,007,520 \| -HS- \| M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009/10/20 13:33:15 \| 00,000,664 \| ---- \| M] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/10/17 00:35:39 \| 00,000,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\LG InternetCube.lnk [2009/10/17 00:34:26 \| 00,000,695 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\LG Mobile Sync.lnk [2009/10/14 21:18:34 \| 00,036,880 \| ---- \| M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys [2009/10/14 11:12:36 \| 00,315,408 \| ---- \| M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] [1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/06 13:29:14 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\Admin\Desktop\settings.dat [2009/11/04 21:41:28 \| 00,108,059 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\klin.dat [2009/11/04 21:41:28 \| 00,095,259 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\klick.dat [2009/11/01 10:22:50 \| 00,038,878 \| ---- \| C] () -- C:\Documents and Settings\Admin\Desktop\figures.bmp [2009/10/30 18:29:47 \| 01,974,006 \| ---- \| C] () -- C:\Documents and Settings\Admin\Desktop\check.bmp [2009/10/30 11:54:13 \| 00,274,595 \| ---- \| C] () -- C:\Documents and Settings\Admin\Desktop\BDay09.JPG [2009/10/28 12:38:13 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/27 17:43:15 \| 00,000,209 \| ---- \| C] () -- C:\Boot.bak [2009/10/27 17:43:12 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/10/27 17:40:17 \| 00,267,264 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/27 17:40:17 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/27 17:40:17 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/27 17:40:17 \| 00,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2009/10/27 17:40:17 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/10/27 12:41:57 \| 03,153,920 \| ---- \| C] () -- C:\Documents and Settings\Admin\secsetup.sdb [2009/10/26 23:03:15 \| 00,000,864 \| ---- \| C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2009/10/26 23:03:15 \| 00,000,493 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk [2009/10/17 00:35:39 \| 00,000,729 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\LG InternetCube.lnk [2009/10/17 00:35:30 \| 00,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\CSDLGE1LIB.dll [2009/10/17 00:34:26 \| 00,000,695 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\LG Mobile Sync.lnk [2009/08/29 11:18:41 \| 00,019,976 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\ujynanacez.db [2009/06/16 11:42:04 \| 00,061,678 \| ---- \| C] () -- C:\Documents and Settings\Admin\Application Data\PFP120JPR.{PB [2009/06/16 11:42:04 \| 00,012,358 \| ---- \| C] () -- C:\Documents and Settings\Admin\Application Data\PFP120JCM.{PB [2009/06/01 20:22:19 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2009/05/23 08:22:06 \| 00,000,088 \| RHS- \| C] () -- C:\WINDOWS\System32\00FF866790.sys [2009/05/13 20:29:20 \| 00,007,520 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009/05/13 20:29:20 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\906786FF00.sys [2009/05/12 21:00:51 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2009/05/12 20:47:48 \| 00,064,184 \| ---- \| C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/05/12 20:26:28 \| 00,000,380 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/05/12 20:26:00 \| 00,077,824 \| ---- \| C] () -- C:\WINDOWS\System32\hpzids01.dll [2009/05/12 16:44:20 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Admin\Application Data\desktop.ini [2009/05/12 16:44:19 \| 03,778,304 \| -H-- \| C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db [2009/05/12 16:44:19 \| 00,000,128 \| ---- \| C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat [2007/12/27 07:14:25 \| 00,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\PosTickerLib.dll [2006/06/29 13:58:52 \| 00,030,808 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 \| 00,026,489 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/05/03 19:18:10 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2006/05/03 19:14:11 \| 00,000,126 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2006/05/03 19:08:02 \| 00,712,704 \| ---- \| C] () -- C:\WINDOWS\System32\DellSystemRestore.dll [2006/05/03 18:37:02 \| 00,000,392 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/18 14:39:28 \| 00,029,779 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 \| 00,026,040 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2005/11/10 07:56:34 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2005/09/23 07:52:14 \| 00,207,872 \| ---- \| C] () -- C:\WINDOWS\System32\OneWay.dll [2005/08/16 03:37:24 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 03:33:24 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 03:18:43 \| 00,000,508 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/08/16 03:18:41 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/08/05 13:01:54 \| 00,239,104 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C < End of report >

mpascal View Member Profile	Nov 6 2009, 06:01 PM Post #9
GeekU Senior Posts: 1,350 From: Canada OS: Windows 7 Professional, Ubuntu 9.10	Hi davidstan, STEP 1 - OTL Fix Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL O1 - Hosts: 193.169.12.50 winguard2009.microsoft.com O1 - Hosts: 193.169.12.50 winguard-2009.com O1 - Hosts: 193.169.12.50 www.winguard-2009.com O21 - SSODL: kujinutas - {db56cc15-a137-4fc9-8947-318e6e62efd3} - C:\WINDOWS\System32\wakozawa.dll File not found O22 - SharedTaskScheduler: {db56cc15-a137-4fc9-8947-318e6e62efd3} - kupuhivus - C:\WINDOWS\System32\wakozawa.dll File not found [2009/10/28 10:26:17 \| 00,011,168 \| -H-- \| M] () -- C:\WINDOWS\System32\gitehadi [2009/10/17 00:35:30 \| 00,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\CSDLGE1LIB.dll [2009/08/29 11:18:41 \| 00,019,976 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\ujynanacez.db [2009/05/23 08:22:06 \| 00,000,088 \| RHS- \| C] () -- C:\WINDOWS\System32\00FF866790.sys [2009/05/13 20:29:20 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\906786FF00.sys [2009/10/26 22:59:27 \| 03,550,592 \| ---- \| C] (Sysinternals - www.sysinternals.com) -- C:\explorer.exe.exe :Commands [purity] [emptytemp] [Reboot] :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. STEP 2 - Systemlook Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following code box into the main text field: CODE :dir C:\abcd6634a C:\abcd22185a C:\abcd30018a C:\abcd Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt STEP 3 - MBAM Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. STEP 4 - Reply Please reply with the following: MBAM Log Systemlook Log

davidstan View Member Profile	Nov 6 2009, 11:00 PM Post #10
Member Posts: 24 OS: Windows XP Media	Malwarebytes' Anti-Malware 1.41 Database version: 3103 Windows 5.1.2600 Service Pack 3 11/6/2009 11:57:26 PM mbam-log-2009-11-06 (23-57-26).