Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware 2009, can't remove or use Malware


  • Please log in to reply

#1
scruffy griff

scruffy griff

    Member

  • Member
  • PipPip
  • 11 posts
Hello, I seemed to have the Spyware 2009 malware on my PC. I tried the removal tips on for this Malware, but it will not allow me to install or run Malware or Spybot.

Any help or advice would be appreciated.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello scruffy griff

Welcome to G2Go. :)
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
scruffy griff

scruffy griff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here are the scan results

OTListIt logfile created on: 5/17/2009 2:02:44 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Bobbe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.41% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 660.05 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOBBE-FFCEBA743
Current User Name: Bobbe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()
PRC - C:\Documents and Settings\Bobbe\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gupdate1c9c689c1082348 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (nTuneService [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

========== Driver Services (SafeList) ==========

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVR0Dev [On_Demand | Running]) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/23 19:36:17 | 00,000,000 | ---D | M]


O1 HOSTS File: (305936 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10536 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bobbe\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/10 11:33:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5b14f7d3-c41d-11dc-a16d-00125a0fa624}\Shell - "" = AutoRun
O33 - MountPoints2\{5b14f7d3-c41d-11dc-a16d-00125a0fa624}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b14f7d3-c41d-11dc-a16d-00125a0fa624}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/17 14:02:03 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/17 13:58:21 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bobbe\Desktop\OTListIt2.exe
[2009/05/17 08:26:40 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/17 08:22:41 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\Bobbe\Desktop\HijackThis.lnk
[2009/05/17 08:17:37 | 00,000,823 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/17 08:17:37 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/17 08:17:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bobbe\Application Data\SUPERAntiSpyware.com
[2009/05/17 08:17:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/17 08:11:38 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/17 07:39:10 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/05/17 07:29:08 | 00,292,880 | ---- | C] (?????????? ??????????) -- C:\WINDOWS\sysguard.exe
[2009/05/06 16:40:21 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Bobbe\Desktop\setup-spybotsd162.exe
[2009/04/26 10:34:50 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\Bobbe\My Documents\2881 East Upland Drive.kmz
[2009/04/26 10:13:26 | 00,001,879 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2009/04/26 10:12:11 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/19 07:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/19 07:47:12 | 00,001,478 | ---- | C] () -- C:\DivX Author – Create DivX Movies.lnk
[2009/04/19 07:47:12 | 00,001,410 | ---- | C] () -- C:\Enhance your video soundtracks.lnk
[2009/04/19 07:47:12 | 00,001,364 | ---- | C] () -- C:\Post DivX® video to your website.lnk
[2009/04/18 08:59:29 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/18 08:59:29 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/18 08:59:29 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/18 08:59:29 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/18 08:59:29 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/18 08:59:29 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/18 08:59:29 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/18 08:59:29 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/18 08:59:29 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/18 08:59:13 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/18 08:59:13 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/18 08:59:12 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2008/10/15 18:34:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Topo.INI
[2008/06/30 20:03:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/06/05 17:19:17 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/02/24 10:01:02 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/12 08:49:06 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/11 13:48:46 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/11 13:48:46 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/11 13:48:46 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/11 13:48:46 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/11 13:48:22 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/11 12:56:24 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/05 16:59:14 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/08/04 06:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1996/11/17 02:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 02:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 02:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/17 14:00:56 | 00,464,860 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 14:00:56 | 00,397,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 14:00:56 | 00,059,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/17 13:58:22 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bobbe\Desktop\OTListIt2.exe
[2009/05/17 13:57:16 | 00,013,706 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/17 13:56:42 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/17 13:56:36 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Bobbe\Local Settings\desktop.ini
[2009/05/17 13:56:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 13:56:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 13:05:45 | 00,000,976 | ---- | M] () -- C:\Documents and Settings\Bobbe\Desktop\Spybot - Search & Destroy.lnk
[2009/05/17 08:22:41 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\Bobbe\Desktop\HijackThis.lnk
[2009/05/17 08:17:37 | 00,000,823 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/17 07:39:10 | 00,010,752 | ---- | M] () -- C:\WINDOWS\System32\iehelper.dll
[2009/05/17 07:28:54 | 00,292,880 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\sysguard.exe
[2009/05/09 14:01:12 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/07 01:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 19:53:52 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/06 17:38:16 | 00,305,936 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/05/06 16:42:03 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Bobbe\Desktop\setup-spybotsd162.exe
[2009/04/26 10:34:50 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\Bobbe\My Documents\2881 East Upland Drive.kmz
[2009/04/26 10:13:26 | 00,001,879 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2009/04/19 07:47:42 | 00,000,838 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Player.lnk
[2009/04/19 07:47:12 | 00,001,478 | ---- | M] () -- C:\DivX Author – Create DivX Movies.lnk
[2009/04/19 07:47:12 | 00,001,410 | ---- | M] () -- C:\Enhance your video soundtracks.lnk
[2009/04/19 07:47:12 | 00,001,364 | ---- | M] () -- C:\Post DivX® video to your website.lnk
[2009/04/19 07:47:12 | 00,001,280 | ---- | M] () -- C:\DivX.com.lnk
[2009/04/18 09:12:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== LOP Check ==========

[2009/01/20 17:09:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2008/02/05 17:37:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2008/01/11 18:11:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2008/01/11 18:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2008/12/16 12:54:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2009/02/03 21:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2008/10/26 19:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2008/01/13 08:32:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2009/01/19 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
[2009/05/17 13:57:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2009/01/20 14:50:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/01/12 07:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2009/05/17 08:17:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Bobbe\Application Data
[2008/01/14 16:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Adobe
[2008/01/11 18:18:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Apple Computer
[2008/01/16 04:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\DivX
[2008/01/21 17:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\ESRI
[2008/01/21 18:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Google
[2008/01/10 20:45:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Identities
[2009/05/09 15:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\LimeWire
[2008/01/11 13:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Macromedia
[2008/10/26 19:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Malwarebytes
[2008/06/05 17:19:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Bobbe\Application Data\Microsoft
[2008/01/12 08:53:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Microsoft Web Folders
[2009/03/11 15:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Mozilla
[2009/01/17 12:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Real
[2008/01/20 05:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Sun
[2009/05/17 08:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\SUPERAntiSpyware.com
[2009/02/16 11:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\U3
[2008/01/11 13:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Webroot
[2008/01/11 16:55:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Winamp
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/17 13:56:42 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
[2009/05/17 13:56:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
< End of report >

OTListIt Extras logfile created on: 5/17/2009 2:02:44 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Bobbe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.41% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 660.05 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOBBE-FFCEBA743
Current User Name: Bobbe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{97A908F8-F3B6-44ED-83BB-55E7BFE23F06}" = TOPO!
"{A057B18D-0622-4931-8A3B-43C6C64622AA}" = TOPO! Utah Map Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}" = Microsoft Office Live Meeting 2007
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"FLV Player" = FLV Player 2.0 (build 25)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{97A908F8-F3B6-44ED-83BB-55E7BFE23F06}" = TOPO!
"InstallShield_{A057B18D-0622-4931-8A3B-43C6C64622AA}" = TOPO! Utah Map Pack
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"ProjectManagementIQ" = ProjectManagementIQ
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Winamp" = Winamp
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2008 10:01:56 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Hang | ID = 1002
Description = Hanging application IDriver.exe, version 8.1.0.293, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/5/2008 12:38:15 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 6.7.0.22, faulting module
divx player.exe, version 6.7.0.22, fault address 0x000f3de0.

Error - 8/13/2008 5:34:23 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/3/2008 3:06:19 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/17/2009 12:21:22 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/17/2009 12:21:22 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c9c689c1082348) service to connect.

Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9c689c1082348) service failed
to start due to the following error: %%1053

Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c9c689c1082348) service to connect.

Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9c689c1082348) service failed
to start due to the following error: %%1053

Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-17 14:41:56
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 8A392748 ZwEnumerateKey
Code 8A38ECB0 ZwFlushInstructionCache
Code 89EC58A6 IofCallDriver
Code 8A30A1AE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 89EC58AB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A30A1B3

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[284] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[284] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E7F9F0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E80A60 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E808A0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E80780 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E7FDA0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E7FFD0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\WINDOWS\system32\ctfmon.exe[500] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\ctfmon.exe[500] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\nvsvc32.exe[628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\nvsvc32.exe[628] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\RUNDLL32.EXE[644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\RUNDLL32.EXE[644] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A8000A
.text C:\WINDOWS\RTHDCPL.EXE[652] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01A4000A
.text C:\WINDOWS\RTHDCPL.EXE[652] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 01A5000A
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007A000A
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[688] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007B000A
.text C:\Program Files\Winamp\winampa.exe[708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008C000A
.text C:\Program Files\Winamp\winampa.exe[708] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008D000A
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[736] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[736] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[744] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B6000A
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[744] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\rundll32.exe[788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\rundll32.exe[788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A8000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BA000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[796] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BC000A
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[828] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\Program Files\Messenger\msmsgs.exe[888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AC000A
.text C:\Program Files\Messenger\msmsgs.exe[888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AD000A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DB000A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[916] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DC000A
.text C:\Program Files\Webroot\Washer\wwDisp.exe[944] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0166000A
.text C:\Program Files\Webroot\Washer\wwDisp.exe[944] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0167000A
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0069000A
.text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0094000A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0072000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0073000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0098000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DE000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E6000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E7F9F0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E80A60 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E808A0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E80780 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E7FDA0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E7FFD0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2276] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2276] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[2712] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0075000A
.text C:\WINDOWS\System32\alg.exe[2712] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0077000A
.text C:\data\s4zrwz0f.exe[3548] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009E000A
.text C:\data\s4zrwz0f.exe[3548] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\wuauclt.exe[3596] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\wuauclt.exe[3596] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0070000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)

---- Devices - GMER 1.0.15 ----

Device \Driver\BTHUSB \Device\00000071 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000071 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000073 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000073 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [320] 0x00E70000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1204] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1256] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1404] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1476] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1540] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1576] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1656] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\Program Files\internet explorer\iexplore.exe [1996] 0x00E70000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2044] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3372] 0x00A00000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACqwhkltoqooblxfu.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a0fa624
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACwnvdpqxmkiicpqe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACtxvkbtkcpalkmtb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACeplrsrmbjitexym.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACexmyxiqrbwemhxn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACgwvjbpigbccxoii.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACdojvraipjewodaf.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACwhfertvxtbopobv.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACwsrugbwbfwgdyos.log
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00125a0fa624
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACwnvdpqxmkiicpqe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACtxvkbtkcpalkmtb.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACeplrsrmbjitexym.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACexmyxiqrbwemhxn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACgwvjbpigbccxoii.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACdojvraipjewodaf.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACwhfertvxtbopobv.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACwsrugbwbfwgdyos.log

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Bobbe\Local Settings\temp\UAC3a1d.tmp 343040 bytes executable
File C:\Documents and Settings\Bobbe\Local Settings\Temporary Internet Files\Content.IE5\XRBRQ4UP\uacjjqpwwccciiiwvcuum.akc 56 bytes
File C:\WINDOWS\system32\drivers\UACqwhkltoqooblxfu.sys 52224 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACdojvraipjewodaf.log 2550 bytes
File C:\WINDOWS\system32\UACeplrsrmbjitexym.dll 19968 bytes executable
File C:\WINDOWS\system32\UACexmyxiqrbwemhxn.dll 17408 bytes executable
File C:\WINDOWS\system32\UACgwvjbpigbccxoii.dll 19968 bytes executable
File C:\WINDOWS\system32\uacinit.dll 5584 bytes
File C:\WINDOWS\system32\UACtxvkbtkcpalkmtb.dat 224 bytes
File C:\WINDOWS\system32\UACwmltqsttvdjdfyy.dll 66560 bytes
File C:\WINDOWS\system32\UACwnvdpqxmkiicpqe.dll 24064 bytes executable

---- EOF - GMER 1.0.15 ----
  • 0

#4
scruffy griff

scruffy griff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
can I please get some help on this?
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Sorry I wasn't notified of your reply.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
[Please post the C:\ComboFix.txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP