Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans, Possible Rootkit, Malwarebytes won't launch [Solved]

Started by Danneroo , Apr 03 2010 11:47 PM

  • This topic is locked This topic is locked

#1
Danneroo
Posted 03 April 2010 - 11:47 PM

Danneroo

    Member

  • Member
  • PipPip
  • 27 posts
Hello,

I am having a few problems with the laptop I am currently using. AVG started giving warnings for trojans, and it deleted some of them. I downloaded Malwarebytes but after the install, it would not launch; it kept searching for exe, and I've had no luck with it, and it is currently uninstalled.

I don't know anything about viruses, but it seems like one had hijacked AVG, or is impersonating it or something, laughs. It will not uninstall and there is no way to stop it from running in the background with ctrl, alt delete. It simply replicates itself when you try to end program.

Below are my OTL logs, and rootkit logs. I have been unable to do MBAM, but hopefully that can be done later with your help.

Thanks alot, Danneroo.

OTL logfile created on: 3/31/2010 6:58:29 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Leslie Caronia\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 69.00 Mb Available Physical Memory | 27.00% Memory free
626.00 Mb Paging File | 206.00 Mb Available in Paging File | 33.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.59 Gb Total Space | 1.56 Gb Free Space | 8.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4QB7Z11
Current User Name: Leslie Caronia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/31 18:54:56 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\OTL.exe
PRC - [2010/03/18 13:57:15 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/02/20 03:04:29 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/24 19:09:21 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/24 19:09:10 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/24 19:08:32 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/24 19:05:58 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/24 19:04:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/07/11 03:15:20 | 000,270,336 | ---- | M] () -- C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
PRC - [2001/08/06 07:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/31 18:54:56 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/24 19:05:58 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/24 19:04:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2001/08/06 07:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKCU\..\URLSearchHook: *{0026AD90-C86F-4269-97F3-DAB4897C6D06} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.464
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 12:40:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/28 12:36:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/01 00:09:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 23:20:24 | 000,000,000 | ---D | M]

[2008/09/06 01:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Extensions
[2010/03/30 22:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions
[2009/11/03 00:05:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/15 20:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\[email protected]
[2005/03/02 22:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\temp
[2008/10/08 21:46:31 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\searchplugins\ask.xml
[2010/03/30 22:19:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll

O1 HOSTS File: ([2004/09/14 23:19:04 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IncrediFindBHO Class) - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL File not found
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {9e91eb99-32b1-4cd9-b747-f10c780f76f3} - File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe ()
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE File not found
O4 - HKLM..\Run: [kigurakel] C:\WINDOWS\System32\ronihuni.DLL File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [resuraluti] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8522F9B3-0000-0000-0000-000000000000} http://38.144.58.87/sex/xxxmovies.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: bototukeb - {66a68100-37cb-4bcc-a0fa-b20a154009b7} - C:\WINDOWS\System32\ronihuni.dll File not found
O22 - SharedTaskScheduler: {66a68100-37cb-4bcc-a0fa-b20a154009b7} - jugezatag - C:\WINDOWS\System32\ronihuni.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Leslie Caronia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leslie Caronia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/14 19:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2002/10/09 19:44:52 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/31 18:54:46 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\OTL.exe
[2010/03/31 01:32:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/31 01:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/31 01:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/31 01:32:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/31 01:26:43 | 005,918,768 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Leslie Caronia\Desktop\random.exe
[2010/03/31 01:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/31 01:22:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Leslie Caronia\Desktop\erunt_setup.exe
[2010/03/31 01:09:14 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\TFC.exe
[2010/03/30 11:54:27 | 000,000,000 | --SD | C] -- C:\combo-fix24491c
[2010/03/30 02:07:02 | 000,000,000 | ---D | C] -- C:\cmdcons
[2010/03/30 01:56:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/30 01:56:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/30 01:56:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/30 01:56:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/30 01:56:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/30 01:55:50 | 000,000,000 | --SD | C] -- C:\combo-fix
[2010/03/30 01:52:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/30 01:32:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 01:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/30 01:32:34 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/23 11:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/21 16:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/03/20 18:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/06/26 00:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2008/12/01 20:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

========== Files - Modified Within 14 Days ==========

[2099/01/01 12:00:00 | 000,070,656 | -HS- | M] () -- C:\WINDOWS\System32\vomayopu.dll
[2099/01/01 12:00:00 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\dapipobi.dll
[2099/01/01 12:00:00 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\bebotaka.dll
[2010/03/31 18:54:56 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\OTL.exe
[2010/03/31 18:46:38 | 000,008,736 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/31 17:20:37 | 058,333,217 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/31 02:00:02 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\domyyall.job
[2010/03/31 01:28:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 01:27:07 | 005,918,768 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Leslie Caronia\Desktop\random.exe
[2010/03/31 01:24:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Leslie Caronia\Desktop\NTREGOPT.lnk
[2010/03/31 01:24:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Leslie Caronia\Desktop\ERUNT.lnk
[2010/03/31 01:22:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Leslie Caronia\Desktop\erunt_setup.exe
[2010/03/31 01:15:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 01:14:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/31 01:14:34 | 267,440,128 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/31 01:13:13 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Leslie Caronia\NTUSER.DAT
[2010/03/31 01:13:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Leslie Caronia\NTUSER.INI
[2010/03/31 01:09:18 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\TFC.exe
[2010/03/30 12:17:44 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/30 11:58:56 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Leslie Caronia\Local Settings\Application Data\IconCache.db
[2010/03/30 11:44:53 | 003,906,159 | R--- | M] () -- C:\Documents and Settings\Leslie Caronia\Desktop\combo-fix.exe
[2010/03/30 02:08:00 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/24 17:08:36 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\vowiwiki.dll
[2010/03/24 16:44:54 | 000,002,713 | -HS- | M] () -- C:\WINDOWS\System32\mutelupo.dll

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,070,656 | -HS- | C] () -- C:\WINDOWS\System32\vomayopu.dll
[2099/01/01 12:00:00 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\dapipobi.dll
[2099/01/01 12:00:00 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\bebotaka.dll
[2010/03/31 01:24:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Desktop\NTREGOPT.lnk
[2010/03/31 01:24:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Desktop\ERUNT.lnk
[2010/03/30 11:44:41 | 003,906,159 | R--- | C] () -- C:\Documents and Settings\Leslie Caronia\Desktop\combo-fix.exe
[2010/03/30 02:08:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/30 02:07:54 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/30 01:56:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/30 01:56:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/30 01:56:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/30 01:56:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/30 01:56:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/30 01:32:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/24 17:08:36 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\vowiwiki.dll
[2010/03/24 16:44:54 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\mutelupo.dll
[2010/03/23 23:03:19 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\domyyall.job
[2008/11/23 20:55:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2008/10/05 22:22:47 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Application Data\burnaware.ini
[2008/10/05 21:39:59 | 000,000,205 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Application Data\DVD2MobileConfig.ini
[2008/03/01 18:43:06 | 000,004,469 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/08 00:30:43 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/15 10:52:40 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/04 22:37:12 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CDToMP3WAVMaker.ini
[2005/09/04 22:35:01 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p1now.sys
[2005/02/17 22:40:42 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/02/01 22:37:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\BRPfX04A.INI
[2005/02/01 22:36:58 | 000,000,087 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/02/01 22:36:58 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2005/02/01 22:36:46 | 000,000,480 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/01/13 23:53:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Application Data\dm.ini
[2005/01/13 23:53:40 | 000,001,219 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Application Data\AdobeDLM.log
[2004/09/25 22:24:48 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IIGDGNN.ini
[2004/07/22 21:14:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/23 23:43:28 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\FWNToolbar.dll.manifest
[2004/03/05 12:01:20 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\NCTAudioCDRipper2.dll
[2003/08/07 14:01:52 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/06 17:34:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\MMKeybd.dll
[2003/01/06 17:34:24 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2003/01/06 17:34:24 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2003/01/06 17:34:17 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/10/09 21:31:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/09 21:19:33 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/09 19:51:38 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/14 20:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/03/24 01:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/02/26 22:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2004/04/10 15:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/23 21:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/08 22:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Any Video Converter
[2009/02/25 21:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\AVGTOOLBAR
[2010/03/31 02:00:02 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\domyyall.job
[2002/10/17 03:36:49 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/09/21 22:23:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2006/09/21 22:23:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2001/08/17 01:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
[2001/08/17 01:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 01:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS
[2001/08/17 01:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0017\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2006/09/21 22:23:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2006/09/21 22:23:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/01/30 02:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\I386\atapi.sys
[2002/01/30 02:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2001/08/17 18:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\I386\EVENTLOG.DLL
[2001/08/17 18:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2001/08/17 18:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\I386\NETLOGON.DLL
[2001/08/17 18:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\scecli.dll
[2001/08/17 18:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\I386\SCECLI.DLL
[2001/08/17 18:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/11/14 19:22:22 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2001/11/14 19:22:22 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2001/11/14 19:22:22 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
< End of report >


OTL Extras logfile created on: 3/31/2010 6:58:29 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Leslie Caronia\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 69.00 Mb Available Physical Memory | 27.00% Memory free
626.00 Mb Paging File | 206.00 Mb Available in Paging File | 33.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.59 Gb Total Space | 1.56 Gb Free Space | 8.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4QB7Z11
Current User Name: Leslie Caronia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 File not found
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91E8A85F-2960-40ED-BA84-7F4567BB00C0}" = Dell | Support
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AVG8Uninstall" = AVG Free 8.5
"CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_542114F1" = Actiontec MD56ORD V92 MDC Modem
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MicroGrade 6.1.0" = MicroGrade 6.1.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Shockwave" = Shockwave
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 2
"Works2002Setup" = Microsoft Works 2002 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bddd472159704f26" = macProVideo.com NED Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/1/2010 5:42:31 PM | Computer Name = D4QB7Z11 | Source = ESENT | ID = 489
Description = wuauclt (1272) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 3/1/2010 5:42:31 PM | Computer Name = D4QB7Z11 | Source = ESENT | ID = 455
Description = wuaueng.dll (1272) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 3/1/2010 5:42:41 PM | Computer Name = D4QB7Z11 | Source = ESENT | ID = 489
Description = wuauclt (1272) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 3/1/2010 5:42:41 PM | Computer Name = D4QB7Z11 | Source = ESENT | ID = 455
Description = wuaueng.dll (1272) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 3/11/2010 9:35:47 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 8.5.0.427, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 12:10:18 AM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 4:42:07 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 8.5.0.437, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 5:22:25 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 5:22:30 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 5:22:30 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/30/2010 1:37:16 PM | Computer Name = D4QB7Z11 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00022D608F30. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 3/31/2010 1:10:35 AM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The Netropa NHK Server service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/31/2010 1:10:35 AM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/31/2010 1:10:35 AM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7031
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 3/31/2010 1:10:35 AM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/31/2010 1:10:35 AM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/31/2010 1:10:35 AM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/31/2010 1:10:35 AM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The AVG Free8 E-mail Scanner service terminated unexpectedly. It
has done this 1 time(s).

Error - 3/31/2010 1:10:57 AM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 3/31/2010 7:22:43 PM | Computer Name = D4QB7Z11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-04 01:20:50
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\LESLIE~1\LOCALS~1\Temp\uwtoapog.sys


---- System - GMER 1.0.15 ----

INT 0x37 ? FDD48724

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\DOCUME~1\LESLIE~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe [136] 0x00C00000
Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe [1160] 0x00C50000
Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\Program Files\Dell\Support\Alert\bin\DAMon.exe [1500] 0x01210000
Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1592] 0x10000000
Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [1788] 0x00E80000
Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgtray.exe [1792] 0x10000000
Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\WINDOWS\system32\dwwin.exe [2008] 0x00D70000
Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [2016] 0x10000000
Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [2240] 0x00C80000
Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [3392] 0x012A0000
Library C:\WINDOWS\system32\bezogebu.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [3852] 0x10000000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\SYSTEM32\loyiroge.dll 70656 bytes
File C:\WINDOWS\SYSTEM32\riwapoko 6456 bytes
File C:\WINDOWS\SYSTEM32\bezogebu.dll 70656 bytes
File C:\WINDOWS\SYSTEM32\yaruyava.dll 70656 bytes

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#2
heir
Posted 04 April 2010 - 12:54 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Welcome back, Danneroo!

I can see in your logs that you've run ComboFix.

ComboFix is a very powerful tool that never should be used without supervision of a trusted helper. Doing so might severly cripple your computer.

Are you getting help on another forum? (Following directions from different location at th same time are dangerous and it also wastes our time)
If so where?
I case you are, decide which forum you'll want to continue getting help from and let us know.

In case you hav run it on your own, please post the content of C:\ComboFix.txt in your reply

/heir
  • 0

#3
Danneroo
Posted 04 April 2010 - 10:47 AM

Danneroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello Heir, thanks for the quick reply!

I have not been receiving help or instruction from any other forum, it's all been purely my own (possibly dangerous) fumblings. I have had help from this site on the past on a different computer. This laptop is pretty sluggish and old and I have had success with combofix in the past (a gamble I think), so I had tried to run it.

But when I couldn't close the AVG antivirus nor uninstall it, I stopped running it. I do not have a combofix.txt log that I know of. I've been a little more brazen with this laptop in trying to do it myself than my other system, and hope it hasn't caused you any issues being able to help me moving forward. Any help you can still provide me with would be very much appreciated. Thanks, Danneroo.
  • 0

#4
heir
Posted 04 April 2010 - 11:00 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Good to see that you are some what cautious.

In this case though we are going to use Combofix.

Delete Combo-fix.exe from your desktop

Download a fresh ComboFix from one of these locations:

Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Here is a how to for some of the applications.
    Ans specifically in this case for AVG have a look here
    They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by heir, 04 April 2010 - 11:01 AM.
spelling

  • 0

#5
Danneroo
Posted 04 April 2010 - 12:47 PM

Danneroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey Heir, combofix log pasted below:

ComboFix 10-04-03.02 - Leslie Caronia 04/04/2010 14:02:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.91 [GMT -4:00]
Running from: c:\documents and settings\Leslie Caronia\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\bebotaka.dll
c:\windows\system32\bezogebu.dll
c:\windows\system32\dapipobi.dll
c:\windows\system32\mozafije.dll
c:\windows\system32\mutelupo.dll
c:\windows\system32\tifetewe.dll
c:\windows\system32\vowiwiki.dll
c:\windows\system32\yaruyava.dll
c:\windows\Tasks\dfggrxvb.job
c:\windows\Tasks\domyyall.job
c:\windows\tmlpcert2005

----- BITS: Possible infected sites -----

hxxp://82.98.235.198
.
((((((((((((((((((((((((( Files Created from 2010-03-04 to 2010-04-04 )))))))))))))))))))))))))))))))
.

2010-04-04 05:34 . 2010-04-04 05:34 -------- d-----w- c:\documents and settings\Leslie Caronia\Application Data\Malwarebytes
2010-04-04 05:33 . 2010-04-04 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-31 05:24 . 2010-03-31 05:24 -------- d-----w- c:\program files\ERUNT
2010-03-30 05:55 . 2010-03-30 16:11 -------- d-----w- C:\combo-fix
2010-03-25 03:20 . 2010-03-25 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-21 20:55 . 2010-03-21 20:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-20 22:42 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-20 22:42 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-20 22:02 . 2010-03-20 22:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-11 03:02 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 05:30 . 2009-02-26 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-25 03:15 . 2004-12-18 04:38 -------- d-----w- c:\program files\Java
2010-03-24 05:47 . 2009-06-26 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-10 17:57 . 2006-09-24 00:56 8736 ----a-w- c:\windows\system32\nvModes.dat
2010-01-05 10:00 . 2004-01-08 19:23 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2001-08-17 22:00 17408 ----a-w- c:\windows\system32\corpol.dll
1601-01-01 00:03 . 1601-01-01 00:03 70656 --sha-w- c:\windows\SYSTEM32\loyiroge.dll
2010-01-02 14:18 . 2010-01-02 14:18 61952 --sha-w- c:\windows\SYSTEM32\tonigili.dll
1601-01-01 00:03 . 1601-01-01 00:03 70656 --sha-w- c:\windows\SYSTEM32\vomayopu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9e91eb99-32b1-4cd9-b747-f10c780f76f3}]
1601-01-01 00:03 70656 --sha-w- c:\windows\SYSTEM32\loyiroge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 17:03 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"Dell|Alert"="c:\program files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 270336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-25 149280]
"nwiz"="nwiz.exe" [2003-06-24 323584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-24 23:09 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-24 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-22 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-24 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
S2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2001-08-06 28672]
S3 Msikbd2k;DellTouch;c:\windows\system32\DRIVERS\msikbd2k.sys [2000-10-03 6942]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2002-10-17 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2001-08-17 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dogpile.com/
mSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8522F9B3-0000-0000-0000-000000000000} - hxxp://38.144.58.87/sex/xxxmovies.cab
FF - ProfilePath - c:\documents and settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DellTouch - c:\windows\DELLMMKB.EXE
HKLM-Run-resuraluti - bezogebu.dll
HKLM-Run-kigurakel - c:\windows\system32\mozafije.dll
SharedTaskScheduler-{66a68100-37cb-4bcc-a0fa-b20a154009b7} - c:\windows\system32\ronihuni.dll
SharedTaskScheduler-{dac71b09-0ee6-402d-a26d-38d53ec5f9a5} - c:\windows\system32\mozafije.dll
SSODL-bototukeb-{66a68100-37cb-4bcc-a0fa-b20a154009b7} - c:\windows\system32\ronihuni.dll
SSODL-pedojeves-{dac71b09-0ee6-402d-a26d-38d53ec5f9a5} - c:\windows\system32\mozafije.dll
AddRemove-MicroGrade 6.1.0 - c:\micrograde 6.1.0\mg610.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 14:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Dell|Alert = c:\program files\Dell\Support\Alert\bin\DAMon.exe?p?o?r?t?\?A?l?e?r?t?\?b?i?n?\?D?A?M?o?n?.?e?x?e???????????x:??????x???????X???????????????P????(?w'(?w????????????(???s??????w????????????0????$?w7(?w?o?wS??w???w????????????X*@?????????X????????%@?e?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2232)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-04 14:43:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-04 18:43

Pre-Run: 1,413,054,464 bytes free
Post-Run: 1,386,852,352 bytes free

- - End Of File - - 4349E72EE0B3F8F0F9FCCAA0F25F6BFE
  • 0

#6
heir
Posted 04 April 2010 - 01:33 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Did you uninstall AVG 8.5?

Step 1.
CFSCript:

Open notepad and copy/paste the text in the codebox below into it:

http://www.geekstogo.com/forum/Trojans-Possible-Rootkit-Malwarebytes-won-t-launch-t273179.html
KillAll::
Collect::
c:\windows\SYSTEM32\loyiroge.dll
c:\windows\SYSTEM32\tonigili.dll
c:\windows\SYSTEM32\vomayopu.dll

Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


Step 2.
OTL-scan:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


Step 3.
Things I would like to see in your reply:

  • The content of C:\ComboFix.txt from step 1.
  • Confirmation on that files were submitted in step 1.
  • The content of OTL.txt and Extras.txt from step 2.
  • Information on how your computer is running now.

