Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some ad-ware


  • This topic is locked This topic is locked
4 replies to this topic

#1 Dolza

Dolza

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 09 April 2009 - 06:02 PM

I wish i knew what type of virus it was, but sorry, i don't know.
I have all my trust progs on the ignore list (with the exception of the occasional Mcafee restart prog) and whenever i delete all the items the show in the scan, if I wait 5 seconds, a whole nother set is installed in there. This is more or less endless, no matter how many times i do it. I took a breeze through the drivers, but I didn't see anything that stuck out as obviously bad. I know the scan I am about to post is going to have a few obvious .dlls as malisious, I will post a screenshot of whatcan up as my "normal delete" so if you see anything in the log thats not on the screeny, well that will point us in the right direction. Also, as a note, this is immediately after a Mcafee comp clean and a full virus scan.

DDS
DDS (Ver_09-03-16.01) - NTFSx86  Run by Jeff at 18:51:31.78 on Thu 04/09/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3071.2346 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\libusbd-nt.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\PnkBstrB.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Outlook Express\msimn.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\Jeff\Desktop\dds.scr============== Pseudo HJT Report ===============BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: {d48b307e-4f9d-48fe-a507-2a3142f87728} - c:\windows\system32\nezaroga.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorunuRun: [Network Drive Mapping Utility] "c:\program files\linksys\network storage\Network Drive Mapping Utility.exe"uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silentuRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgroundmRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"mRun: [CPU Power Monitor] "c:\program files\asus\ai suite\aigear3\CpuPowerMonitor.exe"mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"mRun: [Network Drive Mapping Utility] "c:\program files\linksys\network storage\Network Drive Mapping Utility.exe" ZmRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silentmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkeymRun: [CPM67ad8c5c] Rundll32.exe "c:\windows\system32\fusageza.dll",amRun: [bigayokali] Rundll32.exe "c:\windows\system32\mibasiwa.dll",smRun: [Kpacenakoho] rundll32.exe "c:\windows\ixabokogike.dll",eStartupFolder: c:\docume~1\jeff\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\80211n~1.lnk - c:\program files\none\common\RaUI.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dllDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228527137000DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabNotify: Antiwpa - antiwpa.dllNotify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllAppInit_DLLs: c:\windows\system32\dipowako.dll c:\windows\system32\motatuwo.dll c:\windows\system32\fusageza.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\motatuwo.dllSTS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\motatuwo.dllSecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dllLSA: Authentication Packages = msv1_0 c:\windows\system32\cbXRKAtQLSA: Notification Packages = scecli mdnvwi.dll c:\windows\system32\dipowako.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\jeff\applic~1\mozilla\firefox\profiles\py3m66mf.default\FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p=FF - component: c:\documents and settings\jeff\application data\mozilla\firefox\profiles\py3m66mf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dllFF - HiddenExtension: XUL Cache: {E465CF2A-E5B9-42F7-9FB0-1841EB2A0D83} - c:\documents and settings\jeff\local settings\application data\{E465CF2A-E5B9-42F7-9FB0-1841EB2A0D83}FF - HiddenExtension: XUL Cache: {86844D75-F62A-4A6F-B0C3-E43AADCA445D} - c:\documents and settings\administrator\local settings\application data\{86844D75-F62A-4A6F-B0C3-E43AADCA445D}============= SERVICES / DRIVERS ===============R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-9 201320]R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-9 359248]R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-9 144704]R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-11-28 33792]R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-9 695624]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-9 79304]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-9 35240]R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-9 33832]R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-9 40488]R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-5-1 528640]S2 0294791239292706mcinstcleanup;McAfee Application Installer Cleanup (0294791239292706);c:\docume~1\jeff\locals~1\temp\029479~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\jeff\locals~1\temp\029479~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]=============== Created Last 30 ================2009-04-09 18:28	268	a---h---	C:\sqmdata18.sqm2009-04-09 18:28	244	a---h---	C:\sqmnoopt19.sqm2009-04-09 12:00	5,019	a-------	c:\windows\system32\Config.MPF2009-04-09 11:58	33,832	a-------	c:\windows\system32\drivers\mferkdk.sys2009-04-09 11:58	40,488	a-------	c:\windows\system32\drivers\mfesmfk.sys2009-04-09 11:58	201,320	a-------	c:\windows\system32\drivers\mfehidk.sys2009-04-09 11:58	79,304	a-------	c:\windows\system32\drivers\mfeavfk.sys2009-04-09 11:58	35,240	a-------	c:\windows\system32\drivers\mfebopk.sys2009-04-09 11:58	113,952	a-------	c:\windows\system32\drivers\Mpfp.sys2009-04-09 11:57	<DIR>	--d-----	c:\program files\McAfee.com2009-04-09 11:57	<DIR>	--d-----	c:\program files\common files\McAfee2009-04-09 11:57	<DIR>	--d-----	c:\program files\McAfee2009-04-09 11:05	136	a---h---	C:\sqmdata17.sqm2009-04-09 11:05	136	a---h---	C:\sqmnoopt18.sqm2009-04-08 11:56	136	a---h---	C:\sqmnoopt17.sqm2009-04-08 11:56	136	a---h---	C:\sqmdata16.sqm2009-04-08 11:53	268	a---h---	C:\sqmdata15.sqm2009-04-08 11:53	244	a---h---	C:\sqmnoopt16.sqm2009-04-08 10:29	0	a-------	c:\windows\Lvekapona.bin2009-04-08 10:29	408	a-------	c:\windows\Jzunipiqowaliyu.dat2009-04-07 10:43	2,713	---sh---	c:\windows\system32\lenasoyu.exe2009-04-07 01:18	244	a---h---	C:\sqmnoopt14.sqm2009-04-07 01:18	136	a---h---	C:\sqmnoopt15.sqm2009-04-07 01:18	136	a---h---	C:\sqmdata14.sqm2009-04-06 18:49	268	a---h---	C:\sqmdata13.sqm2009-04-06 18:49	244	a---h---	C:\sqmnoopt13.sqm2009-04-06 18:42	82,944	a-------	c:\windows\system32\drivers\ovfsth.sys2009-04-06 14:05	27,648	a-------	c:\windows\system32\winsetupsm.exe2009-04-06 13:50	27,648	a-------	c:\windows\system32\winsetupsn.exe2009-04-06 13:36	43	a-------	c:\windows\system32\ovfsthhilemxyilnofbnwsaqfoonhpncavoyne.dat2009-04-06 13:35	67,784	a-------	c:\windows\system32\ovfsthgoqrjpjmtmmwrkpdefsilnuljrvouxwk.dat2009-04-06 13:35	60,416	a-------	c:\windows\system32\ovfsthlribykxigrjmiljwchyjmkbuiolfxjsn.dll2009-04-06 13:35	18,944	a-------	c:\windows\system32\ovfsthwihfgyovcokfblebwwoyspufjsiawplk.dll2009-04-06 13:35	18,944	a-------	c:\windows\system32\ovfsthrtxelotrhvtpxdtljscowoojqsvogryv.dll2009-04-06 13:34	60,132	a-------	c:\windows\system32\prunnet.exe2009-04-03 15:01	<DIR>	--d-----	c:\program files\Trend Micro2009-03-21 10:57	<DIR>	--d-----	c:\program files\RealVNC2009-03-16 18:07	<DIR>	--d-----	c:\docume~1\jeff\applic~1\Red Alert 3 Uprising2009-03-12 15:32	292	a---h---	C:\sqmdata12.sqm2009-03-12 15:32	244	a---h---	C:\sqmnoopt12.sqm==================== Find3M  ====================2009-04-09 18:25	189,496	a-------	c:\windows\system32\PnkBstrB.exe2009-04-09 17:18	139,984	a-------	c:\windows\system32\drivers\PnkBstrK.sys2009-04-09 10:55	79,872	a--sh---	c:\windows\system32\tiwedihu.dll2009-04-09 10:55	87,552	a--sh---	c:\windows\system32\motatuwo.dll2009-04-09 10:55	61,440	a--sh---	c:\windows\system32\tinonere.exe2009-04-08 10:43	49,152	a--sh---	c:\windows\system32\jedemeja.dll2009-04-08 10:43	61,440	a--sh---	c:\windows\system32\jobiwebe.exe2009-04-08 10:43	87,552	a--sh---	c:\windows\system32\fusageza.dll2009-04-08 10:43	79,872	a--sh---	c:\windows\system32\siyefazi.dll2009-04-07 22:42	61,440	a--sh---	c:\windows\system32\vugupive.exe2009-04-06 13:39	61,440	a--sh---	c:\windows\system32\rodufofi.exe2009-03-09 17:08	165,376	a-------	c:\windows\system32\drivers\atksgt.sys2009-03-09 17:08	18,048	a-------	c:\windows\system32\drivers\lirsgt.sys2009-02-18 22:22	75,064	a-------	c:\windows\system32\PnkBstrA.exe2009-02-16 23:17	453,152	a-------	c:\windows\system32\NVUNINST.EXE2009-01-16 18:24	70,936	a-------	c:\windows\system32\PhysXLoader.dll2008-12-10 22:24	22,328	a-------	c:\docume~1\jeff\applic~1\PnkBstrK.sys2006-06-23 18:48	32,768	a----r--	c:\windows\inf\UpdateUSB.exe2009-01-08 10:44	49,152	a--sh---	c:\windows\system32\dipowako.dll2009-01-08 10:44	49,152	a--sh---	c:\windows\system32\mibasiwa.dll2008-12-01 16:03	880,948	a--sh---	c:\windows\system32\QtAKRXbc.ini2============= FINISH: 18:52:09.46 ===============
HijackThis Screeny
Posted Image

Full Hijack This Log (empty sections removed)
StartupList report, 4/9/2009, 6:45:31 PMStartupList version: 1.52.2Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXEDetected: Windows XP SP3 (WinNT 5.01.2600)Detected: Internet Explorer v7.00 (7.00.5730.0013)* Using default options* Showing rarely important sections==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\libusbd-nt.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\PnkBstrB.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Outlook Express\msimn.exeC:\WINDOWS\system32\mspaint.exeC:\WINDOWS\system32\svchost.exe--------------------------------------------------Listing of startup folders:Shell folders Startup:[C:\Documents and Settings\Jeff\Start Menu\Programs\Startup]OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exeShell folders Common Startup:[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]802.11n PCI Wireless LAN Utility.lnk = C:\Program Files\None\Common\RaUI.exeLogitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe--------------------------------------------------Checking Windows NT UserInit:[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = C:\WINDOWS\system32\userinit.exe,--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunAi Nap = "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"CPU Power Monitor = "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"Cpu Level Up help = C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exeNvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupnwiz = nwiz.exe /installAdobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"Network Drive Mapping Utility = "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe" ZKernel and Hardware Abstraction Layer = KHALMNPR.EXEBluetooth Connection Assistant = LBTWIZ.EXE -silentNvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitmcagent_exe = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyCPM67ad8c5c = Rundll32.exe "c:\windows\system32\fusageza.dll",abigayokali = Rundll32.exe "C:\WINDOWS\system32\mibasiwa.dll",sKpacenakoho = rundll32.exe "C:\WINDOWS\ixabokogike.dll",e--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\Runctfmon.exe = C:\WINDOWS\system32\ctfmon.exeDAEMON Tools Lite = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunNetwork Drive Mapping Utility = "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe"EA Core = "C:\Program Files\Electronic Arts\EADM\Core.exe" -silentmsnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run[OptionalComponents] = --------------------------------------------------Enumerating Active Setup stub paths:HKLM\Software\Microsoft\Active Setup\Installed Components(* = disabled by HKCU twin)[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *StubPath = C:\WINDOWS\system32\ieudinit.exe[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP[>{26923b43-4d38-484f-9b9e-de460746276c}] *StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install[{7790769C-0471-11d2-AF11-00C04FA35D02}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install[{89820200-ECBD-11cf-8B85-00AA005B4340}] *StubPath = regsvr32.exe /s /n /i:U shell32.dll[{89820200-ECBD-11cf-8B85-00AA005B4383}] *StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install--------------------------------------------------Load/Run keys from C:\WINDOWS\WIN.INI:load=*INI section not found*run=*INI section not found*Load/Run keys from Registry:HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\Windows: load=HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\system32\dipowako.dll c:\windows\system32\motatuwo.dll c:\windows\system32\fusageza.dll--------------------------------------------------Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:Shell=*INI section not found*SCRNSAVE.EXE=*INI section not found*drivers=*INI section not found*Shell & screensaver key from Registry:Shell=Explorer.exeSCRNSAVE.EXE=C:\WINDOWS\system32\logon.scrdrivers=*Registry value not found*Policies Shell key:HKCU\..\Policies: Shell=*Registry key not found*HKLM\..\Policies: Shell=*Registry value not found*--------------------------------------------------Checking for EXPLORER.EXE instances:C:\WINDOWS\Explorer.exe: PRESENT!C:\Explorer.exe: not presentC:\WINDOWS\Explorer\Explorer.exe: not presentC:\WINDOWS\System\Explorer.exe: not presentC:\WINDOWS\System32\Explorer.exe: not presentC:\WINDOWS\Command\Explorer.exe: not presentC:\WINDOWS\Fonts\Explorer.exe: not present--------------------------------------------------Checking for superhidden extensions:.lnk: HIDDEN! (arrow overlay: yes).pif: HIDDEN! (arrow overlay: yes).exe: not hidden.com: not hidden.bat: not hidden.hta: not hidden.scr: not hidden.shs: HIDDEN!.shb: HIDDEN!.vbs: not hidden.vbe: not hidden.wsh: not hidden.scf: HIDDEN! (arrow overlay: NO!).url: HIDDEN! (arrow overlay: yes).js: not hidden.jse: not hidden--------------------------------------------------Enumerating Browser Helper Objects:(no name) - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}(no name) - C:\WINDOWS\system32\nezaroga.dll (file missing) - {d48b307e-4f9d-48fe-a507-2a3142f87728}--------------------------------------------------Enumerating Task Scheduler jobs:McDefragTask.jobMcQcTask.jobNorton Internet Security - Run Full System Scan - Jeff.job--------------------------------------------------Enumerating Download Program Files:[WUWebControl Class]InProcServer32 = C:\WINDOWS\system32\wuweb.dllCODEBASE = [url="http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228527137000"]http://www.update.microsoft.com/windowsupd...b?1228527137000[/url][Shockwave Flash Object]InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocxCODEBASE = [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]--------------------------------------------------Enumerating Windows NT/2000/XP servicesMcAfee Application Installer Cleanup (0294791239292706): C:\DOCUME~1\Jeff\LOCALS~1\Temp\029479~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service (autostart)AEGIS Protocol (IEEE 802.1x) v3.5.3.0: system32\DRIVERS\AegisP.sys (autostart)atksgt: system32\DRIVERS\atksgt.sys (autostart)Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Event Log: %SystemRoot%\system32\services.exe (autostart)Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Logitech Bluetooth Service: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (autostart)LibUsb-Win32 - Daemon, Version 0.1.10.1: system32\libusbd-nt.exe (autostart)lirsgt: system32\DRIVERS\lirsgt.sys (autostart)TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)McAfee Services: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (autostart)McAfee Network Agent: "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" (autostart)McAfee Proxy Service: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (autostart)McAfee Real-time Scanner: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (autostart)McAfee Personal Firewall Service: "C:\Program Files\McAfee\MPF\MPFSrv.exe" (autostart)NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)Plug and Play: %SystemRoot%\system32\services.exe (autostart)PnkBstrA: C:\WINDOWS\system32\PnkBstrA.exe (autostart)PnkBstrB: C:\WINDOWS\system32\PnkBstrB.exe (autostart)IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)VNC Server Version 4: "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (autostart)--------------------------------------------------Enumerating ShellServiceObjectDelayLoad items:PostBootReminder: C:\WINDOWS\system32\SHELL32.dllCDBurn: C:\WINDOWS\system32\SHELL32.dllWebCheck: C:\WINDOWS\system32\webcheck.dllSysTray: C:\WINDOWS\system32\stobject.dllWPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dllSSODL: c:\windows\system32\motatuwo.dll--------------------------------------------------End of report, 14,179 bytesReport generated in 0.203 secondsCommand line options:   /verbose  - to add additional info on each section   /complete - to include empty sections and unsuspicious data   /full     - to include several rarely-important sections   /force9x  - to include Win9x-only startups even if running on WinNT   /forcent  - to include WinNT-only startups even if running on Win9x   /forceall - to include all Win9x and WinNT startups, regardless of platform   /history  - to list version history only

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:56 PM

Posted 10 April 2009 - 07:01 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Dolza

Dolza
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 15 April 2009 - 05:22 PM

OTListIt logfile created on: 4/15/2009 6:10:59 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 92.79% Memory free
4.00 Gb Paging File | 3.91 Gb Available in Paging File | 97.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 217.85 Gb Free Space | 36.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.48 Gb Total Space | 4.30 Gb Free Space | 5.77% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFFDESKTOP
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/05/02 03:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
PRC - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2005/03/09 21:50:18 | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/02/18 22:22:40 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/04/11 17:52:08 | 00,189,496 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/09/06 11:19:14 | 01,426,432 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2007/10/16 11:35:42 | 00,626,176 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
PRC - [2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/05/02 03:42:18 | 00,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\LBTWiz.exe
PRC - [2009/03/09 15:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2007/06/08 08:34:52 | 00,278,144 | ---- | M] () -- C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe
PRC - [2008/05/02 03:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2008/02/22 04:25:20 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/18 15:21:09 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2009/04/06 14:35:42 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/12/03 20:28:42 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe
PRC - [2009/04/15 18:10:31 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2008/05/02 03:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ [Auto | Running])
SRV - [2005/03/09 21:50:18 | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd [Auto | Running])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/02/18 22:22:40 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])
SRV - [2008/10/15 17:13:58 | 00,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4 [Auto | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/04/11 17:52:08 | 00,189,496 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/05/01 18:12:48 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2006/10/18 15:12:16 | 00,012,664 | R--- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2009/03/09 17:08:55 | 00,165,376 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2004/12/13 17:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2007/01/03 18:25:18 | 00,027,536 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\frmupgr.sys -- (DFUBTUSB [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/08/10 01:52:44 | 04,603,904 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/02/29 04:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2008/02/29 04:12:56 | 00,063,120 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running])
DRV - [2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/02/29 04:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2005/03/09 21:50:16 | 00,033,792 | ---- | M] () -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0 [On_Demand | Running])
DRV - [2009/03/09 17:08:55 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/02/29 04:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 04:13:36 | 00,079,120 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2007/09/21 04:11:02 | 00,028,432 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Stopped])
DRV - [2008/02/18 17:29:16 | 00,096,256 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2004/08/13 14:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009/02/18 14:44:00 | 06,308,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/05/07 10:30:28 | 00,528,640 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\DRIVERS\RT2860.sys -- (RT80x86 [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/05/12 16:44:55 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/08/15 04:22:00 | 00,265,856 | ---- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1993962763-261903793-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1993962763-261903793-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1993962763-261903793-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-1993962763-261903793-839522115-1003\S-1-5-21-1993962763-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20080609.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.190
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.4
FF - prefs.js..extensions.enabledItems: {702C6173-DD58-48BB-B433-F3A6D6452208}:1.0
FF - prefs.js..extensions.enabledItems: {311C66EE-CDCD-49E5-AB43-C11A158004F2}:1.0
FF - prefs.js..extensions.enabledItems: {E465CF2A-E5B9-42F7-9FB0-1841EB2A0D83}:1.0
FF - prefs.js..extensions.enabledItems: {86844D75-F62A-4A6F-B0C3-E43AADCA445D}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{E465CF2A-E5B9-42F7-9FB0-1841EB2A0D83}: C:\DOCUMENTS AND SETTINGS\JEFF\LOCAL SETTINGS\APPLICATION DATA\{E465CF2A-E5B9-42F7-9FB0-1841EB2A0D83} [2009/04/08 10:29:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{86844D75-F62A-4A6F-B0C3-E43AADCA445D}: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{86844D75-F62A-4A6F-B0C3-E43AADCA445D} [2009/04/08 11:59:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/06 14:35:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/06 14:35:51 | 00,000,000 | ---D | M]

[2008/12/04 19:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Extensions
[2008/12/04 19:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/15 18:00:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\py3m66mf.default\extensions
[2009/02/02 23:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\py3m66mf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}
[2008/07/31 17:45:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\py3m66mf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/11/26 17:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\py3m66mf.default\extensions\TFToolbarX@torrent-finder
[2009/02/14 20:39:58 | 00,000,656 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\FireFox\Profiles\py3m66mf.default\searchplugins\yahoo-search.xml
[2009/04/12 00:27:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/06 14:43:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{311C66EE-CDCD-49E5-AB43-C11A158004F2}
[2009/04/06 13:35:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{702C6173-DD58-48BB-B433-F3A6D6452208}
[2009/03/09 15:52:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/25 13:18:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/05/14 18:23:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/04/06 14:35:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/06 14:35:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/30 02:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/30 02:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/30 02:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/30 02:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/30 02:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/30 02:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/30 02:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {d48b307e-4f9d-48fe-a507-2a3142f87728} - C:\WINDOWS\system32\terolomu.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" ()
O4 - HKLM..\Run: [bigayokali] Rundll32.exe "C:\WINDOWS\system32\vofobonu.dll",s File not found
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Kpacenakoho] rundll32.exe "C:\WINDOWS\ixabokogike.dll",e (Mozilla Foundation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe" Z ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1993962763-261903793-839522115-1003..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKU\S-1-5-21-1993962763-261903793-839522115-1003..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (Electronic Arts)
O4 - HKU\S-1-5-21-1993962763-261903793-839522115-1003..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1993962763-261903793-839522115-1003..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe" ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11n PCI Wireless LAN Utility.lnk = C:\Program Files\None\Common\RaUI.exe ( )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-261903793-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1228527137000 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\patusuyi.dll) - c:\windows\system32\patusuyi.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\sewogipo.dll) - C:\WINDOWS\system32\sewogipo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\system32\antiwpa.dll ()
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - CLSID or File not found.
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\cbXRKAtQ) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/02 00:14:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/17 01:11:08 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\siyefazi.dll
File not found -- C:\WINDOWS\System32\mujojami.dll
File not found -- C:\WINDOWS\System32\lumukiho.dll
File not found -- C:\WINDOWS\System32\lijadiwe.dll
File not found -- C:\WINDOWS\System32\kifemowe.dll
File not found -- C:\WINDOWS\System32\jedemeja.dll
File not found -- C:\WINDOWS\System32\fusageza.dll
File not found -- C:\WINDOWS\System32\dolofahi.dll
[2009/04/15 18:10:31 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTListIt2.exe
[2009/04/11 13:08:41 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/11 13:03:03 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/11 13:03:02 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/11 13:00:17 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/11 13:00:10 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/11 13:00:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/10 17:02:30 | 00,000,268 | -H-- | C] () -- C:\sqmdata19.sqm
[2009/04/10 13:14:10 | 00,000,534 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Session.php
[2009/04/09 18:51:10 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\dds.scr
[2009/04/09 18:28:08 | 00,000,268 | -H-- | C] () -- C:\sqmdata18.sqm
[2009/04/09 18:28:07 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt19.sqm
[2009/04/09 12:00:34 | 00,009,387 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/09 12:00:29 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/04/09 11:58:42 | 00,033,832 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/04/09 11:58:39 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/04/09 11:58:38 | 00,201,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/04/09 11:58:38 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/04/09 11:58:38 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/04/09 11:58:33 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/04/09 11:58:15 | 00,000,338 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/04/09 11:58:13 | 00,000,330 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/04/09 11:57:58 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/04/09 11:57:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/04/09 11:57:47 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/04/09 11:05:42 | 00,000,136 | -H-- | C] () -- C:\sqmdata17.sqm
