Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having trouble removing spyware/malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 tsl102681

tsl102681

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 09 April 2009 - 03:36 PM

Hi,

I am new to the board.

I am having some problems removing some spyware.

I am not sure exactly what it is, but it is slowing down my Firefox browser.

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:33 PM, on 4/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Kodak\printer\center\KodakSvc.exe
E:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
E:\WINDOWS\System32\wbem\unsecapp.exe
E:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
E:\WINDOWS\System32\hkcmd.exe
E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
E:\ImageMate CompactFlash USB\SandIcon.Exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
E:\Program Files\AIM\aim.exe
E:\Program Files\Internet Explorer\iexplore.exe
e:\program files\aim toolbar\aimtbServer.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\regedit.exe
E:\Documents and Settings\Owner\Desktop\DVD Shrink 3.1.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - E:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - E:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {C0BEFC69-0689-4F45-8F0B-81466A0BBDAF} - e:\windows\system32\jrlkdau.dll
O2 - BHO: E:\WINDOWS\system32\sdfadccddkn93.dll - {D5BF49A0-94F3-52BD-F434-3604812C8955} - E:\WINDOWS\system32\sdfadccddkn93.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - E:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WUSB54Gv4] E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SandIcon] E:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [CXMon] "E:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Udinuh] rundll32.exe "E:\WINDOWS\iyemabimonusijeg.dll",e
O4 - HKLM\..\Run: [Ad-Watch] E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [] E:\WINDOWS\TEMP\rln4aqm2y.exe
O4 - HKCU\..\Run: [Windows Resurections] E:\WINDOWS\TEMP\rln4aqm2y.exe
O4 - HKCU\..\Run: [Diagnostic Manager] E:\DOCUME~1\Owner\LOCALS~1\Temp\3029053888.exe
O4 - Startup: UltimateZip Quick Start.lnk = E:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Toolbar Search - E:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - E:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203369383031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203369473171
O20 - Winlogon Notify: dnkilcku - E:\WINDOWS\SYSTEM32\jrlkdau.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O22 - SharedTaskScheduler: lkjf9873jhifjnsfi8w3fe - {D5BF49A0-94F3-52BD-F434-3604812C8955} - E:\WINDOWS\system32\sdfadccddkn93.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - E:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - E:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9082 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:36 PM

Posted 10 April 2009 - 07:03 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 tsl102681

tsl102681
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 11 April 2009 - 08:20 AM

Thanks for your reply.

I ran the malwarebytes, cleared some of those.

I am still having some problems with my Firefox running slower than usual. Also my Windows add and remove programs takes forever to load.

Here are the logs you asked for

OTListIt logfile created on: 4/11/2009 9:11:32 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = E:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 146.92 Mb Available Physical Memory | 28.81% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.77% Paging File free
Paging file location(s): E:\pagefile.sys 768 1536;

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 19.13 Gb Total Space | 13.83 Gb Free Space | 72.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.30 Gb Total Space | 73.78 Gb Free Space | 39.60% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TROY-AXO6EGNVCE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- E:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/09 19:09:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/03/22 19:04:18 | 00,009,728 | ---- | M] (SDSD) -- E:\Program Files\Kodak\printer\center\KodakSvc.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- E:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/02/06 22:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
PRC - [2004/07/03 00:36:58 | 01,432,576 | ---- | M] (Cisco Linksys Corporation) -- E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
PRC - [2003/07/16 16:48:51 | 00,016,896 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2004/08/04 03:56:57 | 00,218,112 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Explorer.EXE
PRC - [2004/08/04 03:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wscntfy.exe
PRC - [2004/02/10 11:51:30 | 00,118,784 | ---- | M] (Intel Corporation) -- E:\WINDOWS\System32\hkcmd.exe
PRC - [2000/02/18 14:00:46 | 01,355,858 | ---- | M] () -- E:\ImageMate CompactFlash USB\SandIcon.Exe
PRC - [2004/06/14 16:16:18 | 00,045,056 | ---- | M] () -- E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
PRC - [2000/08/14 16:48:06 | 00,032,768 | ---- | M] (Hewlett-Packard Company) -- E:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
PRC - [2005/08/30 15:46:12 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- E:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/09 19:09:52 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/05/27 10:50:30 | 00,413,696 | ---- | M] (Apple Inc.) -- E:\Program Files\QuickTime\QTTask.exe
PRC - [2008/06/02 11:13:26 | 00,267,048 | ---- | M] (Apple Inc.) -- E:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/09 15:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Messenger\msmsgs.exe
PRC - [2008/10/21 13:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- E:\Program Files\AIM6\aim6.exe
PRC - [2008/08/18 18:41:00 | 01,832,272 | RHS- | M] (Safer Networking Limited) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/09/19 05:33:46 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2005/11/16 11:00:00 | 00,122,880 | ---- | M] (WinZip Computing LP) -- E:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2005/02/26 14:27:14 | 00,303,616 | ---- | M] (SWE von Schleusen) -- E:\Program Files\UltimateZip\uzqkst.exe
PRC - [2007/08/30 18:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- E:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/08 17:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- E:\Program Files\AIM6\aolsoftware.exe
PRC - [2009/03/26 15:11:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 09:11:20 | 00,500,736 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Owner\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- E:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/24 14:40:16 | 00,183,280 | ---- | M] (Google) -- E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- E:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/04/09 19:09:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/03/22 19:04:18 | 00,009,728 | ---- | M] (SDSD) -- E:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc [Auto | Running])
SRV - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2004/11/02 17:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- E:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - File not found -- -- (WUSB54Gv4SVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- E:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/02/10 12:17:06 | 00,681,469 | ---- | M] (Intel Corporation) -- E:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- E:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- E:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- E:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- E:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2004/05/26 14:52:20 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- E:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- E:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- E:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2008/12/11 01:51:28 | 00,047,360 | ---- | M] (VSO Software) -- E:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2004/04/23 22:43:00 | 00,374,752 | ---- | M] (Cisco-Linksys, LLC.) -- E:\WINDOWS\System32\DRIVERS\WUSBGXP.sys -- (PRISM_A02 [On_Demand | Running])
DRV - [2003/07/16 16:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- E:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/29 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- E:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- E:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/11/18 11:38:32 | 00,591,808 | ---- | M] (Analog Devices, Inc.) -- E:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2008/02/18 11:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- E:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/01/11 18:39:34 | 00,040,832 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])
DRV - [2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- E:\WINDOWS\system32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.aol.com/?src=aim
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0CD48909-11EC-4687-B491-CA8B95FD5F08}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{0CD48909-11EC-4687-B491-CA8B95FD5F08}: E:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{0CD48909-11EC-4687-B491-CA8B95FD5F08} [2009/04/08 05:46:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: E:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/09 19:09:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: E:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/10 19:19:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: E:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/10 19:19:18 | 00,000,000 | ---D | M]

[2008/08/29 01:53:04 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/08/29 01:53:04 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/09 22:34:58 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\bta1pfwl.default\extensions
[2009/03/09 22:34:35 | 00,001,739 | ---- | M] () -- E:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\bta1pfwl.default\searchplugins\aim-search.xml
[2009/04/10 19:37:42 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions
[2009/04/10 19:19:19 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/18 11:52:06 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/18 09:18:45 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/02/22 14:24:30 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/15 00:13:17 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/04/09 19:10:42 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/26 15:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 15:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (22 bytes) - E:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {C0BEFC69-0689-4F45-8F0B-81466A0BBDAF} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Ad-Watch] E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [CXMon] "E:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HotKeysCmds] E:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SandIcon] E:\ImageMate CompactFlash USB\SandIcon.Exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [WUSB54Gv4] E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKCU..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized ()
O4 - HKCU..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: E:\Documents and Settings\Owner\Start Menu\Programs\Startup\UltimateZip Quick Start.lnk = E:\Program Files\UltimateZip\uzqkst.exe (SWE von Schleusen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AIM Toolbar Search - E:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 44 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1203369383031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1203369473171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dnkilcku: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - E:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/27 16:18:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - E:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - E:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/04/11 09:11:20 | 00,500,736 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/04/10 19:43:44 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\McAfee
[2009/04/10 19:19:23 | 00,001,602 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/10 02:00:00 | 00,000,000 | ---D | C] -- E:\Program Files\Enigma Software Group
[2009/04/09 23:17:43 | 00,000,000 | -HSD | C] -- E:\RECYCLER
[2009/04/09 20:07:32 | 00,073,728 | ---- | C] () -- E:\pv.exe
[2009/04/09 17:18:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2009/04/09 17:18:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/09 17:18:49 | 00,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2009/04/09 13:16:33 | 00,000,000 | ---D | C] -- E:\VundoFix Backups
[2009/04/09 09:10:59 | 00,001,343 | ---- | C] () -- E:\Documents and Settings\Owner\Desktop\regtools.vbs
[2009/04/08 23:41:40 | 00,015,688 | ---- | C] () -- E:\WINDOWS\System32\lsdelete.exe
[2009/04/08 23:25:24 | 00,000,472 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/08 23:25:02 | 00,064,160 | ---- | C] (Lavasoft AB) -- E:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/08 23:22:09 | 00,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/08 23:22:05 | 00,000,867 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/08 23:21:33 | 00,000,000 | ---D | C] -- E:\Program Files\Lavasoft
[2009/04/08 23:12:52 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Owner\Local Settings\Application Data\Symantec
[2009/04/08 17:08:42 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Owner\Local Settings\Application Data\imfjwczj
[2009/04/08 17:08:42 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Owner\Application Data\imfjwczj
[2009/04/08 06:08:16 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Norton
[2009/04/08 05:55:05 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/08 05:52:22 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/04/08 05:46:29 | 00,000,000 | ---- | C] () -- E:\WINDOWS\Bwosakoroxaziv.bin
[2009/04/08 05:46:28 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Owner\Local Settings\Application Data\{0CD48909-11EC-4687-B491-CA8B95FD5F08}
[2009/04/08 05:46:27 | 00,000,408 | ---- | C] () -- E:\WINDOWS\Jbatoh.dat
[2009/04/07 08:54:24 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\PC Tools
[2009/04/07 08:54:03 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Google
[2009/04/07 01:10:06 | 00,000,434 | ---- | C] () -- E:\WINDOWS\tasks\At1.job
[2009/04/06 11:06:43 | 00,023,552 | ---- | C] () -- E:\Documents and Settings\Owner\My Documents\CindyResume.doc
[2009/04/01 23:54:37 | 00,026,624 | ---- | C] () -- E:\Documents and Settings\Owner\My Documents\Momresume.doc
[2009/03/30 11:33:18 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Owner\Local Settings\Application Data\AIM Toolbar
[2009/03/28 20:16:54 | 00,001,580 | ---- | C] () -- E:\Documents and Settings\Owner\Desktop\LimeWire 4.16.6.lnk
[2009/03/24 14:40:18 | 00,000,868 | ---- | C] () -- E:\WINDOWS\tasks\Google Software Updater.job
[2008/09/10 03:07:39 | 00,000,118 | ---- | C] () -- E:\WINDOWS\System32\MRT.INI
[2008/09/01 02:37:48 | 00,000,145 | ---- | C] () -- E:\WINDOWS\wininit.ini
[2008/09/01 01:25:17 | 00,001,152 | ---- | C] () -- E:\WINDOWS\System32\windrv.sys
[2008/01/16 13:20:19 | 00,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2007/10/31 10:38:13 | 00,000,754 | ---- | C] () -- E:\WINDOWS\WORDPAD.INI
[2007/10/29 22:33:56 | 00,012,288 | ---- | C] () -- E:\WINDOWS\System32\EKDeviceServices.dll
[2007/07/29 10:58:02 | 00,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2007/05/06 15:19:18 | 00,114,688 | ---- | C] () -- E:\WINDOWS\System32\msmsg3sp.dll
[2007/04/20 08:29:20 | 00,000,029 | ---- | C] () -- E:\WINDOWS\atid.ini
[2007/03/04 09:56:47 | 00,101,376 | ---- | C] () -- E:\WINDOWS\System32\hpgt34.dll
[2006/06/22 20:25:50 | 00,032,256 | ---- | C] () -- E:\WINDOWS\System32\akrip32.dll
[2006/04/25 20:25:08 | 00,000,067 | ---- | C] () -- E:\WINDOWS\DVDRegionFree.INI
[2006/01/19 16:10:03 | 00,000,230 | ---- | C] () -- E:\WINDOWS\DVDFabGold.INI
[2006/01/19 13:44:15 | 00,000,107 | ---- | C] () -- E:\WINDOWS\IfoEdit.INI
[2005/09/28 15:53:54 | 00,000,175 | ---- | C] () -- E:\WINDOWS\cdplayer.ini
[2005/09/07 17:34:09 | 00,000,049 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2005/08/28 14:00:51 | 00,036,864 | ---- | C] () -- E:\WINDOWS\System32\hpcoinst.dll
[2005/08/27 21:09:00 | 00,094,208 | ---- | C] () -- E:\WINDOWS\System32\GTW32N50.dll
[2005/08/27 21:08:48 | 00,001,736 | ---- | C] () -- E:\WINDOWS\System32\WLAN.INI
[2004/08/04 03:56:42 | 00,081,920 | ---- | C] () -- E:\WINDOWS\System32\ieencode.dll
[2003/07/16 16:51:23 | 00,000,630 | ---- | C] () -- E:\WINDOWS\win.ini
[2003/07/16 16:47:28 | 00,000,227 | ---- | C] () -- E:\WINDOWS\system.ini
[1999/01/22 22:46:58 | 00,065,536 | ---- | C] () -- E:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 E:\WINDOWS\System32\*.tmp files]
[6 E:\WINDOWS\*.tmp files]
[2009/04/11 09:11:20 | 00,500,736 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/04/11 07:37:11 | 00,000,412 | ---- | M] () -- E:\WINDOWS\tasks\Symantec NetDetect.job
[2009/04/10 23:56:00 | 00,464,860 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/10 23:56:00 | 00,397,560 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2009/04/10 23:56:00 | 00,059,780 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2009/04/10 23:52:11 | 00,000,868 | ---- | M] () -- E:\WINDOWS\tasks\Google Software Updater.job
[2009/04/10 23:51:55 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2009/04/10 23:51:52 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2009/04/10 19:36:05 | 00,000,434 | ---- | M] () -- E:\WINDOWS\tasks\At1.job
[2009/04/10 19:19:23 | 00,001,602 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/10 10:16:04 | 00,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/09 23:19:36 | 00,002,655 | ---- | M] () -- E:\Documents and Settings\Owner\Desktop\fceu.cfg
[2009/04/09 20:14:59 | 00,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2009/04/09 16:08:32 | 00,000,408 | ---- | M] () -- E:\WINDOWS\Jbatoh.dat
[2009/04/09 14:50:05 | 00,001,631 | -H-- | M] () -- E:\IPH.PH
[2009/04/09 09:11:01 | 00,001,343 | ---- | M] () -- E:\Documents and Settings\Owner\Desktop\regtools.vbs
[2009/04/09 00:19:59 | 00,000,000 | ---- | M] () -- E:\WINDOWS\Bwosakoroxaziv.bin
[2009/04/08 23:25:25 | 00,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/08 23:22:05 | 00,000,867 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 11:06:44 | 00,023,552 | ---- | M] () -- E:\Documents and Settings\Owner\My Documents\CindyResume.doc
[2009/04/02 17:35:32 | 02,643,228 | -H-- | M] () -- E:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/01 23:54:37 | 00,026,624 | ---- | M] () -- E:\Documents and Settings\Owner\My Documents\Momresume.doc
[2009/03/28 20:16:54 | 00,001,580 | ---- | M] () -- E:\Documents and Settings\Owner\Desktop\LimeWire 4.16.6.lnk
[2009/03/26 21:42:49 | 00,002,137 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/22 20:30:50 | 00,000,049 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2009/03/18 00:08:44 | 00,000,618 | ---- | M] () -- E:\Documents and Settings\Owner\Desktop\DVDFab 5.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 118 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:36 PM

Posted 11 April 2009 - 09:35 AM

I need to see the log from Malwarebytes please.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 tsl102681

tsl102681
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 11 April 2009 - 04:24 PM

OK,

Here it is:

Malwarebytes' Anti-Malware 1.36
Database version: 1959
Windows 5.1.2600 Service Pack 2

4/9/2009 5:27:51 PM
mbam-log-2009-04-09 (17-27-51).txt

Scan type: Quick Scan
Objects scanned: 67499
Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 11
Registry Values Infected: 9
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
E:\WINDOWS\system32\sdfadccddkn93.dll (Trojan.Agent) -> Delete on reboot.
E:\WINDOWS\system32\jrlkdau.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0befc69-0689-4f45-8f0b-81466a0bbdaf} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dnkilcku (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c0befc69-0689-4f45-8f0b-81466a0bbdaf} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ihmvaynp (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ihmvaynp (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ihmvaynp (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c0befc69-0689-4f45-8f0b-81466a0bbdaf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc3bpj0ev4v (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\udinuh (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows resurections (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: kbdhci.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dllschannel.dlldigest.dllmsnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
E:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
E:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
e:\WINDOWS\system32\jrlkdau.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\kbdhci.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\system32\sdfadccddkn93.dll (Trojan.Zlob.H) -> Delete on reboot.
E:\WINDOWS\iyemabimonusijeg.dll (Trojan.Agent) -> Delete on reboot.
E:\Documents and Settings\Owner\Local Settings\temp\3029053888.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:36 PM

Posted 11 April 2009 - 07:32 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    O2 - BHO: (no name) - {C0BEFC69-0689-4F45-8F0B-81466A0BBDAF} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O20 - Winlogon\Notify\dnkilcku: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    
    :Files
    E:\WINDOWS\tasks\At1.job
    E:\WINDOWS\Bwosakoroxaziv.bin
    
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:36 PM

Posted 28 April 2009 - 04:52 PM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users