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 204837 Time elapsed: 30 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 23:14 on 06/11/2009 by Admin (Administrator - Elevation successful) ========== dir ========== C:\abcd6634a - Parameters: "(none)" ---Files--- None found. ---Folders--- None found. C:\abcd22185a - Parameters: "(none)" ---Files--- 023.dat --a--- 39608 bytes [05:51 05/11/2009] [23:28 18/10/2009] 023v.dat --a--- 2128 bytes [05:51 05/11/2009] [05:36 21/10/2009] 023w7.dat --a--- 661 bytes [05:51 05/11/2009] [05:36 21/10/2009] appinit.bad --a--- 6760 bytes [05:51 05/11/2009] [13:00 31/08/2000] asp.str --a--- 602 bytes [05:51 05/11/2009] [04:09 14/07/2009] AspackDie.cfxxe -ra--- 13312 bytes [05:51 05/11/2009] [16:09 04/12/2006] Assoc.cmd --a--- 3927 bytes [05:51 05/11/2009] [19:51 26/10/2009] ATTRIB.cfxxe -ra--- 12288 bytes [05:52 05/11/2009] [00:12 14/04/2008] Auto-RC.cmd --a--- 3034 bytes [05:51 05/11/2009] [07:46 29/07/2009] av.cmd --a--- 1666 bytes [05:51 05/11/2009] [14:49 16/10/2009] av.vbs --a--- 1464 bytes [05:51 05/11/2009] [23:09 13/05/2009] AWF.cmd --a--- 647 bytes [05:51 05/11/2009] [10:27 23/10/2009] badclsid.c --a--- 793855 bytes [05:51 05/11/2009] [04:21 28/10/2009] Boot-Rk.cmd --a--- 2346 bytes [05:51 05/11/2009] [22:11 27/10/2009] Boot.bat --a--- 7806 bytes [05:51 05/11/2009] [22:11 27/10/2009] BootSect.dll --a--- 7680 bytes [05:51 05/11/2009] [13:00 31/08/2000] c.bat --a--- 51128 bytes [05:51 05/11/2009] [22:24 27/10/2009] Catch-sub.cmd --a--- 737 bytes [05:51 05/11/2009] [07:45 14/09/2009] catchme.cfxxe -ra--- 147456 bytes [05:51 05/11/2009] [22:37 17/04/2009] CCS.bat --a--- 91 bytes [05:54 05/11/2009] [05:54 05/11/2009] CF-Script.cmd --a--- 27130 bytes [05:51 05/11/2009] [19:53 26/10/2009] CF28390.exe --a--- 389120 bytes [05:54 05/11/2009] [05:51 05/11/2009] CFVersionOld --a--- 13 bytes [05:52 05/11/2009] [05:52 05/11/2009] CHCP.bat --a--- 16 bytes [05:52 05/11/2009] [05:52 05/11/2009] clsid.c --a--- 238810 bytes [05:51 05/11/2009] [04:21 28/10/2009] Combo-Fix.sys --a--- 1024 bytes [05:51 05/11/2009] [13:00 31/08/2000] Combobatch.bat --a--- 7316 bytes [05:51 05/11/2009] [19:53 26/10/2009] ComboFix-Download.cfxxe -ra--- 141312 bytes [05:51 05/11/2009] [13:00 31/08/2000] Create.cmd --a--- 6770 bytes [05:51 05/11/2009] [10:33 23/10/2009] Creg.dat --a--- 643715 bytes [05:51 05/11/2009] [14:40 27/10/2009] CregC.cmd --a--- 2894 bytes [05:51 05/11/2009] [19:53 26/10/2009] CregC.dat --a--- 406 bytes [05:51 05/11/2009] [11:58 15/08/2009] CSCRIPT.cfxxe -ra--- 135168 bytes [05:52 05/11/2009] [09:07 07/05/2008] CSet.cmd --a--- 1688 bytes [05:51 05/11/2009] [15:08 25/05/2009] dd.cfxxe -ra--- 101376 bytes [05:51 05/11/2009] [13:00 31/08/2000] ddsDo.sed --a--- 7983 bytes [05:51 05/11/2009] [14:59 25/05/2009] DelClsid.bat --a--- 1689 bytes [05:51 05/11/2009] [19:54 26/10/2009] desktop.ini --a--- 113 bytes [05:54 05/11/2009] [05:54 05/11/2009] dosdev.exe --a--- 7168 bytes [05:51 05/11/2009] [20:47 19/03/2007] DPF.str --a--- 746 bytes [05:51 05/11/2009] [13:00 31/08/2000] dumphive.cfxxe -ra--- 51200 bytes [05:51 05/11/2009] [13:00 31/08/2000] embedded.sed --a--- 303 bytes [05:51 05/11/2009] [13:00 31/08/2000] ERDNT.e_e --a--- 163328 bytes [05:51 05/11/2009] [01:02 21/10/2005] ERDNTDOS.LOC --a--- 2815 bytes [05:51 05/11/2009] [13:00 31/08/2000] ERDNTWIN.LOC --a--- 3275 bytes [05:51 05/11/2009] [13:00 31/08/2000] ERUNT.cfxxe -ra--- 157696 bytes [05:51 05/11/2009] [01:00 21/10/2005] erunt.dat --a--- 10 bytes [05:54 05/11/2009] [05:54 05/11/2009] ERUNT.LOC --a--- 4090 bytes [05:51 05/11/2009] [13:00 31/08/2000] eXereg.exe --a--- 28190 bytes [05:51 05/11/2009] [00:56 26/10/2009] extract.cfxxe -ra--- 52736 bytes [05:51 05/11/2009] [13:00 31/08/2000] FD-SV.cmd --a--- 3694 bytes [05:51 05/11/2009] [10:18 23/10/2009] ffdefstr.dll --a--- 36903 bytes [05:51 05/11/2009] [07:54 01/09/2009] FileKill.cfxxe -ra--- 145920 bytes [05:51 05/11/2009] [13:00 31/08/2000] files.pif --a--- 2340 bytes [05:51 05/11/2009] [04:21 28/10/2009] Fin.dat --a--- 660 bytes [05:51 05/11/2009] [08:54 12/08/2009] FIND3M.bat --a--- 30267 bytes [05:51 05/11/2009] [19:54 26/10/2009] FINDSTR.cfxxe -ra--- 27136 bytes [05:52 05/11/2009] [00:12 14/04/2008] FIXLSP.bat --a--- 4759 bytes [05:51 05/11/2009] [19:54 26/10/2009] FKMGen.cmd --a--- 1113 bytes [05:51 05/11/2009] [10:35 23/10/2009] ForceLibrary.dll --a--- 10240 bytes [05:51 05/11/2009] [20:03 15/02/2001] ForeignWht --a--- 880 bytes [05:54 05/11/2009] [05:54 05/11/2009] GetHive.cmd --a--- 5969 bytes [05:51 05/11/2009] [19:54 26/10/2009] grep.cfxxe -ra--- 80412 bytes [05:51 05/11/2009] [13:00 31/08/2000] gsar.cfxxe -ra--- 15360 bytes [05:51 05/11/2009] [13:00 31/08/2000] handle.cfxxe -ra--- 181776 bytes [05:51 05/11/2009] [13:00 31/08/2000] hidec.exe --a--- 1536 bytes [05:51 05/11/2009] [06:54 16/08/2005] history.bat --a--- 954 bytes [05:51 05/11/2009] [22:25 20/10/2009] iexplore.exe --a--- 31232 bytes [05:51 05/11/2009] [17:56 20/04/2009] image001.gif --a--- 1057 bytes [05:51 05/11/2009] [13:00 31/08/2000] Install-RC.cmd --a--- 5664 bytes [05:51 05/11/2009] [10:36 23/10/2009] katch.cmd --a--- 1008 bytes [05:51 05/11/2009] [03:53 28/10/2009] Kill-All.cmd --a--- 1575 bytes [05:51 05/11/2009] [15:14 18/10/2009] kmd.dat --a--- 13 bytes [05:54 05/11/2009] [05:54 05/11/2009] Lang.bat --a--- 194504 bytes [05:51 05/11/2009] [00:09 16/10/2009] List-B.bat --a--- 42675 bytes [05:51 05/11/2009] [14:39 27/10/2009] List-C.bat --a--- 234807 bytes [05:51 05/11/2009] [14:21 27/10/2009] List-D.bat --a--- 93038 bytes [05:51 05/11/2009] [20:00 26/10/2009] List.bat --a--- 701591 bytes [05:51 05/11/2009] [14:37 27/10/2009] lnkread.vbs --a--- 2428 bytes [05:51 05/11/2009] [13:00 31/08/2000] LocalService.dat --a--- 225 bytes [05:51 05/11/2009] [13:00 31/08/2000] LocalServiceNetworkRestricted.dat --a--- 91 bytes [05:51 05/11/2009] [13:00 31/08/2000] LocalSystemNetworkRestricted.dat --a--- 198 bytes [05:51 05/11/2009] [13:00 31/08/2000] mbr.cfxxe -ra--- 77312 bytes [05:51 05/11/2009] [11:11 25/10/2009] md5sum.pif --a--- 5066 bytes [05:51 05/11/2009] [04:21 28/10/2009] Mirrors --a--- 138 bytes [05:54 05/11/2009] [05:54 05/11/2009] MoveIt.bat --a--- 2370 bytes [05:51 05/11/2009] [22:25 20/10/2009] mtee.cfxxe -ra--- 11264 bytes [05:51 05/11/2009] [13:00 31/08/2000] mynul.dat --a--- 0 bytes [05:51 05/11/2009] [13:00 31/08/2000] n.pif --a--- 31232 bytes [05:51 05/11/2009] [17:56 20/04/2009] ncmd.cfxxe -ra--- 2010 bytes [05:51 05/11/2009] [20:55 24/10/2009] ndis_combofix.dat --a--- 287 bytes [05:51 05/11/2009] [13:00 31/08/2000] ND_.bat --a--- 25367 bytes [05:51 05/11/2009] [22:23 27/10/2009] netsvc.bad.dat --a--- 482 bytes [05:51 05/11/2009] [22:04 02/09/2009] netsvc.dat --a--- 159 bytes [05:51 05/11/2009] [13:00 31/08/2000] netsvc.vista.dat --a--- 481 bytes [05:51 05/11/2009] [13:00 31/08/2000] netsvc.xp.dat --a--- 525 bytes [05:51 05/11/2009] [13:00 31/08/2000] NetworkService.dat --a--- 88 bytes [05:51 05/11/2009] [13:00 31/08/2000] NirCmd.cfxxe -ra--- 31232 bytes [05:51 05/11/2009] [17:56 20/04/2009] NircmdB.exe --a--- 31232 bytes [05:52 05/11/2009] [17:56 20/04/2009] NirCmdC.cfxxe -ra--- 30720 bytes [05:51 05/11/2009] [17:56 20/04/2009] NlsLanguageDefault --a--- 6 bytes [05:52 05/11/2009] [05:52 05/11/2009] NT-OS.cmd --a--- 16178 bytes [05:51 05/11/2009] [20:00 26/10/2009] NULL --a--- 0 bytes [05:54 05/11/2009] [05:54 05/11/2009] OSid.vbs --a--- 977 bytes [05:51 05/11/2009] [13:00 31/08/2000] OsVer --a--- 43 bytes [05:52 05/11/2009] [05:52 05/11/2009] PEV.cfxxe -ra--- 236544 bytes [05:52 05/11/2009] [13:10 11/10/2009] pev.exe --a--- 236544 bytes [05:51 05/11/2009] [13:10 11/10/2009] PING.cfxxe -ra--- 17920 bytes [05:52 05/11/2009] [00:12 14/04/2008] Policies.dat --a--- 2992 bytes [05:51 05/11/2009] [08:51 06/07/2009] Prep.inf --a--- 2374 bytes [05:51 05/11/2009] [09:54 14/08/2009] Purity.dat --a--- 404 bytes [05:51 05/11/2009] [13:00 31/08/2000] PV.cfxxe -ra--- 73728 bytes [04:42 03/03/2006] [04:42 03/03/2006] pv.com --a--- 73728 bytes [05:51 05/11/2009] [04:42 03/03/2006] RCLink.dat --a--- 7478 bytes [05:51 05/11/2009] [13:00 31/08/2000] REGDACL.sed --a--- 3558 bytes [05:51 05/11/2009] [13:00 31/08/2000] RegDo.sed --a--- 9203 bytes [05:51 05/11/2009] [13:00 31/08/2000] region.dat --a--- 1149 bytes [05:51 05/11/2009] [07:29 23/05/2009] RegScan.cmd --a--- 62817 bytes [05:51 05/11/2009] [20:02 26/10/2009] Resident.txt --a--- 105 bytes [05:52 05/11/2009] [05:54 05/11/2009] restore_pt.vbs --a--- 587 bytes [05:51 05/11/2009] [03:26 02/05/2009] Rkey.cmd --a--- 241 bytes [05:51 05/11/2009] [13:00 31/08/2000] rogues.dat --a--- 820 bytes [05:51 05/11/2009] [13:00 31/08/2000] ROUTE.cfxxe -ra--- 19968 bytes [05:52 05/11/2009] [09:00 10/08/2004] run2.sed --a--- 287 bytes [05:51 05/11/2009] [13:00 31/08/2000] Rust.str --a--- 30 bytes [05:51 05/11/2009] [16:38 10/06/2009] safeboot.dat --a--- 329 bytes [05:51 05/11/2009] [13:00 31/08/2000] safeboot.def.dat --a--- 1464 bytes [05:51 05/11/2009] [07:25 10/06/2009] safeboot.def.vista.dat --a--- 463 bytes [05:51 05/11/2009] [13:00 31/08/2000] Safeboot.def.w7.dat --a--- 585 bytes [05:51 05/11/2009] [17:00 18/10/2009] sed.cfxxe -ra--- 98816 bytes [05:51 05/11/2009] [13:00 31/08/2000] SetEnvmt.bat --a--- 14774 bytes [05:51 05/11/2009] [20:03 26/10/2009] setpath.cfxxe -ra--- 30251 bytes [05:51 05/11/2009] [20:37 18/10/2009] SF.exe --a--- 49152 bytes [19:42 10/06/2006] [19:42 10/06/2006] sfx.cmd --a--- 14 bytes [05:52 05/11/2009] [05:52 05/11/2009] SnapShot.cmd --a--- 3383 bytes [05:51 05/11/2009] [20:03 26/10/2009] SRestore.cmd --a--- 2129 bytes [05:51 05/11/2009] [20:03 26/10/2009] srizbi.md5 --a--- 56474 bytes [05:51 05/11/2009] [11:37 25/10/2009] Start_dat --a--- 2 bytes [05:54 05/11/2009] [05:54 05/11/2009] SuppScan.cmd --a--- 19937 bytes [05:51 05/11/2009] [20:03 26/10/2009] SvcDrv.vbs --a--- 2176 bytes [05:51 05/11/2009] [13:00 31/08/2000] svchost.dat --a--- 555 bytes [05:51 05/11/2009] [13:00 31/08/2000] svchost.vista.dat --a--- 668 bytes [05:51 05/11/2009] [13:00 31/08/2000] svchost.w7.dat --a--- 956 bytes [05:51 05/11/2009] [17:14 18/10/2009] svchost.w7.x64.dat --a--- 290 bytes [05:51 05/11/2009] [05:08 22/10/2009] svc_wht.dat --a--- 12073 bytes [05:51 05/11/2009] [09:07 09/10/2009] SWREG.cfxxe -ra--- 161792 bytes [05:52 05/11/2009] [13:00 31/08/2000] swreg.exe --a--- 161792 bytes [05:51 05/11/2009] [13:00 31/08/2000] swsc.cfxxe -ra--- 136704 bytes [05:51 05/11/2009] [13:00 31/08/2000] swxcacls.cfxxe -ra--- 212480 bytes [05:51 05/11/2009] [13:00 31/08/2000] system_ini.dat --a--- 276 bytes [05:51 05/11/2009] [13:00 31/08/2000] tail.cfxxe -ra--- 35328 bytes [05:51 05/11/2009] [13:00 10/11/1999] temp00 --a--- 65 bytes [05:54 05/11/2009] [05:54 05/11/2009] toolbar.sed --a--- 413 bytes [05:51 05/11/2009] [13:00 31/08/2000] Update-CF.cmd --a--- 2919 bytes [05:51 05/11/2009] [03:53 23/10/2009] VerCF.bat --a--- 27 bytes [05:52 05/11/2009] [05:52 05/11/2009] version.txt --a--- 43 bytes [05:54 05/11/2009] [05:54 05/11/2009] VInfo -ra--- 7677 bytes [05:51 05/11/2009] [14:26 27/10/2009] vistareg.dat --a--- 14040 bytes [05:51 05/11/2009] [11:31 19/10/2009] vun.dat --a--- 1497 bytes [05:51 05/11/2009] [14:09 27/10/2009] w2kreg.dat --a--- 38734 bytes [05:51 05/11/2009] [20:49 23/10/2009] w2k_sock.dll --a--- 90202 bytes [05:51 05/11/2009] [20:34 21/06/2009] w7reg.dat --a--- 14043 bytes [05:51 05/11/2009] [21:03 23/10/2009] Wmi_rem.vbs --a--- 592 bytes [05:51 05/11/2009] [06:08 14/05/2009] w_sock.dll --a--- 98948 bytes [05:51 05/11/2009] [19:45 21/06/2009] XP.mac --a--- 40 bytes [05:52 05/11/2009] [05:52 05/11/2009] xpreg.dat --a--- 53864 bytes [05:51 05/11/2009] [20:49 23/10/2009] zDomain.dat --a--- 23773 bytes [05:51 05/11/2009] [13:00 31/08/2000] zhsvc.dat --a--- 35099 bytes [05:51 05/11/2009] [12:43 26/10/2009] zip.cfxxe -ra--- 68096 bytes [05:51 05/11/2009] [13:00 31/08/2000] ---Folders--- N_ d----- [05:54 05/11/2009] C:\abcd30018a - Parameters: "(none)" ---Files--- 023.dat --a--- 39608 bytes [13:59 28/10/2009] [22:28 18/10/2009] 023v.dat --a--- 2128 bytes [13:59 28/10/2009] [04:36 21/10/2009] 023w7.dat --a--- 661 bytes [13:59 28/10/2009] [04:36 21/10/2009] appinit.bad --a--- 6760 bytes [13:59 28/10/2009] [12:00 31/08/2000] asp.str --a--- 602 bytes [13:59 28/10/2009] [03:09 14/07/2009] AspackDie.cfxxe -ra--- 13312 bytes [13:59 28/10/2009] [15:09 04/12/2006] Assoc.cmd --a--- 3927 bytes [13:58 28/10/2009] [18:51 26/10/2009] ATTRIB.cfxxe -ra--- 12288 bytes [13:59 28/10/2009] [00:12 14/04/2008] Auto-RC.cmd --a--- 3034 bytes [13:58 28/10/2009] [06:46 29/07/2009] av.cmd --a--- 1666 bytes [13:58 28/10/2009] [13:49 16/10/2009] av.vbs --a--- 1464 bytes [13:59 28/10/2009] [22:09 13/05/2009] AWF.cmd --a--- 647 bytes [13:58 28/10/2009] [09:27 23/10/2009] badclsid.c --a--- 793855 bytes [13:59 28/10/2009] [03:21 28/10/2009] Boot-Rk.cmd --a--- 2346 bytes [13:58 28/10/2009] [21:11 27/10/2009] Boot.bat --a--- 7806 bytes [13:58 28/10/2009] [21:11 27/10/2009] BootSect.dll --a--- 7680 bytes [13:59 28/10/2009] [12:00 31/08/2000] c.bat --a--- 51128 bytes [13:58 28/10/2009] [21:24 27/10/2009] Catch-sub.cmd --a--- 737 bytes [13:58 28/10/2009] [06:45 14/09/2009] catchme.cfxxe -ra--- 147456 bytes [13:59 28/10/2009] [21:37 17/04/2009] CCS.bat --a--- 91 bytes [13:59 28/10/2009] [13:59 28/10/2009] CF-Script.cmd --a--- 27130 bytes [13:58 28/10/2009] [18:53 26/10/2009] CF29010.exe --a--- 389120 bytes [13:59 28/10/2009] [13:59 28/10/2009] CFVersionOld --a--- 13 bytes [13:59 28/10/2009] [13:59 28/10/2009] CHCP.bat --a--- 16 bytes [13:59 28/10/2009] [13:59 28/10/2009] clsid.c --a--- 238810 bytes [13:59 28/10/2009] [03:21 28/10/2009] Combo-Fix.sys --a--- 1024 bytes [13:59 28/10/2009] [12:00 31/08/2000] Combobatch.bat --a--- 7316 bytes [13:58 28/10/2009] [18:53 26/10/2009] ComboFix-Download.cfxxe -ra--- 141312 bytes [13:59 28/10/2009] [12:00 31/08/2000] ComboFix.exe --a--- 1234888 bytes [13:59 28/10/2009] [13:59 28/10/2009] Create.cmd --a--- 6770 bytes [13:58 28/10/2009] [09:33 23/10/2009] Creg.dat --a--- 643715 bytes [13:59 28/10/2009] [13:40 27/10/2009] CregC.cmd --a--- 2894 bytes [13:58 28/10/2009] [18:53 26/10/2009] CregC.dat --a--- 406 bytes [13:59 28/10/2009] [10:58 15/08/2009] CSCRIPT.cfxxe -ra--- 135168 bytes [13:59 28/10/2009] [09:07 07/05/2008] CSet.cmd --a--- 1688 bytes [13:58 28/10/2009] [14:08 25/05/2009] dd.cfxxe -ra--- 101376 bytes [13:59 28/10/2009] [12:00 31/08/2000] ddsDo.sed --a--- 7983 bytes [13:59 28/10/2009] [13:59 25/05/2009] DelClsid.bat --a--- 1689 bytes [13:58 28/10/2009] [18:54 26/10/2009] desktop.ini --a--- 113 bytes [13:59 28/10/2009] [13:59 28/10/2009] dosdev.exe --a--- 7168 bytes [13:59 28/10/2009] [19:47 19/03/2007] DPF.str --a--- 746 bytes [13:59 28/10/2009] [12:00 31/08/2000] dumphive.cfxxe -ra--- 51200 bytes [13:59 28/10/2009] [12:00 31/08/2000] embedded.sed --a--- 303 bytes [13:59 28/10/2009] [12:00 31/08/2000] ERDNT.e_e --a--- 163328 bytes [13:59 28/10/2009] [00:02 21/10/2005] ERDNTDOS.LOC --a--- 2815 bytes [13:59 28/10/2009] [12:00 31/08/2000] ERDNTWIN.LOC --a--- 3275 bytes [13:59 28/10/2009] [12:00 31/08/2000] ERUNT.cfxxe -ra--- 157696 bytes [13:59 28/10/2009] [00:00 21/10/2005] erunt.dat --a--- 10 bytes [13:59 28/10/2009] [13:59 28/10/2009] ERUNT.LOC --a--- 4090 bytes [13:59 28/10/2009] [12:00 31/08/2000] eXereg.exe --a--- 28190 bytes [13:59 28/10/2009] [23:56 25/10/2009] extract.cfxxe -ra--- 52736 bytes [13:59 28/10/2009] [12:00 31/08/2000] FD-SV.cmd --a--- 3694 bytes [13:58 28/10/2009] [09:18 23/10/2009] ffdefstr.dll --a--- 36903 bytes [13:59 28/10/2009] [06:54 01/09/2009] FileKill.cfxxe -ra--- 145920 bytes [13:59 28/10/2009] [12:00 31/08/2000] files.pif --a--- 2340 bytes [13:59 28/10/2009] [03:21 28/10/2009] Fin.dat --a--- 660 bytes [13:59 28/10/2009] [07:54 12/08/2009] FIND3M.bat --a--- 30267 bytes [13:58 28/10/2009] [18:54 26/10/2009] FINDSTR.cfxxe -ra--- 27136 bytes [13:59 28/10/2009] [00:12 14/04/2008] FIXLSP.bat --a--- 4759 bytes [13:58 28/10/2009] [18:54 26/10/2009] FKMGen.cmd --a--- 1113 bytes [13:58 28/10/2009] [09:35 23/10/2009] ForceLibrary.dll --a--- 10240 bytes [13:59 28/10/2009] [19:03 15/02/2001] ForeignWht --a--- 880 bytes [13:59 28/10/2009] [13:59 28/10/2009] GetHive.cmd --a--- 5969 bytes [13:58 28/10/2009] [18:54 26/10/2009] grep.cfxxe -ra--- 80412 bytes [13:59 28/10/2009] [12:00 31/08/2000] gsar.cfxxe -ra--- 15360 bytes [13:59 28/10/2009] [12:00 31/08/2000] handle.cfxxe -ra--- 181776 bytes [13:59 28/10/2009] [12:00 31/08/2000] hidec.exe --a--- 1536 bytes [13:59 28/10/2009] [05:54 16/08/2005] history.bat --a--- 954 bytes [13:58 28/10/2009] [21:25 20/10/2009] iexplore.exe --a--- 31232 bytes [13:59 28/10/2009] [16:56 20/04/2009] image001.gif --a--- 1057 bytes [13:59 28/10/2009] [12:00 31/08/2000] Install-RC.cmd --a--- 5664 bytes [13:59 28/10/2009] [09:36 23/10/2009] katch.cmd --a--- 1008 bytes [13:59 28/10/2009] [02:53 28/10/2009] Kill-All.cmd --a--- 1575 bytes [13:59 28/10/2009] [14:14 18/10/2009] kmd.dat --a--- 13 bytes [13:59 28/10/2009] [13:59 28/10/2009] Lang.bat --a--- 194504 bytes [13:58 28/10/2009] [23:09 15/10/2009] List-B.bat --a--- 42675 bytes [13:58 28/10/2009] [13:39 27/10/2009] List-C.bat --a--- 234807 bytes [13:58 28/10/2009] [13:21 27/10/2009] List-D.bat --a--- 93038 bytes [13:58 28/10/2009] [19:00 26/10/2009] List.bat --a--- 701591 bytes [13:58 28/10/2009] [13:37 27/10/2009] lnkread.vbs --a--- 2428 bytes [13:59 28/10/2009] [12:00 31/08/2000] LocalService.dat --a--- 225 bytes [13:59 28/10/2009] [12:00 31/08/2000] LocalServiceNetworkRestricted.dat --a--- 91 bytes [13:59 28/10/2009] [12:00 31/08/2000] LocalSystemNetworkRestricted.dat --a--- 198 bytes [13:59 28/10/2009] [12:00 31/08/2000] mbr.cfxxe -ra--- 77312 bytes [13:59 28/10/2009] [10:11 25/10/2009] md5sum.pif --a--- 5066 bytes [13:59 28/10/2009] [03:21 28/10/2009] Mirrors --a--- 137 bytes [13:59 28/10/2009] [13:59 28/10/2009] MoveIt.bat --a--- 2370 bytes [13:58 28/10/2009] [21:25 20/10/2009] mtee.cfxxe -ra--- 11264 bytes [13:59 28/10/2009] [12:00 31/08/2000] mynul.dat --a--- 0 bytes [13:59 28/10/2009] [12:00 31/08/2000] n.pif --a--- 31232 bytes [13:59 28/10/2009] [16:56 20/04/2009] ncmd.cfxxe -ra--- 2010 bytes [13:59 28/10/2009] [19:55 24/10/2009] ndis_combofix.dat --a--- 287 bytes [13:59 28/10/2009] [12:00 31/08/2000] ND_.bat --a--- 25367 bytes [13:58 28/10/2009] [21:23 27/10/2009] netsvc.bad.dat --a--- 482 bytes [13:59 28/10/2009] [21:04 02/09/2009] netsvc.dat --a--- 159 bytes [13:59 28/10/2009] [12:00 31/08/2000] netsvc.vista.dat --a--- 481 bytes [13:59 28/10/2009] [12:00 31/08/2000] netsvc.xp.dat --a--- 525 bytes [13:59 28/10/2009] [12:00 31/08/2000] NetworkService.dat --a--- 88 bytes [13:59 28/10/2009] [12:00 31/08/2000] NirCmd.cfxxe -ra--- 31232 bytes [13:59 28/10/2009] [16:56 20/04/2009] NircmdB.exe --a--- 31232 bytes [13:59 28/10/2009] [16:56 20/04/2009] NirCmdC.cfxxe -ra--- 30720 bytes [13:59 28/10/2009] [16:56 20/04/2009] NlsLanguageDefault --a--- 6 bytes [13:59 28/10/2009] [13:59 28/10/2009] NT-OS.cmd --a--- 16178 bytes [13:59 28/10/2009] [19:00 26/10/2009] NULL --a--- 0 bytes [13:59 28/10/2009] [13:59 28/10/2009] OSid.vbs --a--- 977 bytes [13:59 28/10/2009] [12:00 31/08/2000] OsVer --a--- 43 bytes [13:59 28/10/2009] [13:59 28/10/2009] PEV.cfxxe -ra--- 236544 bytes [13:59 28/10/2009] [12:10 11/10/2009] pev.exe --a--- 236544 bytes [13:59 28/10/2009] [12:10 11/10/2009] PING.cfxxe -ra--- 17920 bytes [13:59 28/10/2009] [00:12 14/04/2008] Policies.dat --a--- 2992 bytes [13:59 28/10/2009] [07:51 06/07/2009] Prep.inf --a--- 2374 bytes [13:59 28/10/2009] [08:54 14/08/2009] Purity.dat --a--- 404 bytes [13:59 28/10/2009] [12:00 31/08/2000] PV.cfxxe -ra--- 73728 bytes [03:42 03/03/2006] [03:42 03/03/2006] pv.com --a--- 73728 bytes [13:59 28/10/2009] [03:42 03/03/2006] RCLink.dat --a--- 7478 bytes [13:59 28/10/2009] [12:00 31/08/2000] REGDACL.sed --a--- 3558 bytes [13:59 28/10/2009] [12:00 31/08/2000] RegDo.sed --a--- 9203 bytes [13:59 28/10/2009] [12:00 31/08/2000] region.dat --a--- 1149 bytes [13:59 28/10/2009] [06:29 23/05/2009] RegScan.cmd --a--- 62817 bytes [13:59 28/10/2009] [19:02 26/10/2009] Resident.txt --a--- 0 bytes [13:59 28/10/2009] [13:59 28/10/2009] restore_pt.vbs --a--- 587 bytes [13:59 28/10/2009] [02:26 02/05/2009] Rkey.cmd --a--- 241 bytes [13:59 28/10/2009] [12:00 31/08/2000] rogues.dat --a--- 820 bytes [13:59 28/10/2009] [12:00 31/08/2000] ROUTE.cfxxe -ra--- 19968 bytes [13:59 28/10/2009] [09:00 10/08/2004] run2.sed --a--- 287 bytes [13:59 28/10/2009] [12:00 31/08/2000] Rust.str --a--- 30 bytes [13:59 28/10/2009] [15:38 10/06/2009] safeboot.dat --a--- 329 bytes [13:59 28/10/2009] [12:00 31/08/2000] safeboot.def.dat --a--- 1464 bytes [13:59 28/10/2009] [06:25 10/06/2009] safeboot.def.vista.dat --a--- 463 bytes [13:59 28/10/2009] [12:00 31/08/2000] Safeboot.def.w7.dat --a--- 585 bytes [13:59 28/10/2009] [16:00 18/10/2009] sed.cfxxe -ra--- 98816 bytes [13:59 28/10/2009] [12:00 31/08/2000] SetEnvmt.bat --a--- 14774 bytes [13:58 28/10/2009] [19:03 26/10/2009] setpath.cfxxe -ra--- 30251 bytes [13:59 28/10/2009] [19:37 18/10/2009] SF.exe --a--- 49152 bytes [18:42 10/06/2006] [18:42 10/06/2006] sfx.cmd --a--- 68 bytes [13:59 28/10/2009] [13:59 28/10/2009] SnapShot.cmd --a--- 3383 bytes [13:59 28/10/2009] [19:03 26/10/2009] SRestore.cmd --a--- 2129 bytes [13:59 28/10/2009] [19:03 26/10/2009] srizbi.md5 --a--- 56474 bytes [13:59 28/10/2009] [10:37 25/10/2009] Start_dat --a--- 2 bytes [13:59 28/10/2009] [13:59 28/10/2009] SuppScan.cmd --a--- 19937 bytes [13:59 28/10/2009] [19:03 26/10/2009] SvcDrv.vbs --a--- 2176 bytes [13:59 28/10/2009] [12:00 31/08/2000] svchost.dat --a--- 555 bytes [13:59 28/10/2009] [12:00 31/08/2000] svchost.vista.dat --a--- 668 bytes [13:59 28/10/2009] [12:00 31/08/2000] svchost.w7.dat --a--- 956 bytes [13:59 28/10/2009] [16:14 18/10/2009] svchost.w7.x64.dat --a--- 290 bytes [13:59 28/10/2009] [04:08 22/10/2009] svc_wht.dat --a--- 12073 bytes [13:59 28/10/2009] [08:07 09/10/2009] SWREG.cfxxe -ra--- 161792 bytes [13:59 28/10/2009] [12:00 31/08/2000] swreg.exe --a--- 161792 bytes [13:59 28/10/2009] [12:00 31/08/2000] swsc.cfxxe -ra--- 136704 bytes [13:59 28/10/2009] [12:00 31/08/2000] swxcacls.cfxxe -ra--- 212480 bytes [13:59 28/10/2009] [12:00 31/08/2000] system_ini.dat --a--- 276 bytes [13:59 28/10/2009] [12:00 31/08/2000] tail.cfxxe -ra--- 35328 bytes [13:59 28/10/2009] [12:00 10/11/1999] temp00 --a--- 65 bytes [13:59 28/10/2009] [13:59 28/10/2009] toolbar.sed --a--- 413 bytes [13:59 28/10/2009] [12:00 31/08/2000] Update-CF.cmd --a--- 2919 bytes [13:59 28/10/2009] [02:53 23/10/2009] VerCF.bat --a--- 27 bytes [13:59 28/10/2009] [13:59 28/10/2009] version.txt --a--- 43 bytes [13:59 28/10/2009] [13:59 28/10/2009] VInfo -ra--- 7677 bytes [13:59 28/10/2009] [13:26 27/10/2009] vistareg.dat --a--- 14040 bytes [13:59 28/10/2009] [10:31 19/10/2009] vun.dat --a--- 1497 bytes [13:59 28/10/2009] [13:09 27/10/2009] w2kreg.dat --a--- 38734 bytes [13:59 28/10/2009] [19:49 23/10/2009] w2k_sock.dll --a--- 90202 bytes [13:59 28/10/2009] [19:34 21/06/2009] w7reg.dat --a--- 14043 bytes [13:59 28/10/2009] [20:03 23/10/2009] Wmi_rem.vbs --a--- 592 bytes [13:59 28/10/2009] [05:08 14/05/2009] w_sock.dll --a--- 98948 bytes [13:59 28/10/2009] [18:45 21/06/2009] XP.mac --a--- 40 bytes [13:59 28/10/2009] [13:59 28/10/2009] xpreg.dat --a--- 53864 bytes [13:59 28/10/2009] [19:49 23/10/2009] zDomain.dat --a--- 23773 bytes [13:59 28/10/2009] [12:00 31/08/2000] zhsvc.dat --a--- 35099 bytes [13:59 28/10/2009] [11:43 26/10/2009] zip.cfxxe -ra--- 68096 bytes [13:59 28/10/2009] [12:00 31/08/2000] ---Folders--- N_ d----- [13:59 28/10/2009] C:\abcd - Parameters: "(none)" ---Files--- 023.dat --a--- 51681 bytes [22:39 27/10/2009] [22:40 27/10/2009] 023v.dat --a--- 2128 bytes [22:39 27/10/2009] [04:36 21/10/2009] 023w7.dat --a--- 661 bytes [22:39 27/10/2009] [04:36 21/10/2009] Admin.user.cf --a--- 0 bytes [22:40 27/10/2009] [22:40 27/10/2009] AllDrivesFolders --a--- 331 bytes [23:01 27/10/2009] [23:01 27/10/2009] AllSids --a--- 235 bytes [22:53 27/10/2009] [22:53 27/10/2009] appdata.folder.dat --a--- 452 bytes [22:40 27/10/2009] [22:40 27/10/2009] asp.str --a--- 602 bytes [22:39 27/10/2009] [03:09 14/07/2009] AspackDie.cfxxe -ra--- 13312 bytes [22:39 27/10/2009] [15:09 04/12/2006] Assoc.cmd --a--- 3927 bytes [22:39 27/10/2009] [18:51 26/10/2009] ATTRIB.cfxxe -ra--- 12288 bytes [22:40 27/10/2009] [00:12 14/04/2008] av.cmd --a--- 1666 bytes [22:39 27/10/2009] [13:49 16/10/2009] av.vbs --a--- 1464 bytes [22:39 27/10/2009] [22:09 13/05/2009] BHO.dat --a--- 53 bytes [22:51 27/10/2009] [22:51 27/10/2009] BitsPath --a--- 0 bytes [22:52 27/10/2009] [22:52 27/10/2009] BitsStr --a--- 549 bytes [22:52 27/10/2009] [22:52 27/10/2009] Boot-Rk.cmd --a--- 2346 bytes [22:39 27/10/2009] [21:11 27/10/2009] Boot.bat --a--- 7806 bytes [22:39 27/10/2009] [21:11 27/10/2009] BootSect.dll --a--- 7680 bytes [22:39 27/10/2009] [12:00 31/08/2000] BootSectB --a--- 2 bytes [22:59 27/10/2009] [22:59 27/10/2009] cache.folder.dat --a--- 557 bytes [22:40 27/10/2009] [22:40 27/10/2009] Catch-sub.cmd --a--- 737 bytes [22:39 27/10/2009] [06:45 14/09/2009] Catchlog --a--- 2706 bytes [23:01 27/10/2009] [23:03 27/10/2009] catchme.cfxxe -ra--- 147456 bytes [22:39 27/10/2009] [21:37 17/04/2009] Catchme.tmp --a--- 147456 bytes [22:46 27/10/2009] [21:37 17/04/2009] catch_E.dat --a--- 0 bytes [22:58 27/10/2009] [22:58 27/10/2009] catch_k.dat --a--- 0 bytes [22:58 27/10/2009] [22:58 27/10/2009] CCS.bat --a--- 91 bytes [22:40 27/10/2009] [23:01 27/10/2009] CF-RC.txt --a--- 324 bytes [22:43 27/10/2009] [22:43 27/10/2009] CF17292.exe --a--- 389120 bytes [22:40 27/10/2009] [22:39 27/10/2009] cfdummy --a--- 8192 bytes [22:46 27/10/2009] [22:46 27/10/2009] cfrun --a--- 0 bytes [22:47 27/10/2009] [22:47 27/10/2009] CFVersionOld --a--- 13 bytes [22:40 27/10/2009] [22:40 27/10/2009] CHCP.bat --a--- 16 bytes [22:40 27/10/2009] [22:40 27/10/2009] clsid.dat --a--- 637299 bytes [22:40 27/10/2009] [22:40 27/10/2009] ClsidDumped --a--- 5672392 bytes [22:50 27/10/2009] [22:51 27/10/2009] ClsidFiles --a--- 383859 bytes [22:51 27/10/2009] [22:51 27/10/2009] Combo-Fix.sys --a--- 1024 bytes [22:39 27/10/2009] [12:00 31/08/2000] ComboFix-Download.cfxxe -ra--- 141312 bytes [22:39 27/10/2009] [12:00 31/08/2000] ComboFix.txt --a--- 12912 bytes [22:47 27/10/2009] [23:04 27/10/2009] ConEnv.sed --a--- 3592 bytes [22:40 27/10/2009] [22:40 27/10/2009] Create.AppData01.dat --a--- 644 bytes [23:01 27/10/2009] [23:01 27/10/2009] Creg.dat --a--- 643817 bytes [22:39 27/10/2009] [22:52 27/10/2009] CregB.dat --a--- 19796 bytes [22:59 27/10/2009] [22:59 27/10/2009] CregC.cmd --a--- 2894 bytes [22:39 27/10/2009] [18:53 26/10/2009] CregC.dat --a--- 87943 bytes [22:39 27/10/2009] [23:04 27/10/2009] CSCRIPT.cfxxe -ra--- 135168 bytes [22:40 27/10/2009] [09:07 07/05/2008] CSet.cmd --a--- 1688 bytes [22:39 27/10/2009] [14:08 25/05/2009] d-del2A.dat --a--- 0 bytes [22:51 27/10/2009] [22:51 27/10/2009] d-del4AV.old --a--- 0 bytes [22:59 27/10/2009] [22:59 27/10/2009] dd.cfxxe -ra--- 101376 bytes [22:39 27/10/2009] [12:00 31/08/2000] ddsDo.sed --a--- 7983 bytes [22:39 27/10/2009] [13:59 25/05/2009] DelClsid.bat --a--- 1689 bytes [22:39 27/10/2009] [18:54 26/10/2009] delclsid00 --a--- 210 bytes [22:52 27/10/2009] [23:04 27/10/2009] dll_whitelist.dat --a--- 3193 bytes [22:46 27/10/2009] [22:46 27/10/2009] dnd.dat --a--- 25029 bytes [22:46 27/10/2009] [22:46 27/10/2009] dollar_log.dat --a--- 2656 bytes [23:01 27/10/2009] [23:01 27/10/2009] dosdev.exe --a--- 7168 bytes [22:39 27/10/2009] [19:47 19/03/2007] DPF.str --a--- 746 bytes [22:39 27/10/2009] [12:00 31/08/2000] drev.dat --a--- 2528 bytes [22:53 27/10/2009] [23:01 27/10/2009] drevF.dat --a--- 27 bytes [22:53 27/10/2009] [22:53 27/10/2009] Drive.folder.dat --a--- 8 bytes [22:46 27/10/2009] [22:46 27/10/2009] DrivesB.dat --a--- 3 bytes [23:01 27/10/2009] [23:01 27/10/2009] DTime.bat --a--- 34 bytes [23:03 27/10/2009] [23:03 27/10/2009] dumphive.cfxxe -ra--- 51200 bytes [22:39 27/10/2009] [12:00 31/08/2000] embedded.sed --a--- 303 bytes [22:39 27/10/2009] [12:00 31/08/2000] Env.sed --a--- 593 bytes [22:46 27/10/2009] [22:46 27/10/2009] ERDNT.e_e --a--- 163328 bytes [22:39 27/10/2009] [00:02 21/10/2005] ERDNTDOS.LOC --a--- 2815 bytes [22:39 27/10/2009] [12:00 31/08/2000] ERDNTWIN.LOC --a--- 3275 bytes [22:39 27/10/2009] [12:00 31/08/2000] ErrTrap1 --a--- 81 bytes [22:47 27/10/2009] [22:51 27/10/2009] ERUNT.cfxxe -ra--- 157696 bytes [22:39 27/10/2009] [00:00 21/10/2005] ERUNT.LOC --a--- 4090 bytes [22:39 27/10/2009] [12:00 31/08/2000] eXereg.exe --a--- 28190 bytes [22:39 27/10/2009] [23:56 25/10/2009] extract.cfxxe -ra--- 52736 bytes [22:39 27/10/2009] [12:00 31/08/2000] F3m.mrk --a--- 0 bytes [23:01 27/10/2009] [23:01 27/10/2009] F3m0.mrk --a--- 0 bytes [23:01 27/10/2009] [23:01 27/10/2009] failsafe --a--- 329 bytes [23:04 27/10/2009] [23:04 27/10/2009] FdsvOK --a--- 34 bytes [22:46 27/10/2009] [22:46 27/10/2009] ffdefstr.dll --a--- 36903 bytes [22:39 27/10/2009] [06:54 01/09/2009] FileKill.cfxxe -ra--- 145920 bytes [22:39 27/10/2009] [12:00 31/08/2000] files.pif --a--- 2340 bytes [22:39 27/10/2009] [03:21 28/10/2009] Fin.dat --a--- 660 bytes [22:39 27/10/2009] [07:54 12/08/2009] FIND3M.bat --a--- 30267 bytes [22:39 27/10/2009] [18:54 26/10/2009] FINDSTR.cfxxe -ra--- 27136 bytes [22:40 27/10/2009] [00:12 14/04/2008] FIXLSP.bat --a--- 4759 bytes [22:39 27/10/2009] [18:54 26/10/2009] FKMGen.cmd --a--- 1113 bytes [22:39 27/10/2009] [09:35 23/10/2009] ForceLibrary.dll --a--- 10240 bytes [22:39 27/10/2009] [19:03 15/02/2001] ForeignWht --a--- 880 bytes [22:40 27/10/2009] [22:40 27/10/2009] f_system --a--- 0 bytes [22:40 27/10/2009] [22:40 27/10/2009] Gateway --a--- 14 bytes [22:46 27/10/2009] [22:46 27/10/2009] GetHive.cmd --a--- 5969 bytes [22:39 27/10/2009] [18:54 26/10/2009] grep.cfxxe -ra--- 80412 bytes [22:39 27/10/2009] [12:00 31/08/2000] gsar.cfxxe -ra--- 15360 bytes [22:39 27/10/2009] [12:00 31/08/2000] handle.cfxxe -ra--- 181776 bytes [22:39 27/10/2009] [12:00 31/08/2000] hidec.exe --a--- 1536 bytes [22:39 27/10/2009] [05:54 16/08/2005] history.bat --a--- 954 bytes [22:39 27/10/2009] [21:25 20/10/2009] iexplore.exe --a--- 31232 bytes [22:39 27/10/2009] [16:56 20/04/2009] image001.gif --a--- 1057 bytes [22:39 27/10/2009] [12:00 31/08/2000] index.dat --a--- 23363584 bytes [22:54 27/10/2009] [22:58 27/10/2009] InstallRC --a--- 55 bytes [22:43 27/10/2009] [22:43 27/10/2009] katch.cmd --a--- 1008 bytes [22:39 27/10/2009] [02:53 28/10/2009] kmd.dat --a--- 13 bytes [22:40 27/10/2009] [22:40 27/10/2009] Lang.bat --a--- 194762 bytes [22:59 27/10/2009] [22:59 27/10/2009] LatestVer --a--- 14 bytes [22:40 27/10/2009] [22:40 27/10/2009] LegacyFull --a--- 1836 bytes [22:47 27/10/2009] [22:47 27/10/2009] LegacyNoSvc --a--- 231 bytes [22:47 27/10/2009] [22:47 27/10/2009] lnkread.vbs --a--- 2428 bytes [22:39 27/10/2009] [12:00 31/08/2000] localappdata.folder.dat --a--- 425 bytes [22:40 27/10/2009] [22:40 27/10/2009] LocalService.dat --a--- 225 bytes [22:39 27/10/2009] [12:00 31/08/2000] LocalServiceNetworkRestricted.dat --a--- 91 bytes [22:39 27/10/2009] [12:00 31/08/2000] localsettings.folder.dat --a--- 382 bytes [22:40 27/10/2009] [22:40 27/10/2009] LocalSystemNetworkRestricted.dat --a--- 198 bytes [22:39 27/10/2009] [12:00 31/08/2000] LSPDone --a--- 0 bytes [22:58 27/10/2009] [22:58 27/10/2009] L_Beep00 --a--- 258 bytes [23:01 27/10/2009] [23:01 27/10/2009] mbr.cfxxe -ra--- 77312 bytes [22:39 27/10/2009] [10:11 25/10/2009] mbr.log --a--- 195 bytes [23:01 27/10/2009] [23:01 27/10/2009] mbr.txt --a--- 289 bytes [23:01 27/10/2009] [23:01 27/10/2009] mbr00 --a--- 0 bytes [23:01 27/10/2009] [23:01 27/10/2009] md5sum.pif --a--- 5338 bytes [22:39 27/10/2009] [22:46 27/10/2009] Mirrors --a--- 139 bytes [22:40 27/10/2009] [22:40 27/10/2009] MissingFiles.dat --a--- 191 bytes [22:54 27/10/2009] [22:54 27/10/2009] MoveIt.bat --a--- 2370 bytes [22:39 27/10/2009] [21:25 20/10/2009] mtee.cfxxe -ra--- 11264 bytes [22:39 27/10/2009] [12:00 31/08/2000] MWindows.dat --a--- 467 bytes [22:40 27/10/2009] [22:40 27/10/2009] mynul.dat --a--- 0 bytes [22:39 27/10/2009] [12:00 31/08/2000] mypictures.folder.dat --a--- 308 bytes [22:40 27/10/2009] [22:40 27/10/2009] n.pif --a--- 31232 bytes [22:39 27/10/2009] [16:56 20/04/2009] ncmd.cfxxe -ra--- 2122 bytes [22:39 27/10/2009] [22:46 27/10/2009] ndis_combofix.dat --a--- 287 bytes [22:39 27/10/2009] [12:00 31/08/2000] ndis_log.dat --a--- 117 bytes [22:54 27/10/2009] [22:54 27/10/2009] ND_.bat --a--- 25367 bytes [22:39 27/10/2009] [21:23 27/10/2009] netsvc.bad.dat --a--- 32900 bytes [22:39 27/10/2009] [22:53 27/10/2009] netsvc.dat --a--- 525 bytes [22:39 27/10/2009] [12:00 31/08/2000] NetworkService.dat --a--- 88 bytes [22:39 27/10/2009] [12:00 31/08/2000] NirCmd.cfxxe -ra--- 31232 bytes [22:39 27/10/2009] [16:56 20/04/2009] NircmdB.exe --a--- 31232 bytes [22:39 27/10/2009] [16:56 20/04/2009] NirCmdC.cfxxe -ra--- 30720 bytes [22:39 27/10/2009] [16:56 20/04/2009] NlsLanguageDefault --a--- 6 bytes [22:40 27/10/2009] [22:40 27/10/2009] NoX2del --a--- 45 bytes [23:01 27/10/2009] [23:01 27/10/2009] NT-OS.cmd --a--- 16178 bytes [22:39 27/10/2009] [19:00 26/10/2009] NULL --a--- 0 bytes [22:40 27/10/2009] [22:40 27/10/2009] OriO4 --a--- 867 bytes [22:52 27/10/2009] [22:52 27/10/2009] Orphans.dat --a--- 611 bytes [23:03 27/10/2009] [23:04 27/10/2009] OsId.txt --a--- 83 bytes [22:40 27/10/2009] [22:40 27/10/2009] OSid.vbs --a--- 977 bytes [22:39 27/10/2009] [12:00 31/08/2000] OsVer --a--- 43 bytes [22:39 27/10/2009] [22:39 27/10/2009] patched.af --a--- 0 bytes [22:52 27/10/2009] [22:52 27/10/2009] PathSearch --a--- 311 bytes [22:52 27/10/2009] [22:52 27/10/2009] pend.txt --a--- 802 bytes [22:46 27/10/2009] [22:46 27/10/2009] PEV.cfxxe -ra--- 236544 bytes [22:40 27/10/2009] [12:10 11/10/2009] pev.exe --a--- 236544 bytes [22:39 27/10/2009] [12:10 11/10/2009] PING.cfxxe -ra--- 17920 bytes [22:40 27/10/2009] [00:12 14/04/2008] Policies.dat --a--- 2992 bytes [22:39 27/10/2009] [07:51 06/07/2009] PreDIR --a--- 36 bytes [22:46 27/10/2009] [22:46 27/10/2009] Prep.inf --a--- 2374 bytes [22:39 27/10/2009] [08:54 14/08/2009] Profiles.Folder.dat --a--- 340 bytes [22:40 27/10/2009] [22:40 27/10/2009] Profiles.Folder.folder.dat --a--- 575 bytes [22:40 27/10/2009] [22:40 27/10/2009] progfile.dat --a--- 479170 bytes [22:40 27/10/2009] [22:41 27/10/2009] Purity.dat --a--- 404 bytes [22:39 27/10/2009] [12:00 31/08/2000] PV.cfxxe -ra--- 73728 bytes [03:42 03/03/2006] [03:42 03/03/2006] pv.com --a--- 73728 bytes [22:39 27/10/2009] [03:42 03/03/2006] rboot.dat --a--- 0 bytes [22:59 27/10/2009] [22:59 27/10/2009] RcRdy --a--- 0 bytes [22:43 27/10/2009] [22:43 27/10/2009] RcRdyList --a--- 350 bytes [22:53 27/10/2009] [22:53 27/10/2009] REGDACL.sed --a--- 3558 bytes [22:39 27/10/2009] [12:00 31/08/2000] RegDo.sed --a--- 9203 bytes [22:39 27/10/2009] [12:00 31/08/2000] region.dat --a--- 1149 bytes [22:39 27/10/2009] [06:29 23/05/2009] RegRun01 --a--- 74 bytes [22:52 27/10/2009] [22:52 27/10/2009] RegScan.cmd --a--- 62817 bytes [22:39 27/10/2009] [19:02 26/10/2009] REGT.cfxxe --a--- 146432 bytes [22:40 27/10/2009] [22:40 27/10/2009] RenVDel.dat --a--- 0 bytes [22:50 27/10/2009] [22:52 27/10/2009] Resident.txt --a--- 0 bytes [22:40 27/10/2009] [22:40 27/10/2009] Rkey.cmd --a--- 241 bytes [22:39 27/10/2009] [12:00 31/08/2000] rogues.dat --a--- 820 bytes [22:39 27/10/2009] [12:00 31/08/2000] ROUTE.cfxxe -ra--- 19968 bytes [22:40 27/10/2009] [09:00 10/08/2004] run.sed --a--- 1614 bytes [22:46 27/10/2009] [22:46 27/10/2009] run2.sed --a--- 287 bytes [22:39 27/10/2009] [12:00 31/08/2000] Rust.str --a--- 30 bytes [22:39 27/10/2009] [15:38 10/06/2009] safeboot.dat --a--- 329 bytes [22:39 27/10/2009] [12:00 31/08/2000] safeboot.def.dat --a--- 1464 bytes [22:39 27/10/2009] [06:25 10/06/2009] safeboot.def.vista.dat --a--- 463 bytes [22:39 27/10/2009] [12:00 31/08/2000] Safeboot.def.w7.dat --a--- 585 bytes [22:39 27/10/2009] [16:00 18/10/2009] SafeBoot.reg --a--- 135320 bytes [23:05 27/10/2009] [23:05 27/10/2009] safeboot00 --a--- 10872 bytes [23:04 27/10/2009] [23:05 27/10/2009] SafeBoot01 --a--- 135 bytes [23:05 27/10/2009] [23:05 27/10/2009] SafeBootKeys.dat --a--- 52 bytes [23:04 27/10/2009] [23:04 27/10/2009] sed.cfxxe -ra--- 98816 bytes [22:39 27/10/2009] [12:00 31/08/2000] SetEnvmt.bat --a--- 14774 bytes [22:39 27/10/2009] [19:03 26/10/2009] SetPath.bat --a--- 6133 bytes [22:40 27/10/2009] [22:59 27/10/2009] setpath.cfxxe -ra--- 30251 bytes [22:39 27/10/2009] [19:37 18/10/2009] SF.exe --a--- 49152 bytes [18:42 10/06/2006] [18:42 10/06/2006] sfx.cmd --a--- 14 bytes [22:40 27/10/2009] [22:40 27/10/2009] SigChkMissing.dat --a--- 56 bytes [23:03 27/10/2009] [23:03 27/10/2009] snapshot.00.dat --a--- 1003055 bytes [23:01 27/10/2009] [23:02 27/10/2009] SnapShot.02.dat --a--- 1000193 bytes [23:03 27/10/2009] [23:03 27/10/2009] srizbi.md5 --a--- 56474 bytes [22:39 27/10/2009] [10:37 25/10/2009] startup.folder.dat --a--- 398 bytes [22:40 27/10/2009] [22:40 27/10/2009] Start_dat --a--- 2 bytes [22:40 27/10/2009] [22:40 27/10/2009] SuppScan.cmd --a--- 19937 bytes [22:39 27/10/2009] [19:03 26/10/2009] SuspectB_netsvc.dat --a--- 0 bytes [22:51 27/10/2009] [22:51 27/10/2009] SuspectLegacy --a--- 168 bytes [22:47 27/10/2009] [22:47 27/10/2009] suspectSvc.dat --a--- 389 bytes [22:47 27/10/2009] [22:52 27/10/2009] SvcCovered --a--- 47196 bytes [22:47 27/10/2009] [22:52 27/10/2009] SvcDiff --a--- 0 bytes [22:47 27/10/2009] [22:47 27/10/2009] SvcDrv.vbs --a--- 2176 bytes [22:39 27/10/2009] [12:00 31/08/2000] SvcDump --a--- 19117 bytes [22:47 27/10/2009] [22:47 27/10/2009] SvcDumpB --a--- 3541 bytes [22:47 27/10/2009] [22:47 27/10/2009] SvcDumpFull --a--- 364403 bytes [22:47 27/10/2009] [22:47 27/10/2009] SvcFull --a--- 3555 bytes [22:47 27/10/2009] [22:47 27/10/2009] svchost.dat --a--- 555 bytes [22:39 27/10/2009] [12:00 31/08/2000] svchost.w7.dat --a--- 956 bytes [22:39 27/10/2009] [16:14 18/10/2009] svchost.w7.x64.dat --a--- 290 bytes [22:39 27/10/2009] [04:08 22/10/2009] svclist.dat --a--- 31323 bytes [22:47 27/10/2009] [23:04 27/10/2009] SvcTarget.dat --a--- 117 bytes [22:47 27/10/2009] [22:47 27/10/2009] svc_wht.dat --a--- 12073 bytes [22:39 27/10/2009] [08:07 09/10/2009] SWREG.cfxxe -ra--- 161792 bytes [22:39 27/10/2009] [12:00 31/08/2000] swreg.exe --a--- 161792 bytes [22:39 27/10/2009] [12:00 31/08/2000] swsc.cfxxe -ra--- 136704 bytes [22:39 27/10/2009] [12:00 31/08/2000] swxcacls.cfxxe -ra--- 212480 bytes [22:39 27/10/2009] [12:00 31/08/2000] SysPath.dat --a--- 2011 bytes [22:40 27/10/2009] [22:40 27/10/2009] system_ini.dat --a--- 276 bytes [22:39 27/10/2009] [12:00 31/08/2000] tail.cfxxe -ra--- 35328 bytes [22:39 27/10/2009] [12:00 10/11/1999] temp2000 --a--- 0 bytes [22:51 27/10/2009] [22:51 27/10/2009] temp5000 --a--- 0 bytes [22:53 27/10/2009] [22:54 27/10/2009] toolbar.sed --a--- 413 bytes [22:39 27/10/2009] [12:00 31/08/2000] unhand.dat --a--- 606 bytes [22:46 27/10/2009] [22:46 27/10/2009] Update-CF.cmd --a--- 2919 bytes [22:39 27/10/2009] [02:53 23/10/2009] UploadThese --a--- 0 bytes [22:51 27/10/2009] [22:51 27/10/2009] V-FilesB.dat --a--- 0 bytes [22:51 27/10/2009] [22:51 27/10/2009] v-tmp.dat --a--- 0 bytes [22:52 27/10/2009] [22:52 27/10/2009] VerCF.bat --a--- 27 bytes [22:39 27/10/2009] [22:39 27/10/2009] version.txt --a--- 43 bytes [22:40 27/10/2009] [22:40 27/10/2009] VikPev00 --a--- 62825 bytes [22:40 27/10/2009] [22:46 27/10/2009] Vikpev01 --a--- 0 bytes [22:40 27/10/2009] [22:51 27/10/2009] vRun_DLL --a--- 43894 bytes [22:46 27/10/2009] [22:52 27/10/2009] vun.dat --a--- 1497 bytes [22:39 27/10/2009] [13:09 27/10/2009] v_str.dat --a--- 3029 bytes [22:51 27/10/2009] [22:51 27/10/2009] v_wht.dat --a--- 39821 bytes [22:46 27/10/2009] [22:46 27/10/2009] whiteAll.dat --a--- 82304 bytes [22:46 27/10/2009] [22:46 27/10/2009] whitedir00 --a--- 9 bytes [23:01 27/10/2009] [23:01 27/10/2009] Windir.dat --a--- 83201 bytes [22:40 27/10/2009] [22:41 27/10/2009] WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe --a--- 4608744 bytes [22:42 27/10/2009] [22:43 27/10/2009] Wmi_rem.vbs --a--- 592 bytes [22:39 27/10/2009] [05:08 14/05/2009] WrgNameDLL --a--- 1047 bytes [22:52 27/10/2009] [22:52 27/10/2009] XP.mac --a--- 40 bytes [22:39 27/10/2009] [22:39 27/10/2009] zDomain.dat --a--- 23773 bytes [22:39 27/10/2009] [12:00 31/08/2000] zip.cfxxe -ra--- 68096 bytes [22:39 27/10/2009] [12:00 31/08/2000] Zlob01 --a--- 0 bytes [22:46 27/10/2009] [22:46 27/10/2009] ---Folders--- N_ d----- [22:40 27/10/2009] -=End Of File=-

mpascal View Member Profile	Nov 7 2009, 10:58 AM Post #11
GeekU Senior Posts: 1,350 From: Canada OS: Windows 7 Professional, Ubuntu 9.10	Hi davidstan, STEP 1 - OTL Fix Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL [2009/11/05 00:55:52 \| 00,000,000 \| ---D \| C] -- C:\abcd6634a [2009/11/05 00:54:22 \| 00,000,000 \| ---D \| C] -- C:\abcd22185a [2009/10/28 08:59:21 \| 00,000,000 \| ---D \| C] -- C:\abcd30018a [2009/10/27 17:40:07 \| 00,000,000 \| ---D \| C] -- C:\abcd :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. STEP 2 - Kaspersky Please do an online scan with Kaspersky WebScanner Click on Accept You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. STEP 3 - Reply Please reply with the following: Kaspersky Log OTL Quickscan Log

davidstan View Member Profile	Nov 7 2009, 12:07 PM Post #12
Member Posts: 24 OS: Windows XP Media	I can't run Kapersky online as I have 8.0 AV on my computer... I ran it and attached. Thanks -David OTL logfile created on: 11/7/2009 12:24:10 PM - Run 4 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Admin\Desktop\DiagTools Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1014.07 Mb Total Physical Memory \| 580.54 Mb Available Physical Memory \| 57.25% Memory free 2.38 Gb Paging File \| 2.04 Gb Available in Paging File \| 85.51% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 107.09 Gb Total Space \| 53.11 Gb Free Space \| 49.59% Space Free \| Partition Type: NTFS Drive D: \| 37.24 Gb Total Space \| 0.52 Gb Free Space \| 1.39% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D5MXCY91 Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Admin\Desktop\DiagTools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( ) PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) PRC - C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe () PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Admin\Desktop\DiagTools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) SRV - (GEARSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software) SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/28 10:44:01 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/17 19:11:45 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/03 19:41:01 \| 00,000,000 \| ---D \| M] O1 HOSTS File: (74 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll ( ) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll ( ) O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe File not found O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [DellTransferAgent] C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( ) O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (OldTimer Tools) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 03:43:04 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 14 Days ========== [2009/11/06 15:37:04 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Desktop\crash11609 [2009/11/06 09:23:27 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\AOL [2009/11/05 00:55:52 \| 00,000,000 \| ---D \| C] -- C:\abcd6634a [2009/11/05 00:54:22 \| 00,000,000 \| ---D \| C] -- C:\abcd22185a [2009/11/04 21:40:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Kaspersky Lab [2009/11/04 21:40:24 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2009/11/04 21:39:17 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2009/11/04 21:05:49 \| 67,291,088 \| ---- \| C] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\kav2010_9.0.0.736en.exe [2009/10/30 18:29:34 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Identities [2009/10/30 10:08:30 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Desktop\CLPics [2009/10/28 10:32:41 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\temp [2009/10/28 08:59:21 \| 00,000,000 \| ---D \| C] -- C:\abcd30018a [2009/10/27 19:27:08 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/27 19:27:07 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/27 19:27:07 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/27 17:43:09 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/10/27 17:40:17 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/27 17:40:17 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/27 17:40:17 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/27 17:40:17 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/27 17:40:08 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/27 17:40:07 \| 00,000,000 \| ---D \| C] -- C:\abcd [2009/10/27 12:49:44 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\NtmsData [2009/10/27 12:11:37 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/26 23:47:18 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\BitDefender [2009/10/26 23:45:48 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\BitDefender [2009/10/26 20:05:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Desktop\DiagTools [2009/10/26 19:59:20 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/10/26 16:59:55 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2009/10/26 16:54:25 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Runscanner.net ========== Files - Modified Within 14 Days ========== [2009/11/07 12:23:04 \| 00,000,878 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/11/07 12:17:38 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/07 12:17:29 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/11/07 12:17:26 \| 10,634,07616 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/07 12:16:50 \| 03,407,872 \| -H-- \| M] () -- C:\Documents and Settings\Admin\NTUSER.DAT [2009/11/07 12:15:11 \| 00,000,178 \| -HS- \| M] () -- C:\Documents and Settings\Admin\ntuser.ini [2009/11/07 11:40:00 \| 00,000,882 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009/11/06 22:13:38 \| 00,000,074 \| RH-- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/06 12:40:03 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/11/05 01:07:06 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/11/04 21:41:28 \| 00,108,059 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\klin.dat [2009/11/04 21:41:28 \| 00,095,259 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\klick.dat [2009/11/04 21:05:49 \| 67,291,088 \| ---- \| M] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\kav2010_9.0.0.736en.exe [2009/11/04 20:30:36 \| 00,267,264 \| ---- \| M] () -- C:\WINDOWS\PEV.exe [2009/11/02 21:04:50 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/11/01 20:26:09 \| 00,524,016 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/01 20:26:09 \| 00,442,466 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/01 20:26:09 \| 00,071,732 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/30 11:58:12 \| 00,001,394 \| ---- \| M] () -- C:\Documents and Settings\Admin\Desktop\Media Center.lnk [2009/10/29 21:55:47 \| 03,778,304 \| -H-- \| M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db [2009/10/29 02:14:13 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/28 13:30:28 \| 00,000,508 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/10/28 12:38:13 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/27 17:43:15 \| 00,000,279 \| RHS- \| M] () -- C:\boot.ini [2009/10/27 16:37:33 \| 00,064,184 \| ---- \| M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/10/27 12:49:26 \| 00,256,656 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/10/27 12:41:58 \| 03,153,920 \| ---- \| M] () -- C:\Documents and Settings\Admin\secsetup.sdb [2009/10/26 23:03:10 \| 00,000,209 \| ---- \| M] () -- C:\Boot.bak [2009/10/25 06:11:34 \| 00,077,312 \| ---- \| M] () -- C:\WINDOWS\MBR.exe ========== Files Created - No Company Name ========== [2009/11/04 21:41:28 \| 00,108,059 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\klin.dat [2009/11/04 21:41:28 \| 00,095,259 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\klick.dat [2009/10/30 11:54:13 \| 00,274,595 \| ---- \| C] () -- C:\Documents and Settings\Admin\Desktop\BDay09.JPG [2009/10/28 12:38:13 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/27 17:43:15 \| 00,000,209 \| ---- \| C] () -- C:\Boot.bak [2009/10/27 17:43:12 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/10/27 17:40:17 \| 00,267,264 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/27 17:40:17 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/27 17:40:17 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/27 17:40:17 \| 00,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2009/10/27 17:40:17 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/10/27 12:41:57 \| 03,153,920 \| ---- \| C] () -- C:\Documents and Settings\Admin\secsetup.sdb [2009/10/26 23:03:15 \| 00,000,864 \| ---- \| C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2009/10/26 23:03:15 \| 00,000,493 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk [2009/06/16 11:42:04 \| 00,061,678 \| ---- \| C] () -- C:\Documents and Settings\Admin\Application Data\PFP120JPR.{PB [2009/06/16 11:42:04 \| 00,012,358 \| ---- \| C] () -- C:\Documents and Settings\Admin\Application Data\PFP120JCM.{PB [2009/06/01 20:22:19 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2009/05/13 20:29:20 \| 00,007,520 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009/05/12 21:00:51 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2009/05/12 20:47:48 \| 00,064,184 \| ---- \| C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/05/12 20:26:28 \| 00,000,380 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/05/12 20:26:00 \| 00,077,824 \| ---- \| C] () -- C:\WINDOWS\System32\hpzids01.dll [2009/05/12 16:44:20 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Admin\Application Data\desktop.ini [2009/05/12 16:44:19 \| 03,778,304 \| -H-- \| C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db [2009/05/12 16:44:19 \| 00,000,128 \| ---- \| C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat [2007/12/27 07:14:25 \| 00,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\PosTickerLib.dll [2006/06/29 13:58:52 \| 00,030,808 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 \| 00,026,489 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/05/03 19:18:10 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2006/05/03 19:14:11 \| 00,000,126 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2006/05/03 19:08:02 \| 00,712,704 \| ---- \| C] () -- C:\WINDOWS\System32\DellSystemRestore.dll [2006/05/03 18:37:02 \| 00,000,392 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/18 14:39:28 \| 00,029,779 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 \| 00,026,040 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2005/11/10 07:56:34 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2005/09/23 07:52:14 \| 00,207,872 \| ---- \| C] () -- C:\WINDOWS\System32\OneWay.dll [2005/08/16 03:37:24 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 03:33:24 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 03:18:43 \| 00,000,508 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/08/16 03:18:41 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/08/05 13:01:54 \| 00,239,104 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll ========== LOP Check ========== [2009/06/16 11:42:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Admin\Application Data\Corel [2009/06/17 08:39:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Admin\Application Data\Corel Photo Album [2009/05/20 16:43:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Admin\Application Data\OpenOffice.org [2009/06/05 19:47:08 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Admin\Application Data\PHOTOPOSCOMTBR [2009/06/01 20:22:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar [2009/10/26 23:49:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\BitDefender [2009/05/12 20:56:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2005/08/16 19:54:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DIGStream [2009/05/17 17:14:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/06/01 20:21:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/09/10 20:18:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/12 19:13:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2004/08/10 04:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/07 12:17:38 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C < End of report >

mpascal View Member Profile	Nov 7 2009, 02:16 PM Post #14
GeekU Senior Posts: 1,350 From: Canada OS: Windows 7 Professional, Ubuntu 9.10	Hi davidstan, You have a toolbar on your computer named Ask Toolbar. This toolbar sometimes makes it's way on to a user's machine without the user ever knowing, so I just thought I would give you a heads up of it's existence. If you don't want it on your system, you can uninstall it by doing the following: Go Start -> Control Panel -> Add/Remove Programs. (You will need to be in classic view) Uninstall Ask Toolbar Now for some good news, Congratulations! Your system appears to be malware free once again! We just have a couple of things to take care of, then you should be good to go. Uninstall ComboFix from your computer: Click on Start > Run Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there. Now that you have a clean system, I would like to share with you some advice to help reduce the risk of future infection. +++++++++++++++++++++++++++++++++++++++++++++++ Firstly, I recommend you reset your System Restore to remove any infected files that may have been backed up by Windows. You will lose any previous restore points; however some are those are likely to be infected, so this will improve the security of your machine. Turn OFF System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again +++++++++++++++++++++++++++++++++++++++++++++++ I recommend that you install both of the following free programs if you haven''t already, as they can greatly increase the security of your system. It is not essential that you have these programs installed, but they do a very good job at preventing infection if your system is scanned regularly. Super AntiSpyware - an amazing tool that can often clean up a system very efficiently. MalwareBytes Anti-Malware - another great program for keeping your system free of malware and running smooth. +++++++++++++++++++++++++++++++++++++++++++++++ A good firewall is also useful for keeping a system infection free. You should only have ONE firewall installed on your computer - having more than one will not increase the security of your system. Here is a small list of some free firewalls Comodo Firewall Zone Alarm An antivirus program is also a program that should be installed on all computers. These will help reduce the risk that your computer gets infected by viruses or trojans in the future. Keep in mind that you only need ONE antivirus program installed on your computer. If you have more than one installed, they can often conflict and leave your system unprotected. Avast! Antivirus Anti-Vir Having up to date Antivirus and Firewall software is vital to keeping a healthy, infection free system +++++++++++++++++++++++++++++++++++++++++++++++ To find out more information on how your system got infected, or how to protect yourself on the internet in the future, this article by Tony Klein provides some great information. Good Luck and safe surfing! -mpascal

davidstan View Member Profile	Nov 7 2009, 09:04 PM Post #15
Member Posts: 24 OS: Windows XP Media	Thank you. Seems to be working great. All antispy and virus programs installed as suggested. -David

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Hardware, Components and Peripherals NDRAM problems - I've read previous posts, but still broken	0 / 140	17th August 2006 - 01:51 AM adam347 started - last by adam347
Virus, Spyware and Trojan Removal antivirus 2009, trojan.vundo, trojan.agent + HJT log [Solved]	12 / 571	26th December 2008 - 12:05 PM dlckwood started - last by Rorschach112
Virus, Spyware and Trojan Removal infected - running antieverything but still infected [Solved] 12	19 / 788	20th January 2009 - 08:51 AM jendswim started - last by Rorschach112
Virus, Spyware and Trojan Removal Antivirus 2009 and Vundo removed and now have a [Solved] 12	17 / 585	8th June 2009 - 07:57 AM Taloosey22 started - last by andrewuk