[2009/04/09 11:05:41 | 00,000,136 | -H-- | C] () -- C:\sqmnoopt18.sqm
[2009/04/08 11:56:05 | 00,000,136 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2009/04/08 11:56:05 | 00,000,136 | -H-- | C] () -- C:\sqmdata16.sqm
[2009/04/08 11:53:28 | 00,000,268 | -H-- | C] () -- C:\sqmdata15.sqm
[2009/04/08 11:53:28 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2009/04/08 10:29:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Lvekapona.bin
[2009/04/08 10:29:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\{E465CF2A-E5B9-42F7-9FB0-1841EB2A0D83}
[2009/04/08 10:29:36 | 00,000,408 | ---- | C] () -- C:\WINDOWS\Jzunipiqowaliyu.dat
[2009/04/07 16:21:23 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Catalog.php
[2009/04/07 16:16:03 | 00,000,109 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\index.php
[2009/04/07 16:15:01 | 00,003,752 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\IndexContent.php
[2009/04/07 16:08:31 | 00,006,115 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Menu.php
[2009/04/07 16:08:31 | 00,005,222 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Header.php
[2009/04/07 16:08:31 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Footer.php
[2009/04/07 15:36:51 | 00,003,518 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\NewCatalog.php
[2009/04/07 10:43:11 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\lenasoyu.exe
[2009/04/07 01:18:17 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2009/04/07 01:18:17 | 00,000,136 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2009/04/07 01:18:17 | 00,000,136 | -H-- | C] () -- C:\sqmdata14.sqm
[2009/04/07 01:15:21 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2009/04/06 18:49:32 | 00,000,268 | -H-- | C] () -- C:\sqmdata13.sqm
[2009/04/06 18:49:32 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2009/04/06 18:42:39 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ovfsth.sys
[2009/04/06 14:05:21 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\winsetupsm.exe
[2009/04/06 13:36:17 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\ovfsthhilemxyilnofbnwsaqfoonhpncavoyne.dat
[2009/04/06 13:35:11 | 00,067,784 | ---- | C] () -- C:\WINDOWS\System32\ovfsthgoqrjpjmtmmwrkpdefsilnuljrvouxwk.dat
[2009/04/06 13:35:11 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ovfsthlribykxigrjmiljwchyjmkbuiolfxjsn.dll
[2009/04/06 13:35:11 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\ovfsthrtxelotrhvtpxdtljscowoojqsvogryv.dll
[2009/04/06 13:34:29 | 00,060,132 | ---- | C] (PRIVAT) -- C:\WINDOWS\System32\prunnet.exe
[2009/04/03 15:01:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\HijackThis.lnk
[2009/04/03 15:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/26 17:40:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\My Documents\Command and Conquer Generals Zero Hour Data
[2009/03/24 14:57:00 | 00,019,134 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\index.html
[2009/03/21 10:57:45 | 00,000,000 | ---D | C] -- C:\Program Files\RealVNC
[2009/03/09 17:08:55 | 00,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/03/09 17:08:55 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/03/08 16:38:15 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/03/06 16:55:15 | 00,000,056 | ---- | C] () -- C:\WINDOWS\System32\nett12.dll
[2009/01/09 10:55:12 | 00,079,872 | -HS- | C] () -- C:\WINDOWS\System32\tiwedihu.dll
[2008/11/30 20:30:05 | 00,880,948 | -HS- | C] () -- C:\WINDOWS\System32\QtAKRXbc.ini2
[2008/11/30 20:30:05 | 00,880,948 | -HS- | C] () -- C:\WINDOWS\System32\QtAKRXbc.ini
[2008/11/30 20:22:11 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/11/28 23:20:13 | 00,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 23:57:35 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/08/18 23:57:35 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/08/18 23:57:35 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/05/14 19:06:06 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/05/12 16:44:55 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/05/09 16:50:26 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/07 20:33:39 | 00,139,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/05/02 00:37:41 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/05/02 00:37:41 | 00,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/05/02 00:37:39 | 00,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/05/02 00:37:39 | 00,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/05/02 00:24:10 | 00,032,375 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/05/02 00:23:58 | 00,032,069 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/05/02 00:23:58 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/05/02 00:23:52 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/05/01 17:34:36 | 00,060,416 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2008/01/03 10:26:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/03 10:26:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/03 10:26:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/03 10:26:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/03 10:26:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 06:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/04/15 18:13:17 | 00,049,664 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 18:10:31 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTListIt2.exe
[2009/04/15 16:18:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/15 16:18:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/15 16:17:39 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\sanuvona
[2009/04/15 10:57:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Lvekapona.bin
[2009/04/15 01:29:40 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/04/14 19:38:36 | 00,009,387 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/14 19:33:34 | 00,207,243 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/14 19:31:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/14 19:31:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/13 22:56:42 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\topolobu.exe
[2009/04/13 20:00:01 | 00,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Jeff.job
[2009/04/13 13:02:11 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/13 10:56:36 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\jupaluze.exe
[2009/04/13 01:38:40 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Jzunipiqowaliyu.dat
[2009/04/12 22:56:31 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\gujujene.exe
[2009/04/12 10:56:23 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\judizapo.exe
[2009/04/11 22:56:14 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\nevaluso.exe
[2009/04/11 17:52:08 | 00,189,496 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/04/11 17:52:08 | 00,189,496 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/11 15:50:12 | 00,139,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/11 13:04:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/11 13:04:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/11 13:03:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/11 13:03:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/11 10:55:51 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\kojoyapi.exe
[2009/04/10 22:55:46 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\waremilo.exe
[2009/04/10 17:02:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/10 17:02:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/10 17:01:11 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/10 14:40:46 | 00,000,534 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Session.php
[2009/04/10 14:26:41 | 00,000,132 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Catalog.php
[2009/04/10 13:03:40 | 00,003,518 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\NewCatalog.php
[2009/04/10 10:55:28 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\veposute.exe
[2009/04/09 22:55:40 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\pizakuma.exe
[2009/04/09 18:51:10 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\dds.scr
[2009/04/09 18:28:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/04/09 18:28:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/04/09 14:30:11 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\GetCompanyId.php
[2009/04/09 12:00:29 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/04/09 11:58:14 | 00,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/04/09 11:05:42 | 00,000,136 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/09 11:05:41 | 00,000,136 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/04/09 10:55:13 | 00,079,872 | -HS- | M] () -- C:\WINDOWS\System32\tiwedihu.dll
[2009/04/08 18:04:07 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/08 18:04:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/08 18:04:07 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/04/08 11:56:05 | 00,000,136 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/08 11:56:05 | 00,000,136 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/04/08 11:53:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/08 11:53:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/07 16:21:19 | 00,000,109 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\index.php
[2009/04/07 16:15:34 | 00,003,752 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\IndexContent.php
[2009/04/07 16:14:50 | 00,006,115 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Menu.php
[2009/04/07 16:14:38 | 00,000,034 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Footer.php
[2009/04/07 16:12:25 | 00,005,222 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Header.php
[2009/04/07 10:43:11 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\lenasoyu.exe
[2009/04/07 01:18:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/04/07 01:18:17 | 00,000,136 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/07 01:18:17 | 00,000,136 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/07 01:17:23 | 00,084,992 | ---- | M] () -- C:\Documents and Settings\Jeff\My Documents\JeffFinnResume.doc
[2009/04/07 01:15:21 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2009/04/06 18:49:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/06 18:49:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/06 18:42:39 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ovfsth.sys
[2009/04/06 18:39:47 | 00,067,784 | ---- | M] () -- C:\WINDOWS\System32\ovfsthgoqrjpjmtmmwrkpdefsilnuljrvouxwk.dat
[2009/04/06 14:05:21 | 00,027,648 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\winsetupsm.exe
[2009/04/06 13:36:17 | 00,000,043 | ---- | M] () -- C:\WINDOWS\System32\ovfsthhilemxyilnofbnwsaqfoonhpncavoyne.dat
[2009/04/06 13:35:11 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ovfsthlribykxigrjmiljwchyjmkbuiolfxjsn.dll
[2009/04/06 13:35:11 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\ovfsthrtxelotrhvtpxdtljscowoojqsvogryv.dll
[2009/04/06 13:34:30 | 00,060,132 | ---- | M] (PRIVAT) -- C:\WINDOWS\System32\prunnet.exe
[2009/04/05 16:00:12 | 00,044,387 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\paypal_standard.php
[2009/04/03 15:01:23 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\HijackThis.lnk
[2009/03/26 21:50:36 | 00,000,576 | ---- | M] () -- C:\Documents and Settings\Jeff\My Documents\My Sharing Folders.lnk
[2009/03/24 14:57:00 | 00,019,134 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\index.html
[2009/03/18 10:16:31 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\nett12.dll
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:56 PM

Posted 16 April 2009 - 08:54 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (no name) - {d48b307e-4f9d-48fe-a507-2a3142f87728} - C:\WINDOWS\system32\terolomu.dll File not found
    O4 - HKLM..\Run: [bigayokali] Rundll32.exe "C:\WINDOWS\system32\vofobonu.dll",s File not found
    O4 - HKLM..\Run: [Kpacenakoho] rundll32.exe "C:\WINDOWS\ixabokogike.dll",e (Mozilla Foundation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
    O20 - AppInit_DLLs: (c:\windows\system32\patusuyi.dll) - c:\windows\system32\patusuyi.dll File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\sewogipo.dll) - C:\WINDOWS\system32\sewogipo.dll File not found
    O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\system32\antiwpa.dll ()
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - CLSID or File not found.
    O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - Reg Error: Key error. File not found
    O29 - HKLM SecurityProviders - (digeste.dll) - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\cbXRKAtQ) - File not found
    
    
    :Files
    C:\WINDOWS\System32\siyefazi.dll
    C:\WINDOWS\System32\mujojami.dll
    C:\WINDOWS\System32\lumukiho.dll
    C:\WINDOWS\System32\lijadiwe.dll
    C:\WINDOWS\System32\kifemowe.dll
    C:\WINDOWS\System32\jedemeja.dll
    C:\WINDOWS\System32\fusageza.dll
    C:\WINDOWS\System32\dolofahi.dll
    C:\WINDOWS\System32\lenasoyu.exe
    C:\WINDOWS\System32\drivers\ovfsth.sys
    C:\WINDOWS\System32\winsetupsm.exe
    C:\WINDOWS\System32\ovfsthhilemxyilnofbnwsaqfoonhpncavoyne.dat
    C:\WINDOWS\System32\ovfsthgoqrjpjmtmmwrkpdefsilnuljrvouxwk.dat
    C:\WINDOWS\System32\ovfsthlribykxigrjmiljwchyjmkbuiolfxjsn.dll
    C:\WINDOWS\System32\ovfsthrtxelotrhvtpxdtljscowoojqsvogryv.dll
    C:\WINDOWS\System32\prunnet.exe
    C:\WINDOWS\System32\tiwedihu.dll
    C:\WINDOWS\System32\QtAKRXbc.ini2
    C:\WINDOWS\System32\QtAKRXbc.ini
    C:\WINDOWS\System32\topolobu.exe
    C:\WINDOWS\System32\jupaluze.exe
    C:\WINDOWS\Jzunipiqowaliyu.dat
    C:\WINDOWS\System32\gujujene.exe
    C:\WINDOWS\System32\judizapo.exe
    C:\WINDOWS\System32\nevaluso.exe
    C:\WINDOWS\System32\kojoyapi.exe
    C:\WINDOWS\System32\waremilo.exe
    C:\WINDOWS\System32\veposute.exe
    C:\WINDOWS\System32\pizakuma.exe
    C:\WINDOWS\System32\tiwedihu.dll
    C:\WINDOWS\System32\lenasoyu.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

===================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:56 PM

Posted 09 May 2009 - 01:25 PM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users