Please help with virus/malware/registry problems [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

4 Pages

< 1 2 3 4 >

Please help with virus/malware/registry problems [Solved], Had Tanatos.M, win32/heur and trojan downloader

Options

RCguy View Member Profile	Sep 14 2009, 03:05 PM Post #31
Member Posts: 46 From: Indiana - USA OS: WinXP sp3	Ok I'll do that. I will probably get the reports posted in the morning though. Thank you

RCguy View Member Profile	Sep 14 2009, 03:44 PM Post #32
Member Posts: 46 From: Indiana - USA OS: WinXP sp3	Here is the MBAM report Malwarebytes' Anti-Malware 1.41 Database version: 2797 Windows 5.1.2600 Service Pack 3 9/14/2009 5:31:52 PM mbam-log-2009-09-14 (17-31-52).txt Scan type: Quick Scan Objects scanned: 101996 Time elapsed: 9 minute(s), 1 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\Documents and Settings\Owner\Local Settings\temp\ulgl.exe (Worm.Spambot) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Local Settings\temp\ulgl.exe (Worm.Spambot) -> Quarantined and deleted successfully.

RCguy View Member Profile	Sep 15 2009, 06:42 AM Post #33
Member Posts: 46 From: Indiana - USA OS: WinXP sp3	Here is the OTL report. Just before running the scan I noticed that winoygx.exe spawned, rather than shut it down, I left it running, maybe something will show up differently. OTL logfile created on: 9/15/2009 8:23:44 AM - Run 5 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop\Geeks Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 478.42 Mb Total Physical Memory \| 86.11 Mb Available Physical Memory \| 18.00% Memory free 1.10 Gb Paging File \| 0.80 Gb Available in Paging File \| 72.86% Paging File free Paging file location(s): C:\pagefile.sys 720 1440 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.53 Gb Total Space \| 18.93 Gb Free Space \| 25.40% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ROGERLAPTOP Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2003/12/16 19:42:32 \| 00,311,363 \| ---- \| M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe PRC - [2008/09/10 14:01:28 \| 00,611,664 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe PRC - [2008/10/16 18:22:20 \| 00,464,264 \| ---- \| M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe PRC - [2005/11/29 12:57:34 \| 00,054,784 \| ---- \| M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE PRC - [2009/08/24 16:37:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/07/20 11:51:52 \| 00,935,208 \| ---- \| M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2003/12/16 19:41:40 \| 00,122,880 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe PRC - [2003/03/31 08:00:00 \| 00,019,456 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe PRC - [2008/04/13 20:12:36 \| 00,033,280 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe PRC - [2008/04/13 20:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2003/11/20 18:18:50 \| 00,499,712 \| ---- \| M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2009/08/24 16:37:11 \| 00,227,104 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2008/04/13 20:12:37 \| 00,135,680 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe PRC - [2009/03/08 14:09:26 \| 00,638,816 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/03/08 14:09:26 \| 00,638,816 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/09/15 08:22:23 \| 00,019,456 \| ---- \| M] () -- C:\Documents and Settings\Owner\Local Settings\temp\winoygx.exe PRC - [2009/08/27 07:45:19 \| 00,514,048 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008/04/13 20:11:48 \| 00,100,352 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto \| Running]) SRV - [2008/09/10 14:01:28 \| 00,611,664 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto \| Running]) SRV - [2006/02/21 09:26:42 \| 00,147,456 \| ---- \| M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand \| Stopped]) SRV - File not found -- -- (AresChatServer [On_Demand \| Stopped]) SRV - [2008/10/16 18:22:20 \| 00,464,264 \| ---- \| M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto \| Running]) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2009/08/06 10:30:21 \| 00,158,824 \| ---- \| M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand \| Stopped]) SRV - [2005/11/29 12:57:34 \| 00,054,784 \| ---- \| M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto \| Running]) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2005/01/18 10:17:56 \| 00,036,864 \| ---- \| M] (Novell, Inc.) -- C:\WINDOWS\System32\cusrvc.exe -- (cusrvc [On_Demand \| Stopped]) SRV - [2002/04/29 07:51:00 \| 00,147,456 \| ---- \| M] () -- C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe -- (dnWhoDisp [On_Demand \| Stopped]) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2009/03/25 15:34:31 \| 00,257,008 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand \| Stopped]) SRV - [2003/05/06 15:13:32 \| 00,188,416 \| ---- \| M] (Rockwell Software Inc.) -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony [On_Demand \| Stopped]) SRV - [2008/04/13 20:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2005/04/04 00:41:10 \| 00,143,360 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2009/08/24 16:37:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2009/07/20 11:51:52 \| 00,935,208 \| ---- \| M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto \| Running]) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2004/12/02 08:28:32 \| 00,098,304 \| ---- \| M] (OPC Foundation) -- C:\WINDOWS\System32\OpcEnum.exe -- (OpcEnum [On_Demand \| Stopped]) SRV - [2008/04/13 20:12:02 \| 00,105,472 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll -- (p2pgasvc [On_Demand \| Stopped]) SRV - [2003/12/16 19:41:40 \| 00,122,880 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto \| Running]) SRV - [2005/07/29 15:45:46 \| 01,978,640 \| ---- \| M] (Rockwell Software, Inc.) -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE -- (RSLinx [On_Demand \| Stopped]) SRV - [2003/12/16 19:42:32 \| 00,311,363 \| ---- \| M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto \| Running]) SRV - [2003/03/31 08:00:00 \| 00,019,456 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (SimpTcp [Auto \| Running]) SRV - [2008/04/13 20:12:36 \| 00,033,280 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto \| Running]) SRV - [2007/10/18 12:31:54 \| 00,180,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand \| Stopped]) SRV - [2007/10/25 16:27:54 \| 00,335,872 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand \| Stopped]) SRV - [2006/10/18 21:05:24 \| 00,983,040 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand \| Stopped]) ========== Driver Services (SafeList) ========== DRV - [2004/06/03 04:08:02 \| 00,071,448 \| ---- \| M] (Rockwell Software Inc.) -- C:\WINDOWS\System32\Drivers\ABKTCX.sys -- (ABKTCX [On_Demand \| Stopped]) DRV - File not found -- -- (abp470n5 [On_Demand \| Running]) DRV - [2002/04/01 16:15:00 \| 00,004,816 \| ---- \| M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand \| Running]) DRV - [2006/04/10 11:10:34 \| 00,044,224 \| ---- \| M] (BVRP Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand \| Running]) DRV - [2005/11/29 12:57:36 \| 00,012,464 \| ---- \| M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS -- (CdaC15BA [Auto \| Running]) DRV - [2003/02/19 15:14:12 \| 00,019,153 \| ---- \| M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand \| Stopped]) DRV - [2002/12/20 11:59:20 \| 00,050,396 \| ---- \| M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys -- (FTSER2K [On_Demand \| Stopped]) DRV - [2002/11/18 20:20:44 \| 00,030,976 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gv3.sys -- (gv3 [On_Demand \| Stopped]) DRV - [2008/07/21 09:26:56 \| 00,453,632 \| ---- \| M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (hardlock [Auto \| Running]) DRV - [2003/10/14 22:08:22 \| 00,197,120 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand \| Running]) DRV - [2003/10/14 22:04:16 \| 01,043,072 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand \| Running]) DRV - [2006/02/07 10:04:34 \| 01,399,615 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand \| Running]) DRV - [2004/06/23 14:39:15 \| 00,014,037 \| ---- \| M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto \| Running]) DRV - [2003/04/09 19:48:08 \| 00,011,043 \| ---- \| M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto \| Running]) DRV - [2009/08/19 12:21:12 \| 00,027,136 \| ---- \| M] (NCH Swift Sound) -- C:\WINDOWS\System32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand \| Running]) DRV - [2005/02/16 18:49:28 \| 00,494,347 \| ---- \| M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwfs.sys -- (NetwareWorkstation [Auto \| Running]) DRV - [2004/08/19 13:34:06 \| 00,038,848 \| ---- \| M] (Novell, Inc.) -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM [Boot \| Running]) DRV - [2008/04/13 14:53:09 \| 00,040,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand \| Stopped]) DRV - [2004/08/16 16:52:02 \| 00,017,101 \| ---- \| M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwdhcp.sys -- (NWDHCP [Auto \| Running]) DRV - [2005/01/13 10:43:26 \| 00,037,196 \| ---- \| M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwdns.sys -- (NWDNS [On_Demand \| Stopped]) DRV - [2005/01/14 09:46:38 \| 00,015,919 \| ---- \| M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER [Boot \| Running]) DRV - [2004/02/17 16:16:58 \| 00,011,856 \| ---- \| M] () -- C:\WINDOWS\System32\NetWare\NWHOST.sys -- (NWHOST [On_Demand \| Stopped]) DRV - [2008/04/13 14:56:06 \| 00,088,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto \| Running]) DRV - [2003/03/31 08:00:00 \| 00,063,232 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto \| Running]) DRV - [2003/03/31 08:00:00 \| 00,055,936 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto \| Running]) DRV - [2003/02/26 15:51:18 \| 00,023,232 \| ---- \| M] () -- C:\WINDOWS\System32\NetWare\NWSAP.sys -- (NWSAP [On_Demand \| Running]) DRV - [2004/07/12 17:52:20 \| 00,041,888 \| ---- \| M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwsipx32.sys -- (NWSIPX32 [Auto \| Running]) DRV - [2005/01/03 15:51:38 \| 00,020,332 \| ---- \| M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwslp.sys -- (NWSLP [On_Demand \| Stopped]) DRV - [2003/02/13 08:27:38 \| 00,005,808 \| ---- \| M] () -- C:\WINDOWS\System32\NetWare\NWSNS.sys -- (NWSNS [On_Demand \| Stopped]) DRV - [2003/03/31 08:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand \| Running]) DRV - [2005/08/22 15:44:03 \| 00,020,576 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot \| Running]) DRV - [2004/06/01 19:19:34 \| 00,027,249 \| ---- \| M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\resmgr.sys -- (RESMGR [Auto \| Running]) DRV - [2003/10/20 22:09:26 \| 00,065,664 \| ---- \| M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rmedia.sys -- (rmedia [Boot \| Running]) DRV - [2004/06/03 04:08:34 \| 00,030,166 \| ---- \| M] (Rockwell Software, Inc.) -- C:\WINDOWS\system32\RSIKT.SYS -- (RsiKtControl [On_Demand \| Stopped]) DRV - [2004/06/03 04:08:36 \| 00,155,440 \| ---- \| M] (Rockwell Software Inc.) -- C:\WINDOWS\SYSTEM32\RSSERIAL.SYS -- (RSSERIAL [On_Demand \| Stopped]) DRV - [2004/06/03 04:08:38 \| 00,142,592 \| ---- \| M] (Rockwell Software, Inc.) -- C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS -- (RS_SS_NT [On_Demand \| Stopped]) DRV - [2003/08/13 18:27:22 \| 00,065,280 \| ---- \| M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys -- (RTL8023 [On_Demand \| Running]) DRV - [2003/09/15 13:20:18 \| 00,011,258 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto \| Running]) DRV - [2009/08/05 16:06:28 \| 00,009,968 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System \| Running]) DRV - [2009/08/05 16:06:30 \| 00,007,408 \| R--- \| M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand \| Stopped]) DRV - [2009/08/05 16:06:28 \| 00,074,480 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System \| Running]) DRV - [2007/11/13 06:25:53 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto \| Running]) DRV - [2007/09/05 04:03:00 \| 00,049,664 \| ---- \| M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand \| Stopped]) DRV - [2005/03/03 13:53:57 \| 00,048,640 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot \| Running]) DRV - [2005/02/23 11:59:54 \| 00,006,656 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot \| Running]) DRV - [2004/01/13 19:40:28 \| 00,612,032 \| ---- \| M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand \| Running]) DRV - [2009/08/19 12:11:27 \| 00,717,296 \| ---- \| M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot \| Running]) DRV - [2008/11/17 02:24:00 \| 00,051,688 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot \| Running]) DRV - [2005/01/03 15:55:34 \| 00,155,405 \| ---- \| M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\srvloc.sys -- (SRVLOC [Auto \| Running]) DRV - [2003/11/20 18:15:16 \| 00,178,528 \| ---- \| M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand \| Running]) DRV - [2008/06/20 07:08:27 \| 00,225,856 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System \| Running]) DRV - [2009/02/16 00:10:26 \| 00,353,672 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System \| Running]) DRV - [2004/01/02 05:52:34 \| 01,646,720 \| ---- \| M] (Intel� Corporation) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys -- (w22n51 [On_Demand \| Stopped]) DRV - [2008/01/07 13:36:16 \| 02,216,064 \| ---- \| M] (Intel� Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand \| Running]) DRV - [2003/10/14 22:05:48 \| 00,679,808 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaulta.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 DD 17 B2 8C 22 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/26 15:33:05 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 17:00:40 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/24 16:37:12 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/13 14:32:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/24 09:18:56 \| 00,000,000 \| ---D \| M] [2009/08/24 15:41:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions [2009/08/14 09:55:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/02/23 12:00:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/24 15:41:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/09/05 07:46:11 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/08/13 14:32:55 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/13 14:34:10 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/08/24 16:37:36 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2007/06/19 20:22:53 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\realplayer@partners.mozilla.com [2009/08/13 14:32:55 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2009/03/05 18:08:04 \| 00,061,440 \| ---- \| M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll [2009/08/13 14:32:28 \| 00,067,696 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2009/08/13 14:32:28 \| 00,054,376 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2009/08/13 14:32:28 \| 00,034,952 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll [2009/08/13 14:32:30 \| 00,046,720 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll [2009/08/13 14:32:30 \| 00,172,144 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2008/06/17 16:12:42 \| 00,114,688 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2009/08/24 16:37:11 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/08/13 14:32:42 \| 00,022,664 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006/12/18 05:18:30 \| 00,077,824 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/08/13 14:32:51 \| 00,001,514 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/08/13 14:32:51 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/24 00:12:00 \| 00,001,519 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml [2009/08/13 14:32:51 \| 00,001,038 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/08/13 14:32:51 \| 00,001,046 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/08/13 14:32:51 \| 00,002,351 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0 Pro\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NWTRAY] File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\netware\NWWS2NDS.DLL (Novell, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\netware\NWWS2SAP.DLL (Novell, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\netware\NWWS2SLP.DLL (Novell, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1124832226067 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1133885287693 (MUWebControl Class) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-5b2448a5e5555cbf.spaces.live.co...ad/MsnPUpld.cab (Windows Live Photo Upload Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class) O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://raiseinstall.rockwellautomation.com...emand/setup.exe (InstallShield Setup Player 2K2) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 64.255.96.2 64.255.96.3 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\System32\LgNotify.dll (Intel Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/06/23 13:39:06 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () ========== Files/Folders - Created Within 30 Days ========== [2009/09/14 17:02:41 \| 00,000,702 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/09/14 17:01:26 \| 04,045,528 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe [2009/09/14 15:12:06 \| 00,000,000 \| ---D \| C] -- C:\Avenger [2009/09/14 15:06:23 \| 00,724,952 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\avenger.zip [2009/09/13 18:50:27 \| 00,000,000 \| -HSD \| C] -- C:\RECYCLER [2009/09/13 13:36:32 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\temp [2009/09/13 12:24:50 \| 00,012,809 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\fix.reg [2009/09/11 09:05:26 \| 00,280,282 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip [2009/09/10 16:19:15 \| 00,029,184 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\Global Composites Load Calculation Worksheet.doc [2009/09/10 13:31:56 \| 00,445,582 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\ggbld4-9_10_2009.dm2 [2009/09/10 13:21:24 \| 00,134,790 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\Global Plt4 Voltage Datalog 9_10_2009.pdf [2009/09/10 13:20:56 \| 00,134,695 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\Global Plt4 Voltage Datalog 9_10_2009.pdf [2009/09/10 13:18:51 \| 00,108,613 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\Global Plt4 Current Datalog 9_10_2009.pdf [2009/09/10 13:18:00 \| 00,108,529 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\Global Plt4 Datalog 9_10_2009.pdf [2009/09/09 16:46:47 \| 00,288,654 \| ---- \| C] ( ) -- C:\Documents and Settings\Owner\Desktop\SafeBootKeyRepair.exe [2009/09/09 07:58:10 \| 00,153,088 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll [2009/09/07 10:34:35 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Desktop\AVZ3 [2009/09/07 10:12:58 \| 05,125,238 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\avz4.zip [2009/09/07 09:11:26 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/09/07 09:11:07 \| 00,076,800 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\GeeksFix_9_07_09.doc [2009/09/05 08:18:29 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Desktop\sysprot [2009/09/05 08:05:36 \| 00,000,000 \| ---D \| C] -- C:\_OTS [2009/09/05 08:02:05 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Desktop\Geeks2 [2009/09/01 08:37:52 \| 00,025,658 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.pdf [2009/08/31 14:59:35 \| 00,036,352 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.doc [2009/08/28 17:00:58 \| 00,001,355 \| ---- \| C] () -- C:\WINDOWS\imsins.BAK [2009/08/27 07:56:14 \| 00,000,617 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk [2009/08/27 07:56:14 \| 00,000,598 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk [2009/08/27 07:56:13 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/08/27 07:42:24 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Desktop\Geeks [2009/08/26 08:58:33 \| 00,000,385 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\Welcome to your control panel.url [2009/08/25 08:07:25 \| 00,001,740 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2009/08/25 08:07:25 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009/08/24 16:37:31 \| 00,149,280 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/08/24 16:37:31 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/08/24 16:37:31 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/08/24 16:37:31 \| 00,073,728 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/08/24 16:37:04 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Java [2009/08/24 16:03:32 \| 00,000,253 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url [2009/08/24 15:55:13 \| 00,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2009/08/24 15:53:34 \| 00,796,448 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\JavaSetup6u15.exe [2009/08/24 15:53:18 \| 00,881,976 \| ---- \| C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe [2009/08/24 15:49:02 \| 00,466,305 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.mht [2009/08/24 15:41:25 \| 00,000,000 \| ---D \| C] -- C:\Program Files\AskBarDis [2009/08/24 15:39:11 \| 00,058,248 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll [2009/08/24 15:39:09 \| 00,103,816 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll [2009/08/24 15:39:09 \| 00,069,000 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll [2009/08/24 15:39:01 \| 00,035,208 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll [2009/08/24 15:38:59 \| 01,221,512 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll [2009/08/24 15:38:59 \| 00,309,128 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll [2009/08/24 15:38:59 \| 00,109,960 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll [2009/08/24 15:38:59 \| 00,107,912 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll [2009/08/24 15:38:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Zone Labs [2009/08/24 15:38:53 \| 00,353,672 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys [2009/08/24 15:38:53 \| 00,350,130 \| ---- \| C] () -- C:\WINDOWS\System32\vsconfig.xml [2009/08/24 15:38:04 \| 00,482,184 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll [2009/08/24 15:38:04 \| 00,229,256 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll [2009/08/24 15:38:04 \| 00,110,472 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll [2009/08/24 15:37:19 \| 34,055,048 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\zaSetup_80_298_000_en.exe [2009/08/24 11:21:32 \| 02,628,096 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\rmtanat.exe [2009/08/21 16:39:17 \| 33,961,728 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe [2009/08/21 14:23:10 \| 00,001,731 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2009/08/21 12:43:33 \| 00,000,211 \| ---- \| C] () -- C:\Boot.bak [2009/08/21 12:43:26 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/08/21 12:43:16 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/08/21 12:28:19 \| 00,299,008 \| ---- \| C] () -- C:\WINDOWS\System32\regxplor.dll [2009/08/21 08:36:57 \| 00,230,912 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/08/20 13:06:30 \| 01,294,368 \| -HS- \| C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/08/20 13:06:30 \| 00,057,120 \| -HS- \| C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/08/20 13:06:30 \| 00,014,612 \| -HS- \| C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/08/20 13:06:30 \| 00,005,924 \| -HS- \| C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/08/20 12:45:16 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\ParetoLogic [2009/08/20 12:45:16 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/08/20 12:43:50 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations [2009/08/20 12:32:13 \| 00,000,000 \| ---D \| C] -- C:\Program Files\avg1 [2009/08/20 09:38:24 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Prefetch [2009/08/20 08:52:58 \| 00,081,920 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2009/08/20 08:42:15 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Desktop\CD_DVD Burners [2009/08/19 14:00:12 \| 00,022,183 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.pdf [2009/08/19 13:56:05 \| 00,023,040 \| ---- \| C] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.doc [2009/08/19 12:57:51 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2009/08/19 12:57:33 \| 00,000,786 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/08/19 12:57:29 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2009/08/19 12:57:29 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com [2009/08/19 12:21:12 \| 00,000,844 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\SoundTap Streaming Audio Recorder.lnk [2009/08/19 12:20:16 \| 00,000,000 \| ---D \| C] -- C:\Program Files\NCH Swift Sound [2009/08/19 12:11:27 \| 00,717,296 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009/08/19 12:11:04 \| 00,000,000 \| ---D \| C] -- C:\Program Files\LSoft Technologies [2009/08/19 11:54:24 \| 00,200,704 \| ---- \| C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx [2009/08/19 11:54:24 \| 00,044,544 \| ---- \| C] () -- C:\WINDOWS\System32\GIF89.DLL [2009/08/19 11:54:23 \| 01,986,560 \| ---- \| C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2009/08/19 11:54:23 \| 01,212,416 \| ---- \| C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2009/08/19 11:54:23 \| 00,348,160 \| ---- \| C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2009/08/19 11:54:23 \| 00,015,360 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL [2009/08/19 11:54:22 \| 00,141,312 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2009/08/19 11:54:22 \| 00,119,568 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2009/08/19 11:54:22 \| 00,032,768 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2009/08/19 11:54:21 \| 00,044,544 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll [2009/08/19 11:54:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Free Easy Burner [2009/08/19 11:43:28 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Application Data\Nero [2009/08/19 11:40:02 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Nero [2009/08/19 11:39:43 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Nero [2009/08/19 11:39:42 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Nero [2009/08/19 07:59:46 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Desktop\Recovery [2009/08/18 09:15:27 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes [2009/08/18 09:15:14 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/08/18 09:15:12 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/08/18 09:15:11 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/08/18 09:15:11 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/08/17 10:36:30 \| 00,366,592 \| ---- \| C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe [2009/08/14 15:31:21 \| 00,000,127 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2009/02/27 01:08:24 \| 00,075,576 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2008/03/04 18:52:34 \| 00,286,720 \| ---- \| C] () -- C:\WINDOWS\System32\libcurl.dll [2007/11/27 17:50:15 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2007/10/31 09:39:54 \| 00,059,904 \| ---- \| C] () -- C:\WINDOWS\System32\zlib1.dll [2007/07/19 21:51:59 \| 00,000,038 \| ---- \| C] () -- C:\WINDOWS\AviSplitter.INI [2007/07/19 20:42:21 \| 00,000,026 \| ---- \| C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini [2007/06/19 20:29:29 \| 00,000,050 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2007/06/03 08:31:28 \| 00,010,752 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007/05/17 13:58:10 \| 00,143,360 \| ---- \| C] () -- C:\WINDOWS\System32\libexpatw.dll [2006/12/10 17:32:16 \| 00,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2006/07/26 07:55:49 \| 00,000,063 \| ---- \| C] () -- C:\WINDOWS\mdm.ini [2006/03/24 17:53:36 \| 00,001,635 \| ---- \| C] () -- C:\WINDOWS\System32\MRCVersion.ini [2006/02/23 14:40:20 \| 00,118,784 \| ---- \| C] () -- C:\WINDOWS\System32\vrcomp.dll [2006/02/23 14:40:19 \| 00,245,760 \| ---- \| C] () -- C:\WINDOWS\System32\vrupcfg.dll [2006/02/23 14:40:19 \| 00,094,208 \| ---- \| C] () -- C:\WINDOWS\System32\VrCAB.dll [2006/02/23 14:40:18 \| 00,299,008 \| ---- \| C] () -- C:\WINDOWS\VrEncDec.dll [2006/02/23 14:40:18 \| 00,299,008 \| ---- \| C] () -- C:\WINDOWS\System32\VrEncDec.dll [2006/02/23 14:40:18 \| 00,157,184 \| ---- \| C] () -- C:\WINDOWS\System32\Vrazrar.dll [2006/02/23 14:40:16 \| 00,110,592 \| ---- \| C] () -- C:\WINDOWS\System32\VMSLog.dll [2006/02/23 14:40:16 \| 00,073,728 \| ---- \| C] () -- C:\WINDOWS\System32\Vrazace.dll [2006/02/23 14:40:15 \| 00,425,984 \| ---- \| C] () -- C:\WINDOWS\System32\VrExpJpn.dll [2006/02/21 12:42:14 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\mtstack16.INI [2006/02/08 12:12:40 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Unsetup.INI [2006/02/06 11:34:03 \| 00,251,420 \| ---- \| C] () -- C:\WINDOWS\System32\FarLsp.dll [2006/02/06 11:34:03 \| 00,061,440 \| ---- \| C] () -- C:\WINDOWS\System32\WipeAllCom.dll [2006/02/06 11:34:03 \| 00,057,344 \| ---- \| C] () -- C:\WINDOWS\FWWipeALL.dll [2005/11/30 17:50:02 \| 00,000,062 \| ---- \| C] () -- C:\WINDOWS\abecad.ini [2005/11/30 17:49:27 \| 00,000,490 \| ---- \| C] () -- C:\WINDOWS\fw.ini [2005/11/14 18:28:36 \| 00,056,320 \| ---- \| C] () -- C:\WINDOWS\System32\iyvu9_32.dll [2005/11/14 10:22:45 \| 00,021,840 \| ---- \| C] () -- C:\WINDOWS\System32\SIntfNT.dll [2005/11/14 10:22:45 \| 00,017,212 \| ---- \| C] () -- C:\WINDOWS\System32\SIntf32.dll [2005/11/14 10:22:45 \| 00,012,067 \| ---- \| C] () -- C:\WINDOWS\System32\SIntf16.dll [2005/11/04 09:03:41 \| 00,000,146 \| ---- \| C] () -- C:\WINDOWS\BRVIDEO.INI [2005/11/04 09:03:41 \| 00,000,040 \| ---- \| C] () -- C:\WINDOWS\BRDIAG.INI [2005/11/04 09:03:41 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\Brownie.ini [2005/11/04 09:03:33 \| 00,077,824 \| ---- \| C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2005/11/04 09:03:33 \| 00,026,624 \| ---- \| C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2005/11/04 09:03:33 \| 00,004,608 \| ---- \| C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2005/11/04 09:03:32 \| 00,009,015 \| ---- \| C] () -- C:\WINDOWS\HL-2070N.INI [2005/11/04 09:03:06 \| 00,000,426 \| ---- \| C] () -- C:\WINDOWS\BRWMARK.INI [2005/10/16 15:16:07 \| 00,000,035 \| ---- \| C] () -- C:\WINDOWS\worldbuilder.INI [2005/09/19 10:15:52 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\esmain.INI [2005/09/03 21:25:21 \| 00,000,515 \| ---- \| C] () -- C:\WINDOWS\SIERRA.INI [2005/09/03 09:19:56 \| 00,000,632 \| ---- \| C] () -- C:\WINDOWS\Edofma.INI [2005/08/25 12:29:53 \| 00,000,049 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2005/08/24 17:43:50 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\csmain.INI [2005/08/24 17:43:10 \| 00,005,597 \| ---- \| C] () -- C:\WINDOWS\HEIDB.INI [2005/08/24 17:42:31 \| 00,004,257 \| ---- \| C] () -- C:\WINDOWS\DS400.INI [2005/08/24 13:19:57 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/24 11:09:30 \| 00,299,454 \| ---- \| C] () -- C:\WINDOWS\ALLSIM.INI [2005/08/24 11:09:30 \| 00,061,268 \| ---- \| C] () -- C:\WINDOWS\BIUTILSM.INI [2005/08/24 11:09:30 \| 00,057,969 \| ---- \| C] () -- C:\WINDOWS\SIMSIM.INI [2005/08/24 11:09:30 \| 00,000,580 \| ---- \| C] () -- C:\WINDOWS\Common.ini [2005/08/24 11:09:29 \| 00,051,712 \| ---- \| C] () -- C:\WINDOWS\System32\ngprtserv.dll [2005/08/24 11:09:28 \| 00,000,645 \| ---- \| C] () -- C:\WINDOWS\Setupwizard.ini [2005/08/24 11:09:15 \| 00,000,011 \| ---- \| C] () -- C:\WINDOWS\NetWare.INI [2005/08/23 12:39:20 \| 00,005,030 \| ---- \| C] () -- C:\WINDOWS\Constructor2003.ini [2005/08/23 12:35:46 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/08/23 12:14:36 \| 00,001,467 \| ---- \| C] () -- C:\WINDOWS\EDS.ini [2005/08/23 12:14:36 \| 00,000,260 \| ---- \| C] () -- C:\WINDOWS\Rocksoft.ini [2005/08/23 08:03:25 \| 00,000,032 \| ---- \| C] () -- C:\WINDOWS\EvMoveW.INI [2005/08/22 16:33:40 \| 00,000,032 \| ---- \| C] () -- C:\WINDOWS\EVMOVE.INI [2005/08/22 16:22:10 \| 00,032,256 \| ---- \| C] () -- C:\WINDOWS\System32\_UNODBC.dll [2005/02/25 18:20:30 \| 00,000,092 \| ---- \| C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2005/02/10 17:44:40 \| 00,245,839 \| ---- \| C] () -- C:\WINDOWS\System32\nwshlxnt.dll [2005/01/14 10:01:40 \| 00,226,304 \| ---- \| C] () -- C:\WINDOWS\System32\lgnwnt32.dll [2004/10/05 18:37:20 \| 00,258,048 \| ---- \| C] () -- C:\WINDOWS\System32\Manipulate.dll [2004/06/26 05:21:18 \| 00,077,824 \| ---- \| C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2004/06/23 15:45:53 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2004/06/23 13:51:17 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/06/22 18:19:37 \| 00,000,878 \| ---- \| C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/06/22 18:19:37 \| 00,000,500 \| ---- \| C] () -- C:\WINDOWS\System32\emver.ini [2004/06/22 18:19:10 \| 00,000,929 \| ---- \| C] () -- C:\WINDOWS\win.ini [2004/06/22 18:19:05 \| 00,000,306 \| ---- \| C] () -- C:\WINDOWS\system.ini [2003/08/07 15:01:50 \| 00,237,568 \| ---- \| C] () -- C:\WINDOWS\System32\lame_enc.dll [2003/07/28 19:04:22 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\setupw2k.dll [2003/03/27 15:18:54 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\akrip.dll [2003/02/05 17:31:42 \| 00,045,119 \| ---- \| C] () -- C:\WINDOWS\System32\dprpcw32.dll [2002/03/18 13:37:42 \| 00,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\mwmp3enc.dll [2001/10/04 15:40:54 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\nwslog32.dll [2000/01/20 10:15:14 \| 00,051,200 \| ---- \| C] () -- C:\WINDOWS\System32\lgncon32.dll [1999/06/30 05:48:00 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\dplgnw32.dll [1999/01/22 14:46:58 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1999/01/11 05:37:36 \| 00,002,757 \| ---- \| C] () -- C:\WINDOWS\System32\rdrstats.ini [1996/05/14 10:50:22 \| 00,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\prtwin32.dll [1995/08/22 09:36:12 \| 00,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\nwpsrv32.dll ========== Files - Modified Within 30 Days ========== [1 C:\Documents and Settings\Owner\My Documents\.tmp files] [2009/09/15 08:21:44 \| 00,000,422 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BD3D44B5-EE7C-46BA-BADE-4B5FC39C0C79}.job [2009/09/15 08:18:46 \| 00,001,158 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/09/15 08:17:54 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/09/15 08:17:46 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/09/14 17:02:42 \| 00,000,702 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/09/14 17:01:58 \| 04,045,528 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe [2009/09/14 15:06:37 \| 00,724,952 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\avenger.zip [2009/09/13 13:41:32 \| 00,000,306 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/09/13 13:41:10 \| 00,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/09/13 12:26:23 \| 00,012,809 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\fix.reg [2009/09/11 09:05:28 \| 00,280,282 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip [2009/09/10 23:00:00 \| 00,000,328 \| ---- \| M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job [2009/09/10 16:19:16 \| 00,029,184 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\Global Composites Load Calculation Worksheet.doc [2009/09/10 15:15:06 \| 00,000,929 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/09/10 14:54:06 \| 00,038,224 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/09/10 14:53:50 \| 00,019,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/09/10 13:31:57 \| 00,445,582 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\ggbld4-9_10_2009.dm2 [2009/09/10 13:21:24 \| 00,134,790 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\Global Plt4 Voltage Datalog 9_10_2009.pdf [2009/09/10 13:20:56 \| 00,134,695 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\Global Plt4 Voltage Datalog 9_10_2009.pdf [2009/09/10 13:18:51 \| 00,108,613 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\Global Plt4 Current Datalog 9_10_2009.pdf [2009/09/10 13:18:00 \| 00,108,529 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\Global Plt4 Datalog 9_10_2009.pdf [2009/09/09 16:46:48 \| 00,288,654 \| ---- \| M] ( ) -- C:\Documents and Settings\Owner\Desktop\SafeBootKeyRepair.exe [2009/09/09 08:15:28 \| 00,001,355 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/09/07 10:29:36 \| 05,125,238 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\avz4.zip [2009/09/07 09:11:08 \| 00,076,800 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\GeeksFix_9_07_09.doc [2009/09/03 22:25:22 \| 00,230,912 \| ---- \| M] () -- C:\WINDOWS\PEV.exe [2009/09/01 08:39:49 \| 00,025,658 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.pdf [2009/09/01 08:36:28 \| 00,036,352 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.doc [2009/08/28 14:38:22 \| 24,689,600 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/08/27 07:56:14 \| 00,000,617 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk [2009/08/27 07:56:14 \| 00,000,598 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk [2009/08/26 08:58:33 \| 00,000,385 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\Welcome to your control panel.url [2009/08/25 14:39:07 \| 00,001,740 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2009/08/24 16:44:53 \| 00,000,253 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url [2009/08/24 16:37:10 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/08/24 16:37:10 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/08/24 16:37:10 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/08/24 16:37:10 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/08/24 16:37:10 \| 00,073,728 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/08/24 16:23:30 \| 00,796,448 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\JavaSetup6u15.exe [2009/08/24 15:53:22 \| 00,881,976 \| ---- \| M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe [2009/08/24 15:49:06 \| 00,466,305 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.mht [2009/08/24 15:41:23 \| 00,350,130 \| ---- \| M] () -- C:\WINDOWS\System32\vsconfig.xml [2009/08/24 15:39:19 \| 00,004,212 \| -H-- \| M] () -- C:\WINDOWS\System32\zllictbl.dat [2009/08/24 15:37:39 \| 34,055,048 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\zaSetup_80_298_000_en.exe [2009/08/24 15:36:19 \| 33,961,728 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe [2009/08/24 11:21:59 \| 02,628,096 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\rmtanat.exe [2009/08/21 14:23:12 \| 00,000,281 \| RHS- \| M] () -- C:\boot.ini [2009/08/21 11:51:34 \| 00,000,211 \| ---- \| M] () -- C:\Boot.bak [2009/08/20 17:13:55 \| 01,294,368 \| -HS- \| M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/08/20 17:12:05 \| 00,057,120 \| -HS- \| M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/08/20 15:09:48 \| 00,230,392 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/08/20 15:08:35 \| 00,005,924 \| -HS- \| M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/08/20 15:08:34 \| 00,014,612 \| -HS- \| M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/08/20 13:19:36 \| 00,155,648 \| ---- \| M] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe [2009/08/19 14:06:10 \| 00,022,183 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.pdf [2009/08/19 13:58:01 \| 00,023,040 \| ---- \| M] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.doc [2009/08/19 12:57:33 \| 00,000,786 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/08/19 12:21:12 \| 00,027,136 \| ---- \| M] (NCH Swift Sound) -- C:\WINDOWS\System32\drivers\nchssvad.sys [2009/08/19 12:21:12 \| 00,000,844 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\SoundTap Streaming Audio Recorder.lnk [2009/08/19 12:11:27 \| 00,717,296 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009/08/17 10:36:30 \| 00,366,592 \| ---- \| M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\fix.reg:SummaryInformation < End of report > This post has been edited by RCguy: Sep 15 2009, 06:46 AM

jwang01 View Member Profile	Sep 15 2009, 04:17 PM Post #34
GeekU Senior Posts: 1,148 From: Minnesota OS: Windows Vista 32-bit	Hello, 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE KillAll:: File:: Folder:: Registry:: Driver:: abp470n5 SKYNETuyxmktiq Rootkit:: C:\system32\SKYNETlxkonlrd.dat C:\system32\SKYNETltqskdbq.dll C:\system32\SKYNETvlpfqhne.dat C:\system32\SKYNETmupfulhm.dll C:\system32\drivers\SKYNETuyxmktiq.sys c:\windows\system32\drivers\olnmoq.sys Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Next Please run another scan with GMER and post that log in your next reply.

RCguy View Member Profile	Sep 16 2009, 07:32 AM Post #35
Member Posts: 46 From: Indiana - USA OS: WinXP sp3	Here is the combofix report. ComboFix 09-09-14.02 - owner 09/16/2009 8:11.7.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.172 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt AV: The Shield Deluxe 2009 Antivirus On-access scanning disabled (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: The Shield Firewall disabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- hxxp://media.townhallstore.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ABP470N5 -------\Service_abp470n5 ((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 ))))))))))))))))))))))))))))))) . 2009-09-09 11:58 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-07 13:11 . 2009-09-07 13:11 -------- dc----w- C:\_OTL 2009-09-05 12:05 . 2009-09-05 12:05 -------- dc----w- C:\_OTS 2009-08-27 11:56 . 2009-08-27 11:56 -------- d-----w- c:\program files\ERUNT 2009-08-25 12:07 . 2009-08-25 12:07 -------- d-----w- c:\program files\Trend Micro 2009-08-24 20:37 . 2009-08-24 20:37 -------- d-----w- c:\program files\Java 2009-08-24 19:55 . 2009-08-24 19:55 -------- d-----w- c:\program files\CCleaner 2009-08-24 19:41 . 2009-08-24 19:41 -------- d-----w- c:\program files\AskBarDis 2009-08-24 19:39 . 2009-02-16 04:10 69000 ----a-w- c:\windows\system32\zlcomm.dll 2009-08-24 19:39 . 2009-02-16 04:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2009-08-24 19:38 . 2009-08-24 19:38 -------- d-----w- c:\program files\Zone Labs 2009-08-24 19:38 . 2009-02-16 04:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-08-21 16:28 . 2002-07-02 13:15 299008 ----a-w- c:\windows\system32\regxplor.dll 2009-08-21 12:49 . 2009-08-21 12:49 -------- d-----w- c:\documents and settings\Rog\Application Data\Malwarebytes 2009-08-20 19:13 . 2009-08-20 19:13 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2009-08-20 17:06 . 2009-08-20 21:13 1294368 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-08-20 17:06 . 2009-08-20 21:12 57120 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-08-20 16:45 . 2009-08-20 20:25 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-08-20 16:45 . 2009-08-20 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-08-20 16:43 . 2009-08-20 16:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations 2009-08-20 16:32 . 2009-08-21 16:36 -------- d-----w- c:\program files\avg1 2009-08-20 15:17 . 2009-08-20 15:17 -------- d-sh--w- c:\documents and settings\Rog\PrivacIE 2009-08-20 15:16 . 2009-08-20 15:17 -------- d-----w- c:\documents and settings\Rog\Local Settings\Application Data\Google 2009-08-20 15:09 . 2009-08-20 15:09 -------- d-----w- c:\documents and settings\Rog\Local Settings\Application Data\Adobe 2009-08-20 12:52 . 2008-04-14 09:41 81920 ------w- c:\windows\system32\ieencode.dll 2009-08-19 16:57 . 2009-08-19 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-08-19 16:57 . 2009-08-21 20:56 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-19 16:57 . 2009-08-19 16:57 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-08-19 16:20 . 2009-08-19 16:21 -------- d-----w- c:\program files\NCH Swift Sound 2009-08-19 16:11 . 2009-08-19 16:11 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-19 16:11 . 2009-08-19 16:11 -------- d-----w- c:\program files\LSoft Technologies 2009-08-19 15:54 . 1998-07-13 21:53 44544 ----a-w- c:\windows\system32\GIF89.DLL 2009-08-19 15:54 . 2005-03-11 22:37 1986560 ----a-w- c:\windows\system32\AudFile.dll 2009-08-19 15:54 . 2005-02-24 17:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll 2009-08-19 15:54 . 2005-02-24 16:51 348160 ----a-w- c:\windows\system32\WMAFile.dll 2009-08-19 15:54 . 1998-07-13 02:00 15360 ----a-w- c:\windows\system32\inetfr.DLL 2009-08-19 15:54 . 2000-10-01 22:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2009-08-19 15:54 . 1998-07-13 02:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2009-08-19 15:54 . 1998-07-12 22:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2009-08-19 15:54 . 2009-08-20 12:24 -------- d-----w- c:\program files\Free Easy Burner 2009-08-19 15:54 . 2003-04-18 19:29 44544 ----a-w- c:\windows\system32\msxml4a.dll 2009-08-19 15:43 . 2009-08-19 15:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero 2009-08-19 15:40 . 2009-08-19 15:41 -------- d-----w- c:\program files\Nero 2009-08-19 15:39 . 2009-08-19 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-08-19 15:39 . 2009-08-19 15:42 -------- d-----w- c:\program files\Common Files\Nero 2009-08-18 13:15 . 2009-08-18 13:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-08-18 13:15 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-18 13:15 . 2009-08-18 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-18 13:15 . 2009-09-14 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-18 13:15 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-09 12:18 . 2009-04-27 19:48 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-25 14:28 . 2006-02-06 15:31 -------- d-----w- c:\program files\PCSecurityShield 2009-08-24 20:41 . 2008-02-15 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\comodo 2009-08-24 20:37 . 2008-12-19 13:00 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-24 19:58 . 2005-08-23 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-24 19:39 . 2005-08-22 21:49 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-08-24 13:13 . 2005-08-22 21:56 -------- d-----w- c:\program files\Google 2009-08-21 21:06 . 2008-09-18 21:50 -------- d-----w- c:\documents and settings\Owner\Application Data\IGN_DLM 2009-08-21 20:52 . 2004-06-23 18:11 -------- d-----w- c:\program files\QuickTime 2009-08-21 20:51 . 2008-11-12 13:34 -------- d-----w- c:\program files\MP3 Workshop 2009-08-20 19:08 . 2009-08-20 17:06 5924 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-08-20 19:08 . 2009-08-20 17:06 14612 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-08-20 19:05 . 2009-08-06 14:20 -------- d-----w- c:\program files\AutoCAD 2009 2009-08-20 18:39 . 2005-11-04 12:44 -------- d-----w- c:\program files\AutoCAD 2004 2009-08-20 18:33 . 2008-11-14 12:35 -------- d-----w- c:\program files\Acoustica Shared Effects 2009-08-20 18:33 . 2008-11-14 12:26 -------- d-----w- c:\program files\Acoustica Mixcraft 4 2009-08-20 17:19 . 2004-06-23 18:21 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2009-08-20 15:07 . 2009-08-20 15:07 62792 ----a-w- c:\documents and settings\Rog\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-19 16:57 . 2008-12-17 13:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-19 16:21 . 2007-11-20 20:24 27136 ----a-w- c:\windows\system32\drivers\nchssvad.sys 2009-08-19 16:11 . 2004-06-23 17:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-14 20:02 . 2005-08-23 16:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-11 18:28 . 2008-01-04 19:06 -------- d-----w- c:\program files\Support Tools 2009-08-07 21:03 . 2009-08-07 21:03 2272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-08-06 14:45 . 2005-11-04 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-08-06 14:42 . 2005-08-22 21:42 62728 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-06 14:30 . 2005-11-29 16:55 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-08-06 14:20 . 2005-11-04 12:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Autodesk 2009-08-05 09:01 . 2002-12-12 07:14 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-06-22 22:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-06-23 17:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2005-06-18 04:49 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2009-04-16 21:03 730112 ------w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-06-22 22:19 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-06-22 22:18 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-06-22 22:18 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-06-22 22:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-06-22 22:18 92928 ------w- c:\windows\system32\drivers\ksecdd.sys 2009-03-05 22:08 . 2009-04-27 13:22 61440 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll 2009-08-13 18:32 . 2007-06-20 00:22 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-08-13 18:32 . 2007-06-20 00:22 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-08-13 18:32 . 2007-08-10 13:18 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-08-13 18:32 . 2007-08-10 13:18 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-08-13 18:32 . 2007-06-20 00:22 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot_2009-08-25_19.16.15 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-16 12:28 . 2009-09-16 12:28 16384 c:\windows\temp\Perflib_Perfdata_730.dat + 2009-09-16 13:03 . 2009-09-16 13:03 16384 c:\windows\temp\Perflib_Perfdata_6d8.dat + 2009-09-16 12:27 . 2009-09-16 12:27 16384 c:\windows\temp\Perflib_Perfdata_48c.dat + 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe + 2009-09-16 13:03 . 2003-03-31 12:00 222208 c:\windows\temp\dlle.exe - 2003-01-13 21:57 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll + 2003-01-13 21:57 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll - 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll + 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll + 2009-09-09 12:14 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll + 2009-09-09 12:14 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe + 2009-09-09 12:14 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll + 2009-08-27 11:57 . 2009-08-27 11:57 438272 c:\windows\ERDNT\8-27-2009\Users\00000002\UsrClass.dat + 2009-08-27 11:57 . 2005-10-20 16:02 163328 c:\windows\ERDNT\8-27-2009\ERDNT.EXE + 2004-06-23 19:25 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll - 2004-06-23 19:25 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll - 2004-06-23 19:25 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll + 2004-06-23 19:25 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll + 2005-08-22 20:05 . 2009-08-28 18:38 24689600 c:\windows\system32\MRT.exe + 2009-09-09 12:14 . 2009-09-09 12:14 15709696 c:\windows\Installer\9a395e0.msp + 2009-08-27 11:57 . 2009-08-27 11:57 10436608 c:\windows\ERDNT\8-27-2009\Users\00000001\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-10-16 22:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 499712] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-24 227104] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1389904] "NWTRAY"="NWTRAY.EXE" [BU] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 139316] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 2003-12-16 23:49 110592 ------w- c:\windows\system32\LgNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] backup=c:\windows\pss\BigFix.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe] backup=c:\windows\pss\PowerReg Scheduler.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RCA Detective.lnk] backup=c:\windows\pss\RCA Detective.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "VSSERV"=2 (0x2) "LIVESRV"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\OpcEnum.exe"= "c:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"= "c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\WINDOWS\\system32\\NeroCheck.exe"= "c:\\Program Files\\Windows Media Player\\wmdbexport.exe"= "c:\\WINDOWS\\system32\\msfeedssync.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"= "c:\\Program Files\\Adobe\\Acrobat 7.0 Pro\\Distillr\\Acrotray.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE"= "c:\\Program Files\\Adobe\\Acrobat 7.0 Pro\\Acrobat\\acrobat_sl.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= "c:\\WINDOWS\\system32\\ZCfgSvc.exe"= "c:\\WINDOWS\\system32\\CF4068.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) "135:TCP"= 135:TCP:Port 135 TCP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/24/2009 3:41 PM 464264] S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?] S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [6/3/2004 4:08 AM 71448] S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\Drivers\FarDrive.sys --> c:\windows\system32\Drivers\FarDrive.sys [?] S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [6/3/2004 4:08 AM 142592] S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [6/3/2004 4:08 AM 30166] S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [6/3/2004 4:08 AM 155440] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.foxnews.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://raiseinstall.rockwellautomation.com/ecad-ondemand/setup.exe FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e6m6iza8.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - AddRemove-MediaJoin - c:\documents and settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-16 09:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(912) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\System32\LgNotify.dll - - - - - - - > 'Explorer.exe'(2492) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\S24EvMon.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\RegSrvc.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\snmp.exe c:\windows\system32\notepad.exe . ************************************************************************ . Completion time: 2009-09-16 9:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-16 13:13 ComboFix2.txt 2009-09-13 17:52 ComboFix3.txt 2009-09-11 12:52 ComboFix4.txt 2009-08-25 19:23 ComboFix5.txt 2009-09-16 12:09 Pre-Run: 21,254,037,504 bytes free Post-Run: 21,047,955,456 bytes free 318 --- E O F --- 2009-09-10 12:31

RCguy View Member Profile	Sep 16 2009, 11:29 AM Post #36
Member Posts: 46 From: Indiana - USA OS: WinXP sp3	And here's the gmer report. GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net Rootkit scan 2009-09-16 13:27:18 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEE065C80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xEE080170] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEE066210] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEE0809F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xEE0807A0] SSDT spmp.sys ZwEnumerateKey [0xF7385CA2] SSDT spmp.sys ZwEnumerateValueKey [0xF7386030] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEE080F10] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEE080F90] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEE066070] SSDT spmp.sys ZwOpenKey [0xF73670C0] SSDT spmp.sys ZwQueryKey [0xF7386108] SSDT spmp.sys ZwQueryValueKey [0xF7385F88] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEE0816F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEE081150] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEE081540] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEE066440] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xEE0804E0] INT 0x33 ? 85528BF8 INT 0x3A ? 85528BF8 INT 0x3E ? 8574BBF8 INT 0x3F ? 8574BBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spmp.sys The system cannot find the file specified. ! ? nwfilter.sys The system cannot find the file specified. ! ? Combo-Fix.sys The system cannot find the file specified. ! ? srescan.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload F687B8AC 5 Bytes JMP 855281D8 ? C:\WINDOWS\system32\drivers\olnmoq.sys The system cannot find the file specified. ! ? C:\Combo-Fix\catchme.sys The system cannot find the path specified. ! ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 857502D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7398C4C] spmp.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7398CA0] spmp.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7368040] spmp.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F736813C] spmp.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73680BE] spmp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73687FC] spmp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73686D2] spmp.sys IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 855282D8 IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7378048] spmp.sys IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EE086B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!FsRtlRegisterUncProvider] [F78A962A] nwfilter.sys IAT \SystemRoot\System32\DRIVERS\mrxdav.sys[ntoskrnl.exe!FsRtlRegisterUncProvider] [F78A962A] nwfilter.sys IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EE0668D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EE066A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EE0665E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EE066980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 857491F8 Device \FileSystem\Fastfat \FatCdrom 849B51F8 Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\abp470n5 \Device\abp470n5 olnmoq.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{42EED50B-5EB6-4D5C-ABDB-2CD6A81B9687} 84B871F8 Device \Driver\usbuhci \Device\USBPDO-0 855DB1F8 Device \Driver\usbuhci \Device\USBPDO-1 855DB1F8 Device \Driver\usbuhci \Device\USBPDO-2 855DB1F8 Device \Driver\usbehci \Device\USBPDO-3 855191F8 Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Ftdisk \Device\HarddiskVolume1 8574C1F8 Device \Driver\Cdrom \Device\CdRom0 8557F1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 84B871F8 Device \Driver\NetBT \Device\NetbiosSmb 84B871F8 Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\usbuhci \Device\USBFDO-0 855DB1F8 Device \Driver\usbuhci \Device\USBFDO-1 855DB1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84B7D1F8 Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\usbuhci \Device\USBFDO-2 855DB1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 84B7D1F8 Device \Driver\usbehci \Device\USBFDO-3 855191F8 Device \Driver\Ftdisk \Device\FtControl 8574C1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{A755F705-ACE8-4349-A17D-F086CDF8E1B6} 84B871F8 Device \FileSystem\Fastfat \Fat 849B51F8 Device \FileSystem\Cdfs \Cdfs 85590500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp@group file system Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp@imagepath \systemroot\system32\drivers\SKYNETuyxmktiq.sys Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\main (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\main@aid 10096 Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\main@sid 0 Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\main@cmddelay 14400 Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\main\delete (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\main\injector (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\main\injector@* SKYNETwsp.dll Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\main\tasks (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETuyxmktiq.sys Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\modules@SKYNETcmd.dll \systemroot\system32\SKYNETmupfulhm.dll Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\modules@SKYNETlog.dat \systemroot\system32\SKYNETvlpfqhne.dat Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\modules@SKYNETwsp.dll \systemroot\system32\SKYNETltqskdbq.dll Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETkvwwurqp\modules@SKYNET.dat \systemroot\system32\SKYNETlxkonlrd.dat ---- EOF - GMER 1.0.15 ----

RCguy View Member Profile	Sep 17 2009, 07:42 AM Post #37
Member Posts: 46 From: Indiana - USA OS: WinXP sp3	Hi, this morning while attached to the internet, I had a spawn (wow how strange is that? I opened explorer and found the file, then right clicked on it and had malwarebytes scan it. Here are the results. Malwarebytes' Anti-Malware 1.41 Database version: 2797 Windows 5.1.2600 Service Pack 3 9/17/2009 9:38:20 AM mbam-log-2009-09-17 (09-38-20).txt Scan type: Quick Scan Objects scanned: 1 Time elapsed: 18 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\WINDOWS\temp\dyxepa.exe (Worm.Spambot) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\temp\dyxepa.exe (Worm.Spambot) -> Quarantined and deleted successfully.

RCguy

Sep 17 2009, 10:18 AM

Post #38

Member

Posts: 46
From: Indiana - USA
OS: WinXP sp3

I did some digging to try to help out a little. The driver name,abp470n5, seems to suggest that this may be part of the sality family of virus, not that that is great info. So I went to system information to see which drivers are running and where. The abp470n5 driver is running, and is running under the file name of olnmoq.sys. The tricky part seems that the location of the file is a bit odd (to me it is, not that I'm too familiar with this sort of thing). The path is \??\C:\windows\system32\drivers. Here is a screenshot of the window from system information...

Also, if you try to save the list to a txt document, this driver won't show up in the txt file.

RCguy

Sep 17 2009, 10:21 AM

Post #39

Member

Posts: 46
From: Indiana - USA
OS: WinXP sp3

a better shot maybe

jwang01 View Member Profile	Sep 17 2009, 02:30 PM Post #40
GeekU Senior Posts: 1,148 From: Minnesota OS: Windows Vista 32-bit	Hello, Ok, I have some more things we can try here. So let's give them a go. Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: CODE :filefind notepad.exe Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt Next I would like to try and use GMER to delete dome things. So please do the following if you see it in GMER. Open the gmer folder and double click gmer.exe to run the program On starting GMER will run a short scan, allow it to complete this, then click No if it asks you to run a full scan. Click on the > > > tab to open the menus Click on the Services tab Scroll down until you find the following Service (*Note: This may be highlighted in red) SKYNETuyxmktiq.sys* Click on the Service Name to Highlight it, then right click and choose Delete... Click OK at the first confirmation dialog to remove the service Click OK to the second confirmation dialog to remove the file Click OK to exit the program Let me know of any problems you encountered. Next Lets use GMER to get rid of a stubborn file: Open the gmer folder and double click gmer.exe to run the program On starting GMER will run a short scan, allow it to complete this, then click No if it asks you to run a full scan. Click on the > > > tab to open the menus Click on the Files tab On the left hand side, Navigate to INSERT FOLDER PATH Now on the right hand side, locate the following files: C:\system32\SKYNETlxkonlrd.dat C:\system32\SKYNETltqskdbq.dll C:\system32\SKYNETvlpfqhne.dat C:\system32\SKYNETmupfulhm.dl Click on the file to Highlight it, then click the Delete button on the right hand side. Click Yes to the confirmation If the file is not deleted, click the Kill button, then agree to the two confirmation dialogs. DO NOT reboot your computer Click the Delete button again to remove the file Click OK to exit the program, then Reboot Next Please run another scan with GMER and post that log in your next reply. Please post the logs of SystemLook and GMER in your next reply. Also, please let me know if you were able to find those sevices and files with GMER and delete them.

RCguy View Member Profile	Sep 17 2009, 03:35 PM Post #41
Member Posts: 46 From: Indiana - USA OS: WinXP sp3	SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 17:33 on 17/09/2009 by owner (Administrator - Elevation successful) ========== filefind ========== Searching for "notepad.exe" C:\WINDOWS\$NtServicePackUninstall$\notepad.exe -----c 69120 bytes [14:35 18/08/2008] [07:56 04/08/2004] 388B8FBC36A8558587AFC90FB23A3B99 C:\WINDOWS\notepad.exe --a--- 69120 bytes [10:29 23/06/2004] [00:12 14/04/2008] 5E28284F9B5F9097640D58A73D38AD4C C:\WINDOWS\ServicePackFiles\i386\notepad.exe ------ 69120 bytes [20:54 22/08/2005] [00:12 14/04/2008] 5E28284F9B5F9097640D58A73D38AD4C C:\WINDOWS\system32\notepad.exe ------ 69120 bytes [22:18 22/06/2004] [00:12 14/04/2008] 5E28284F9B5F9097640D58A73D38AD4C -=End Of File=-

RCguy View Member Profile	Sep 17 2009, 03:43 PM Post #42
Member Posts: 46 From: Indiana - USA OS: WinXP sp3	gmer .... there is no skynet service, of any kind.

RCguy

Sep 17 2009, 03:48 PM

Post #43

Member

Posts: 46
From: Indiana - USA
OS: WinXP sp3

I did find the abp470n5 service though. When I deleted it, if asked if I wanted to, yes ... then I get an error that it cannot find the olnmoq.sys file.

RCguy View Member Profile	Sep 18 2009, 06:43 AM Post #44
Member Posts: 46 From: Indiana - USA OS: WinXP sp3	Well ... yesterday afternoon was interesting. My laptop almost completely crashed I think. The dreaded blue screen came up and windows would not load, it just hung. Since I can't reboot into safemode, that didn't work either. After about 30 attempts, Windows took off but so many programs had the default MSDOS icon it wasn't funny. I was afraid to connect to the internet at all because of the spawners, I didn't think my poor lil laptop could take much more abuse and still have any hope of not having to reformat the HD. I got on another computer and looked through your forums hopeing to find something useful. I came across a fix that Emeraldnzl fought with for quite a while that sure sounded exactly like my problems. It was the sality family (tanatos.m/heur) as some scanners call it, which is what superantispyware was calling mine ... until SAS would not run anymore. Anyway, I noticed that no progress was made until DRWEB was used, and this person had downloaded it, copied it to CD and installed it from the CDROM drive, having to change the name to launch.exe, which is what I had to do too. DRWEB found so many infections it was unreal, 99.9% were cured, a couple deleted, one ... not sure, no remedy was given. So ... I am at the moment, running DRWEB again to double check, and then I will run GMER again and give you all of the reports. I greatly appreciate your patience and efforts, please hang in there buddy.

RCguy View Member Profile	Sep 18 2009, 09:12 AM Post #45
Member Posts: 46 From: Indiana - USA OS: WinXP sp3	Ok I'm back on my laptop As I said, I ran DRWeb, full scan twice. Then I ran GMER for you. Then I went into registry and changed values to enable task manager, registry editing, enabled firewall, antivirus. I stopped there, those were obvious to me. Then I ran SafeBoot.exe again to try to repair safe mode but I haven't been brave enough to try it yet. Here are some logs for you.... Reg export of SafeBoot key after repair: ======================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot] "AlternateShell"="cmd.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PEVSystemStart] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PEVSystemStart] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] @="Net" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] @="NetClient" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] @="NetService" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] @="NetTrans" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" ======================== HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PEVSystemStart HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys Here is the first quick scan DRWeb log.... adobelmsvc.exe;c:\program files\common files\adobe systems shared\service;Win32.Sector.17;Cured.; adskscsrv.exe;c:\program files\common files\autodesk shared\service;Win32.Sector.17;Cured.; idrivert.exe;c:\program files\common files\installshield\driver\11\intel 32;Win32.Sector.17;Cured.; googleupdaterservice.exe;c:\program files\google\common\google updater;Win32.Sector.17;Cured.; jusched.exe;c:\program files\java\jre6\bin;Win32.Sector.17;Cured.; mbam.exe;c:\program files\malwarebytes' anti-malware;Win32.Sector.17;Cured.; msmsgs.exe;c:\program files\messenger;Win32.Sector.17;Cured.; osa9.exe;c:\program files\microsoft office\office;Win32.Sector.17;Cured.; rsobserv.exe;c:\program files\rockwell software\rscommon;Win32.Sector.17;Cured.; dnwhodisp.exe;c:\program files\rockwell software\rslinx;Win32.Sector.17;Cured.; rslinx.exe;c:\program files\rockwell software\rslinx;Win32.Sector.17;Cured.; wlsetupsvc.exe;c:\program files\windows live\installer;Win32.Sector.17;Cured.; usnsvc.exe;c:\program files\windows live\messenger;Win32.Sector.17;Cured.; wmpnetwk.exe;c:\program files\windows media player;Win32.Sector.17;Cured.; The first full scan of DRWeb is too big... try to post by itself...

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

4 Pages

< 1 2 3 4 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal please help with my malware/spyware, virus..	3 / 468	15th September 2005 - 12:46 PM euphrates started - last by Excal
Virus, Spyware and Trojan Removal Can someone please help with my malware/virus problems! [Solved] 12	18 / 450	10th May 2009 - 09:09 AM sere83 started - last by Essexboy
Virus, Spyware and Trojan Removal Need help with Virus/Malware removal [Solved] 123	34 / 654	12th October 2009 - 02:15 PM little_gardener_24 started - last by hammerman
Virus, Spyware and Trojan Removal Please help remove virus TR/CryptXPACK.Gen [Solved]	4 / 205	21st October 2009 - 07:01 PM JimBee started - last by emeraldnzl