Edited by heir, 05 April 2010 - 03:49 AM.
protect tool

  • 0

#7
Danneroo
Posted 04 April 2010 - 02:44 PM

Danneroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey Heir,

To answer your first question I have not uninstalled AVG 8.5. Posted below are the requested logs. I did not however have a message box pop up after Combofix was finished. I am not sure what you are asking for confirmation on the files submitted, but maybe that has something to do with the message box I didn't have pop up. The computer does seem to be running faster than it was, especially the internet browser. Thanks, logs below:

ComboFix 10-04-03.02 - Leslie Caronia 04/04/2010 15:46:13.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.140 [GMT -4:00]
Running from: c:\documents and settings\Leslie Caronia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Leslie Caronia\Desktop\CFScript.txt

file zipped: c:\windows\SYSTEM32\loyiroge.dll
file zipped: c:\windows\SYSTEM32\tonigili.dll
file zipped: c:\windows\SYSTEM32\vomayopu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\loyiroge.dll
c:\windows\SYSTEM32\tonigili.dll
c:\windows\system32\vomayopu.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-04 to 2010-04-04 )))))))))))))))))))))))))))))))
.

2010-04-04 05:34 . 2010-04-04 05:34 -------- d-----w- c:\documents and settings\Leslie Caronia\Application Data\Malwarebytes
2010-04-04 05:33 . 2010-04-04 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-31 05:24 . 2010-03-31 05:24 -------- d-----w- c:\program files\ERUNT
2010-03-25 03:20 . 2010-03-25 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-21 20:55 . 2010-03-21 20:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-20 22:42 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-20 22:42 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-20 22:02 . 2010-03-20 22:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-11 03:02 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 05:30 . 2009-02-26 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-25 03:15 . 2004-12-18 04:38 -------- d-----w- c:\program files\Java
2010-03-25 03:09 . 2010-03-25 03:09 152576 ----a-w- c:\documents and settings\Leslie Caronia\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-25 03:08 . 2010-03-25 03:08 79488 ----a-w- c:\documents and settings\Leslie Caronia\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-24 05:47 . 2009-06-26 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-10 17:57 . 2006-09-24 00:56 8736 ----a-w- c:\windows\system32\nvModes.dat
2010-01-05 10:00 . 2004-01-08 19:23 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2001-08-17 22:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 17:03 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"Dell|Alert"="c:\program files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 270336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-25 149280]
"nwiz"="nwiz.exe" [2003-06-24 323584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-24 23:09 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-24 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-22 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-24 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
S2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2001-08-06 28672]
S3 Msikbd2k;DellTouch;c:\windows\system32\DRIVERS\msikbd2k.sys [2000-10-03 6942]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2002-10-17 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2001-08-17 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dogpile.com/
mSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8522F9B3-0000-0000-0000-000000000000} - hxxp://38.144.58.87/sex/xxxmovies.cab
FF - ProfilePath - c:\documents and settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{9e91eb99-32b1-4cd9-b747-f10c780f76f3} - loyiroge.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 16:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Dell|Alert = c:\program files\Dell\Support\Alert\bin\DAMon.exe?p?o?r?t?\?A?l?e?r?t?\?b?i?n?\?D?A?M?o?n?.?e?x?e???????????x:??????x???????X???????????????P????(?w'(?w????????????(???s??????w????????????0????$?w7(?w?o?wS??w???w????????????X*@?????????X????????%@?e?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2948)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-04 16:17:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-04 20:17
ComboFix2.txt 2010-04-04 18:43

Pre-Run: 1,428,791,296 bytes free
Post-Run: 1,387,986,944 bytes free

- - End Of File - - 51922AD22C7C7B728C6BCF09337D2019

OTL logfile created on: 4/4/2010 4:22:15 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Leslie Caronia\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 42.00 Mb Available Physical Memory | 16.00% Memory free
626.00 Mb Paging File | 287.00 Mb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.59 Gb Total Space | 1.31 Gb Free Space | 7.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4QB7Z11
Current User Name: Leslie Caronia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/01 03:01:41 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/31 18:54:56 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\OTL.exe
PRC - [2010/03/18 13:57:15 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/24 19:09:21 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/24 19:09:10 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/24 19:08:32 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/24 19:05:58 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/24 19:04:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/07/11 03:15:20 | 000,270,336 | ---- | M] () -- C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
PRC - [2001/08/06 07:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/31 18:54:56 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/24 19:05:58 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/24 19:04:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2001/08/06 07:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009/08/24 19:09:14 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/24 19:09:13 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/05/22 11:01:08 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (Aspi32)
DRV - [2004/08/04 02:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 02:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 01:31:26 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wlluc48.sys -- (wlluc48)
DRV - [2003/06/24 17:32:00 | 001,326,203 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2002/10/09 21:28:29 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2002/07/15 02:22:34 | 000,159,236 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2002/07/15 02:20:44 | 001,174,128 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/15 02:14:36 | 000,602,480 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/04/04 01:55:22 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/11/29 05:13:10 | 000,094,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\STAC97.sys -- (STAC97) Intel 82801 Audio Driver (WDM)
DRV - [2001/10/29 17:30:00 | 000,071,744 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\el90Xbc5.SYS -- (EL90XBC)
DRV - [2001/08/17 02:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 02:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 02:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 02:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 02:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 01:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 01:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 01:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 01:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 01:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 01:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 01:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 01:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 01:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 01:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 01:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 00:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2000/10/03 09:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.464
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 12:40:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/28 12:36:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/01 03:02:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/01 03:02:13 | 000,000,000 | ---D | M]

[2008/09/06 01:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Extensions
[2010/04/03 21:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions
[2009/11/03 00:05:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/15 20:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\[email protected]
[2005/03/02 22:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\temp
[2008/10/08 21:46:31 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\searchplugins\ask.xml
[2010/04/03 21:13:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll

O1 HOSTS File: ([2010/04/04 16:00:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8522F9B3-0000-0000-0000-000000000000} http://38.144.58.87/sex/xxxmovies.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Leslie Caronia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leslie Caronia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/14 19:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2002/10/09 19:44:52 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54046588552609792)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/04 15:56:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/04 01:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leslie Caronia\Application Data\Malwarebytes
[2010/04/04 01:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/31 18:54:46 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\OTL.exe
[2010/03/31 01:32:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/31 01:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/31 01:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/31 01:32:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/31 01:26:43 | 005,918,768 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Leslie Caronia\Desktop\random.exe
[2010/03/31 01:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/31 01:22:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Leslie Caronia\Desktop\erunt_setup.exe
[2010/03/31 01:09:14 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\TFC.exe
[2010/03/30 02:07:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/30 01:56:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/30 01:56:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/30 01:56:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/30 01:56:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/30 01:56:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/30 01:52:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/21 16:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/03/20 18:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/06/26 00:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2008/12/01 20:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2010/04/04 16:02:26 | 000,008,736 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/04/04 16:02:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/04 16:01:06 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/04 16:00:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/04/04 15:59:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/04 15:59:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/04 15:58:59 | 267,440,128 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/04 15:57:27 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Leslie Caronia\NTUSER.DAT
[2010/04/04 15:57:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Leslie Caronia\NTUSER.INI
[2010/04/04 14:18:40 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\riwapoko
[2010/04/04 13:56:02 | 003,907,280 | R--- | M] () -- C:\Documents and Settings\Leslie Caronia\Desktop\ComboFix.exe
[2010/04/03 23:50:32 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Leslie Caronia\Desktop\gmer.zip
[2010/04/03 11:11:27 | 058,476,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/31 18:54:56 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\OTL.exe
[2010/03/31 01:27:07 | 005,918,768 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Leslie Caronia\Desktop\random.exe
[2010/03/31 01:24:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Leslie Caronia\Desktop\NTREGOPT.lnk
[2010/03/31 01:24:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Leslie Caronia\Desktop\ERUNT.lnk
[2010/03/31 01:22:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Leslie Caronia\Desktop\erunt_setup.exe
[2010/03/31 01:09:18 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie Caronia\Desktop\TFC.exe
[2010/03/30 11:58:56 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Leslie Caronia\Local Settings\Application Data\IconCache.db
[2010/03/30 02:08:00 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/03/16 01:19:58 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Leslie Caronia\My Documents\Hey Joe.doc
[2010/03/15 21:38:29 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/15 21:38:29 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/15 21:38:27 | 000,508,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 18:44:02 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Leslie Caronia\Desktop\Microsoft Word.lnk
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\riwapoko
[2010/04/04 13:55:53 | 003,907,280 | R--- | C] () -- C:\Documents and Settings\Leslie Caronia\Desktop\ComboFix.exe
[2010/04/03 23:50:10 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Desktop\gmer.zip
[2010/03/31 01:24:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Desktop\NTREGOPT.lnk
[2010/03/31 01:24:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Desktop\ERUNT.lnk
[2010/03/30 02:08:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/30 02:07:54 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/30 01:56:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/30 01:56:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/30 01:56:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/30 01:56:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/30 01:56:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/16 01:19:57 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\My Documents\Hey Joe.doc
[2008/11/23 20:55:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2008/10/05 22:22:47 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Application Data\burnaware.ini
[2008/10/05 21:39:59 | 000,000,205 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Application Data\DVD2MobileConfig.ini
[2008/03/01 18:43:06 | 000,004,469 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/08 00:30:43 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/15 10:52:40 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/04 22:37:12 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CDToMP3WAVMaker.ini
[2005/09/04 22:35:01 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p1now.sys
[2005/02/17 22:40:42 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/02/01 22:37:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\BRPfX04A.INI
[2005/02/01 22:36:58 | 000,000,087 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/02/01 22:36:58 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2005/02/01 22:36:46 | 000,000,480 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/01/13 23:53:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Application Data\dm.ini
[2005/01/13 23:53:40 | 000,001,219 | ---- | C] () -- C:\Documents and Settings\Leslie Caronia\Application Data\AdobeDLM.log
[2004/09/25 22:24:48 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IIGDGNN.ini
[2004/07/22 21:14:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/23 23:43:28 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\FWNToolbar.dll.manifest
[2004/03/05 12:01:20 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\NCTAudioCDRipper2.dll
[2003/08/07 14:01:52 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/06 17:34:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\MMKeybd.dll
[2003/01/06 17:34:24 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2003/01/06 17:34:24 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2003/01/06 17:34:17 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/10/09 21:31:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/09 21:19:33 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/09 19:51:38 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/14 20:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/03/24 01:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/02/26 22:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2004/04/10 15:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/23 21:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/08 22:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Any Video Converter
[2009/02/25 21:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\AVGTOOLBAR
[2002/10/17 03:36:49 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2005/01/14 00:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/09/09 01:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/09/09 02:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/03/24 01:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/03/31 01:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/26 22:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2002/10/27 22:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/03/01 00:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/04/04 01:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/09/21 23:24:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/02/13 23:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2006/02/02 23:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2002/10/09 21:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/01/29 13:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2004/04/10 15:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/09/21 23:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/23 21:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/07/04 14:35:40 | 000,054,632 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
[2008/11/23 21:11:17 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe

< %APPDATA%\*. >
[2008/10/08 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Adobe
[2005/01/14 00:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\AdobeUM
[2008/10/08 22:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Any Video Converter
[2006/09/21 22:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Apple Computer
[2009/02/25 21:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\AVGTOOLBAR
[2005/02/17 22:40:58 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Brother
[2008/10/05 22:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\dvdcss
[2006/05/13 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Google
[2004/09/20 21:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Help
[2004/11/15 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Identities
[2004/05/05 22:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Macromedia
[2010/04/04 01:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Malwarebytes
[2009/05/07 22:18:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Microsoft
[2005/08/22 12:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Microsoft Web Folders
[2008/09/06 01:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla
[2006/01/28 17:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\MSN6
[2004/12/27 19:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Sun
[2002/10/09 21:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Symantec
[2004/12/12 21:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\Talkback
[2008/10/05 20:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Caronia\Application Data\vlc

< %APPDATA%\*.exe /s >
[2009/06/10 11:33:56 | 000,083,256 | ---- | M] (LogMeIn, Inc.) -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\[email protected]\plugins\LMIGuardian.exe
[2009/05/14 15:29:28 | 000,070,984 | ---- | M] () -- C:\Documents and Settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\[email protected]\plugins\LMIProxyHelper.exe

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2006/09/21 22:23:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2006/09/21 22:23:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2001/08/17 01:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
[2001/08/17 01:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 01:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS
[2001/08/17 01:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0017\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2006/09/21 22:23:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2006/09/21 22:23:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/01/30 02:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\I386\atapi.sys
[2002/01/30 02:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2001/08/17 18:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\I386\EVENTLOG.DLL
[2001/08/17 18:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2001/08/17 18:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\I386\NETLOGON.DLL
[2001/08/17 18:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\scecli.dll
[2001/08/17 18:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\I386\SCECLI.DLL
[2001/08/17 18:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/11/14 19:22:22 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2001/11/14 19:22:22 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2001/11/14 19:22:22 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
< End of report >


OTL Extras logfile created on: 4/4/2010 4:22:15 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Leslie Caronia\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 42.00 Mb Available Physical Memory | 16.00% Memory free
626.00 Mb Paging File | 287.00 Mb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.59 Gb Total Space | 1.31 Gb Free Space | 7.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4QB7Z11
Current User Name: Leslie Caronia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91E8A85F-2960-40ED-BA84-7F4567BB00C0}" = Dell | Support
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AVG8Uninstall" = AVG Free 8.5
"CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_542114F1" = Actiontec MD56ORD V92 MDC Modem
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Shockwave" = Shockwave
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 2
"Works2002Setup" = Microsoft Works 2002 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bddd472159704f26" = macProVideo.com NED Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/1/2010 5:42:41 PM | Computer Name = D4QB7Z11 | Source = ESENT | ID = 489
Description = wuauclt (1272) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 3/1/2010 5:42:41 PM | Computer Name = D4QB7Z11 | Source = ESENT | ID = 455
Description = wuaueng.dll (1272) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 3/11/2010 9:35:47 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 8.5.0.427, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 12:10:18 AM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 4:42:07 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 8.5.0.437, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 5:22:25 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 5:22:30 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 5:22:30 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/2/2010 10:31:52 AM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2010 11:14:13 PM | Computer Name = D4QB7Z11 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/4/2010 3:45:30 PM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/4/2010 3:45:30 PM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 4/4/2010 3:45:39 PM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/4/2010 3:45:39 PM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The Netropa NHK Server service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/4/2010 3:45:39 PM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7031
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 4/4/2010 3:45:44 PM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The AVG Free8 E-mail Scanner service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/4/2010 3:45:44 PM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/4/2010 3:45:44 PM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/4/2010 3:45:44 PM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/4/2010 3:45:44 PM | Computer Name = D4QB7Z11 | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).


< End of report >

Edited by heir, 05 April 2010 - 03:49 AM.
protect tool

  • 0

#8
heir
Posted 04 April 2010 - 04:25 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Step 1.
CFSCript:

Open notepad and copy/paste the text in the codebox below into it:

http://www.geekstogo.com/forum/Trojans-Possible-Rootkit-Malwarebytes-won-t-launch-t273179.html

Collect::
C:\WINDOWS\System32\riwapoko
C:\WINDOWS\System32\sysogg.dll
Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Step 2.
Things I would like to see in your reply:

  • The content of C:\ComboFix.txt from step 1.
  • The content of C:\Qoobox\ComboFix-quarantined-files.txt..

  • 0

#9
Danneroo
Posted 04 April 2010 - 05:06 PM

Danneroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey Heir, below are the pasted combo fix and combofix-quarantine txts:

ComboFix 10-04-03.02 - Leslie Caronia 04/04/2010 18:43:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.112 [GMT -4:00]
Running from: c:\documents and settings\Leslie Caronia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Leslie Caronia\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\windows\System32\riwapoko
file zipped: c:\windows\System32\sysogg.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-380649094.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-556261554.MTZ
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-592174655.MTZ
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1159435808.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\297623226.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-88519498.MTZ
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1401615954.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\103844284.mts
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
c:\windows\System32\riwapoko
c:\windows\System32\sysogg.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-04 to 2010-04-04 )))))))))))))))))))))))))))))))
.

2010-04-04 05:34 . 2010-04-04 05:34 -------- d-----w- c:\documents and settings\Leslie Caronia\Application Data\Malwarebytes
2010-04-04 05:33 . 2010-04-04 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-31 05:24 . 2010-03-31 05:24 -------- d-----w- c:\program files\ERUNT
2010-03-25 03:20 . 2010-03-25 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-25 03:09 . 2010-03-25 03:09 152576 ----a-w- c:\documents and settings\Leslie Caronia\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-25 03:08 . 2010-03-25 03:08 79488 ----a-w- c:\documents and settings\Leslie Caronia\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-24 05:28 . 2009-11-25 17:03 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-03-21 20:55 . 2010-03-21 20:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-20 22:42 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-20 22:42 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-20 22:02 . 2010-03-20 22:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-11 03:02 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 05:30 . 2009-02-26 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-25 03:15 . 2004-12-18 04:38 -------- d-----w- c:\program files\Java
2010-03-24 05:47 . 2009-06-26 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-10 17:57 . 2006-09-24 00:56 8736 ----a-w- c:\windows\system32\nvModes.dat
2010-01-05 10:00 . 2004-01-08 19:23 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2001-08-17 22:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 17:03 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"Dell|Alert"="c:\program files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 270336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-25 149280]
"nwiz"="nwiz.exe" [2003-06-24 323584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-24 23:09 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2/25/2009 9:36 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2/25/2009 9:37 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/25/2009 9:35 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/25/2009 9:35 PM 297752]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [1/6/2003 5:34 PM 28672]
R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [1/6/2003 5:34 PM 6942]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2002-10-17 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2001-08-17 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dogpile.com/
mSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8522F9B3-0000-0000-0000-000000000000} - hxxp://38.144.58.87/sex/xxxmovies.cab
FF - ProfilePath - c:\documents and settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Leslie Caronia\Application Data\Mozilla\Firefox\Profiles\0n0bnvmz.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 18:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Dell|Alert = c:\program files\Dell\Support\Alert\bin\DAMon.exe?p?o?r?t?\?A?l?e?r?t?\?b?i?n?\?D?A?M?o?n?.?e?x?e???????????x:??????x???????X???????????????P????(?w'(?w????????????(???s??????w????????????0????$?w7(?w?o?wS??w???w????????????X*@?????????X????????%@?e?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-04 18:59:08
ComboFix-quarantined-files.txt 2010-04-04 22:59
ComboFix2.txt 2010-04-04 20:17
ComboFix3.txt 2010-04-04 18:43

Pre-Run: 1,367,883,776 bytes free
Post-Run: 1,332,195,328 bytes free

- - End Of File - - 49759AB1F0D40027992ACD316DB2CA33
Upload was successful


2010-04-04 22:43:48 . 2010-04-04 22:43:49 6,984 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2010-04-04_18.43.41.zip
2010-04-04 20:14:16 . 2010-04-04 20:14:16 351 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{9e91eb99-32b1-4cd9-b747-f10c780f76f3}.reg.dat
2010-04-04 19:46:00 . 2010-04-04 19:46:05 173,530 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2010-04-04_15.45.26.zip
2010-04-04 18:39:47 . 2010-04-04 18:39:47 506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-MicroGrade 6.1.0.reg.dat
2010-04-04 18:38:11 . 2010-04-04 18:38:12 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-pedojeves-{dac71b09-0ee6-402d-a26d-38d53ec5f9a5}.reg.dat
2010-04-04 18:38:11 . 2010-04-04 18:38:11 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-bototukeb-{66a68100-37cb-4bcc-a0fa-b20a154009b7}.reg.dat
2010-04-04 18:38:08 . 2010-04-04 18:38:08 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{dac71b09-0ee6-402d-a26d-38d53ec5f9a5}.reg.dat
2010-04-04 18:38:08 . 2010-04-04 18:38:08 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{66a68100-37cb-4bcc-a0fa-b20a154009b7}.reg.dat
2010-04-04 18:37:58 . 2010-04-04 18:37:58 150 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-kigurakel.reg.dat
2010-04-04 18:37:58 . 2010-04-04 18:37:58 128 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-resuraluti.reg.dat
2010-04-04 18:37:57 . 2010-04-04 18:37:57 121 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-DellTouch.reg.dat
2010-04-04 18:12:57 . 2010-04-04 22:51:42 6,386 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-04-02 14:18:25 . 2010-04-04 17:58:38 296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\dfggrxvb.job.vir

2010-03-30 05:56:06 . 2010-04-04 22:40:13 306 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-03-24 21:08:36 . 2010-03-24 21:08:36 1 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vowiwiki.dll.vir
2010-03-24 20:44:54 . 2010-03-24 20:44:54 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mutelupo.dll.vir
2010-03-24 03:03:19 . 2010-04-03 07:00:12 296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\domyyall.job.vir
2010-01-02 14:18:06 . 2010-01-02 14:18:06 92,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mozafije.dll.vir
2010-01-02 14:18:06 . 2010-01-02 14:18:06 61,952 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tonigili.dll.vir
2010-01-02 14:18:06 . 2010-01-02 14:18:06 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tifetewe.dll.vir
2008-11-24 00:55:49 . 2008-12-12 02:14:33 25 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysogg.dll.vir
2007-06-05 23:04:20 . 2007-06-05 23:04:20 505,318 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\autorun.inf.vir

2004-07-17 08:11:24 . 2004-07-17 08:11:24 831 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\103844284.mts.vir
2004-07-17 08:11:24 . 2004-07-17 08:11:24 3,538 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-380649094.mtx.vir
2004-07-17 08:11:22 . 2004-07-17 08:11:22 9,236 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt.vir
2004-07-17 08:11:22 . 2004-07-17 08:11:22 35 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini.vir
2004-07-17 08:11:19 . 2004-07-17 08:11:19 541 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1401615954.mtz.vir
2004-07-17 08:11:19 . 2004-07-17 08:11:41 845,633 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\297623226.mts.vir
2004-07-17 08:11:19 . 2004-07-17 08:11:19 1,014 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-556261554.MTZ.vir
2004-07-17 08:11:18 . 2004-07-17 08:11:18 535 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-88519498.MTZ.vir
2004-07-17 08:11:18 . 2004-07-17 08:11:18 1,999 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1159435808.mtx.vir
2004-07-17 08:11:12 . 2004-07-17 08:11:12 335 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-592174655.MTZ.vir
2004-06-29 04:15:32 . 2004-06-29 04:18:04 8,152 -c--atw- C:\Qoobox\Quarantine\C\WINDOWS\tmlpcert2005.vir
2004-04-22 04:29:06 . 2004-04-22 04:31:22 2,436 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini.vir
2004-04-22 04:29:05 . 2004-07-17 08:11:23 6,404 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx.vir
2004-04-10 19:20:11 . 2004-07-17 08:11:41 501 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini.vir
2004-04-10 19:20:11 . 2004-07-17 08:11:41 2,090 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini.vir
2004-04-10 19:20:11 . 2004-07-17 08:11:41 1,610 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini.vir
2004-04-10 19:20:11 . 2004-07-17 08:11:41 1,554 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini.vir
2004-04-10 19:19:15 . 2004-07-17 08:11:41 136 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini.vir
2004-04-10 19:19:11 . 2004-05-06 02:22:55 25,891 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini.vir
2004-04-10 19:19:11 . 2004-07-17 08:11:41 329 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini.vir
2004-04-10 19:19:11 . 2004-07-17 08:11:41 326 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini.vir
2002-10-29 01:58:59 . 2010-03-25 03:08:24 4,589 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2002-10-29 01:58:59 . 2010-03-25 03:08:24 5,693 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
1601-01-01 00:26:50 . 2010-04-04 18:18:40 6,456 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\riwapoko.vir
1601-01-01 00:03:52 . 1601-01-01 00:03:52 70,656 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\bezogebu.dll.vir
1601-01-01 00:03:52 . 1601-01-01 00:03:52 70,656 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\loyiroge.dll.vir
1601-01-01 00:03:52 . 1601-01-01 00:03:52 70,656 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yaruyava.dll.vir
1601-01-01 00:03:28 . 1601-01-01 00:03:28 1 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\bebotaka.dll.vir
1601-01-01 00:03:28 . 1601-01-01 00:03:28 1 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dapipobi.dll.vir
1601-01-01 00:03:28 . 1601-01-01 00:03:28 70,656 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vomayopu.dll.vir

Edited by heir, 05 April 2010 - 03:50 AM.
protect tool

  • 0

#10
heir
Posted 05 April 2010 - 03:59 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I have edited out some unnecessary information in previous posts.

Let's continue.

Step 1.
Submit file:

Please visit this site and follow the instructions for uploading the C:\Qoobox\Quarantine\[4]-Submit_2010-04-04_15.45.26.zip file.


Step 2.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of JDK 6 Update 18 (JDK or JRE).
  • Click the "Download JRE" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

  • Confirmation that the file was submitted.
  • The content of the report from MBAM from Step 2.
  • The content of the report from Kaspersky Online Scanner from Step 3.

  • 0

Advertisements

#11
Danneroo
Posted 05 April 2010 - 05:41 PM

Danneroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey Heir, sorry for the delay in the reply. A very frustrating day with the laptop; lots of unresponsiveness and sluggishness.

For Step 1 I can confirm that the file was submitted. Step 2, the MBAM log is below. I updated the Java as you requested. It was Update 19 instead of 18. There was an 18 version there but it had an "EE" suffix in it that didn't seem like the correct one. Let me know if java 6 update 19 is ok.

As for the Kaspersky, I was unable to complete a scan. The first time I attempted it, it made it halfway through the database update and then froze, and I had to reset the computer. The next several attempts, had a strange issue. Very sluggish for one, but when the database update portion would start up, my internet connection would get a low signal and that would affect the java. I would then have to reset the computer. I had a lot of issues even trying to open programs after the Kasperky scan... like the notepad wouldn't open so I could post the MBAM log here, and ctrl alt del did nothing. And when I tried to restart the computer it wouldn't respond... I had to cycle the power to reset it.

Take care, Danneroo


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3956

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

4/5/2010 11:04:01 AM
mbam-log-2010-04-05 (11-04-01).txt

Scan type: Quick scan
Objects scanned: 109929
Time elapsed: 30 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
heir
Posted 06 April 2010 - 01:51 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
We'll do an Online Scan later.

We need to scan a couple of file.

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysogg.dll.vir
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Do the same with this one:C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\riwapoko.vir

Edited by heir, 06 April 2010 - 12:11 PM.
edited filepaths

  • 0

#13
Danneroo
Posted 06 April 2010 - 12:06 PM

Danneroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey Heir,

I can't do as you requested, as when I opened internet explorer ( I use Mozilla Firefox) a bunch of xp defender alerts opened up, and when I am finally able to put the virscan.org into the address bar, the xp defender prompts me to run a scan or buy the full version... it doesn't let me go to the site.
  • 0

#14
heir
Posted 06 April 2010 - 12:07 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Try using firefox.

The filepaths were wrong I edited them

Edited by heir, 06 April 2010 - 12:09 PM.

  • 0

#15
Danneroo
Posted 06 April 2010 - 12:44 PM

Danneroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey, scans posted below.

VirSCAN.org Scanned Report :
Scanned time : 2010/04/07 02:36:57 (CST)
Scanner results: Scanners did not find malware!
File Name : sysogg.dll.vir
File Size : 25 byte
File Type : ASCII text, with CRLF line terminators
MD5 : 093b0d8a386b7cd8a07fee03f989ab3e
SHA1 : fc5eebf054a689a970aeb89afe2db21d66920bff
Online report : http://virscan.org/r...526fdbf8df.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100406213929 2010-04-06 4.79 -
AhnLab V3 2010.04.07.00 2010.04.07 2010-04-07 1.20 -
AntiVir 8.2.1.210 7.10.6.31 2010-04-06 0.25 -
Antiy 2.0.18 20100406.4147864 2010-04-06 0.12 -
Arcavir 2009 201004061345 2010-04-06 0.01 -
Authentium 5.1.1 201004061441 2010-04-06 1.26 -
AVAST! 4.7.4 100406-1 2010-04-06 0.00 -
AVG 8.5.720 271.1.1/2794 2010-04-06 0.21 -
BitDefender 7.81008.5593252 7.31120 2010-04-06 3.51 -
ClamAV 0.95.3 10706 2010-04-06 0.00 -
Comodo 3.13.579 4518 2010-04-06 0.89 -
CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
Dr.Web 5.0.2.3300 2010.04.07 2010-04-07 6.36 -
F-Prot 4.4.4.56 20100406 2010-04-06 1.26 -
F-Secure 7.02.73807 2010.04.06.14 2010-04-06 0.08 -
Fortinet 4.0.14 11.666 2010-04-06 0.15 -
GData 19.10958/19.868 20100406 2010-04-06 6.70 -
ViRobot 20100406 2010.04.06 2010-04-06 0.41 -
Ikarus T3.1.01.80 2010.04.06.75565 2010-04-06 5.51 -
JiangMin 13.0.900 2010.04.06 2010-04-06 1.17 -
Kaspersky 5.5.10 2010.04.06 2010-04-06 0.03 -
KingSoft 2009.2.5.15 2010.4.6.15 2010-04-06 0.65 -
McAfee 5.3.00 5937 2010-03-31 3.74 -
Microsoft 1.5605 2010.04.06 2010-04-06 6.46 -
Norman 6.04.10 6.04.00 2010-04-05 6.01 -
Panda 9.05.01 2010.04.06 2010-04-06 1.76 -
Trend Micro 9.120-1004 6.974.07 2010-04-06 0.03 -
Quick Heal 10.00 2010.04.06 2010-04-06 1.47 -
Rising 20.0 22.42.01.04 2010-04-06 0.25 -
Sophos 3.05.4 4.51 2010-04-07 3.93 -
Sunbelt 3.9.2412.2 6143 2010-04-06 4.78 -
Symantec 1.3.0.24 20100406.003 2010-04-06 0.42 -
nProtect 20100405.01 7907880 2010-04-05 4.53 -
The Hacker 6.5.2.0 v00256 2010-04-06 0.36 -
VBA32 3.12.12.4 20100405.2127 2010-04-05 2.82 -
VirusBuster 4.5.11.10 10.122.34/2034528 2010-04-06 2.34 -


VirSCAN.org Scanned Report :
Scanned time : 2010/04/07 02:40:59 (CST)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : riwapoko.vir
File Size : 6456 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 33ba236c6af0cbe604889b58c51fd55e
SHA1 : 5bb2e6e733f5768bc70cfa25c1656017253f56d1
Online report : http://virscan.org/r...51cac4575e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100406213929 2010-04-06 4.88 -
AhnLab V3 2010.04.07.00 2010.04.07 2010-04-07 1.81 -
AntiVir 8.2.1.210 7.10.6.31 2010-04-06 0.24 -
Antiy 2.0.18 20100406.4147864 2010-04-06 0.12 -
Arcavir 2009 201004061345 2010-04-06 0.02 -
Authentium 5.1.1 201004061441 2010-04-06 1.27 -
AVAST! 4.7.4 100406-1 2010-04-06 0.00 -
AVG 8.5.720 271.1.1/2794 2010-04-06 0.22 -
BitDefender 7.81008.5593252 7.31120 2010-04-06 3.55 -
ClamAV 0.95.3 10706 2010-04-06 0.01 -
Comodo 3.13.579 4518 2010-04-06 1.14 -
CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
Dr.Web 5.0.2.3300 2010.04.07 2010-04-07 6.38 -
F-Prot 4.4.4.56 20100406 2010-04-06 1.26 -
F-Secure 7.02.73807 2010.04.06.14 2010-04-06 0.11 -
Fortinet 4.0.14 11.666 2010-04-06 0.26 -
GData 19.10958/19.868 20100406 2010-04-06 6.90 -
ViRobot 20100406 2010.04.06 2010-04-06 0.41 -
Ikarus T3.1.01.80 2010.04.06.75565 2010-04-06 5.51 -
JiangMin 13.0.900 2010.04.06 2010-04-06 1.17 Backdoor/RBot.oqm
Kaspersky 5.5.10 2010.04.06 2010-04-06 0.08 -
KingSoft 2009.2.5.15 2010.4.6.15 2010-04-06 0.64 -
McAfee 5.3.00 5937 2010-03-31 3.76 -
Microsoft 1.5605 2010.04.06 2010-04-06 6.82 -
Norman 6.04.10 6.04.00 2010-04-05 6.01 -
Panda 9.05.01 2010.04.06 2010-04-06 2.26 -
Trend Micro 9.120-1004 6.974.07 2010-04-06 0.03 -
Quick Heal 10.00 2010.04.06 2010-04-06 1.47 -
Rising 20.0 22.42.01.04 2010-04-06 1.10 -
Sophos 3.05.4 4.51 2010-04-07 3.93 -
Sunbelt 3.9.2412.2 6143 2010-04-06 4.60 -
Symantec 1.3.0.24 20100406.003 2010-04-06 0.05 -
nProtect 20100405.01 7907880 2010-04-05 4.56 -
The Hacker 6.5.2.0 v00256 2010-04-06 0.36 -
VBA32 3.12.12.4 20100405.2127 2010-04-05 2.80 -
VirusBuster 4.5.11.10 10.122.34/2034528 2010-04-06 2.34 -
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP