Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NEED EXPERT HELP - SECURITY ALERT VIRUS BLOCKING MY ANTISPY


  • This topic is locked This topic is locked
26 replies to this topic

#1 Danlaff777

Danlaff777

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 18 May 2009 - 01:15 PM

Hi all,
I'm new on here and i'm having a huge problem with my PC - Windows XP. I've got some kind of virus that displays a security alert popup as soon as i log onto windows. Worse yet is i've tried just about every antispy (adaware, malwarebytes, combofix, etc.) and whenever i run them the virus pops up hundreds of messages saying "Danger! This file probably infected or corrupted by viruses" making it difficult to run a proper scan. I just ran a Hijackthis scan but have not deleted anything with it yet - Can you guys help me? Thanks so much in advance for the help - HJT log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:26, on 5/18/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\LocalService.NT AUTHORITY.000\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\yo9kz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\yo9kz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [system tool] C:\WINDOWS\sysguard.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\LocalService.NT AUTHORITY.000\reader_s.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O20 - Winlogon Notify: __c00E6781 - C:\WINDOWS\System32\__c00E6781.dat
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

--
End of file - 2834 bytes

BC AdBot (Login to Remove)

 


#2 Danlaff777

Danlaff777
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 19 May 2009 - 01:38 PM

My DDS Logs attached below - Can someone please help? this has been a HUGE problem for me - thanks in advance!


DDS (Ver_09-05-14.01) - NTFSx86
Run by Dan at 14:32:52.45 on Tue 05/19/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.255.21 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=localhost:7171
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [<NO NAME>] c:\windows\temp\yo9kz.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\yo9kz.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Notify: __c00E6781 - c:\windows\system32\__c00E6781.dat
LSA: Notification Packages = scecli c:\windows\system32\navujoko.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan~2.dan\applic~1\mozilla\firefox\profiles\p88qvi7m.default\
FF - plugin: c:\documents and settings\dan.dan-dvurede6rlu\application data\mozilla\firefox\profiles\p88qvi7m.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aeh1066;aeh1066;c:\windows\system32\drivers\aeh1066.sys [2009-5-6 17376]
R1 aeh3de4;aeh3de4;c:\windows\system32\drivers\aeh3de4.sys [2009-5-5 17376]
R1 aeh9d98;aeh9d98;c:\windows\system32\drivers\aeh9d98.sys [2009-5-5 17376]
R1 ajmec3e;ajmec3e;c:\windows\system32\drivers\ajmec3e.sys [2009-4-30 17376]
R1 beib90a;beib90a;c:\windows\system32\drivers\beib90a.sys [2009-5-6 17376]
R1 cgj0690;cgj0690;c:\windows\system32\drivers\cgj0690.sys [2009-5-5 17376]
R1 cgj1ce8;cgj1ce8;c:\windows\system32\drivers\cgj1ce8.sys [2009-4-30 17376]
R1 dgj8098;dgj8098;c:\windows\system32\drivers\dgj8098.sys [2009-4-30 17376]
R1 dgpc15d;dgpc15d;c:\windows\system32\drivers\dgpc15d.sys [2009-5-5 17376]
R1 dhka6a5;dhka6a5;c:\windows\system32\drivers\dhka6a5.sys [2009-5-6 17376]
R1 ehlb317;ehlb317;c:\windows\system32\drivers\ehlb317.sys [2009-5-4 17376]
R1 eil4374;eil4374;c:\windows\system32\drivers\eil4374.sys [2009-5-5 17376]
R1 fil2790;fil2790;c:\windows\system32\drivers\fil2790.sys [2009-5-4 17376]
R1 fimc7a4;fimc7a4;c:\windows\system32\drivers\fimc7a4.sys [2009-5-5 17376]
R1 gjn2277;gjn2277;c:\windows\system32\drivers\gjn2277.sys [2009-5-6 17376]
R1 gkn1f6c;gkn1f6c;c:\windows\system32\drivers\gkn1f6c.sys [2009-5-1 17376]
R1 gkn957e;gkn957e;c:\windows\system32\drivers\gkn957e.sys [2009-5-5 17376]
R1 ilp9543;ilp9543;c:\windows\system32\drivers\ilp9543.sys [2009-5-5 17376]
R1 imae990;imae990;c:\windows\system32\drivers\imae990.sys [2009-5-1 17376]
R1 impf5a1;impf5a1;c:\windows\system32\drivers\impf5a1.sys [2009-5-6 17376]
R1 jnq1921;jnq1921;c:\windows\system32\drivers\jnq1921.sys [2009-5-7 17376]
R1 kncf099;kncf099;c:\windows\system32\drivers\kncf099.sys [2009-5-5 17376]
R1 knr412f;knr412f;c:\windows\system32\drivers\knr412f.sys [2009-5-5 17376]
R1 mqtdc74;mqtdc74;c:\windows\system32\drivers\mqtdc74.sys [2009-5-5 17376]
R1 ocgdf8f;ocgdf8f;c:\windows\system32\drivers\ocgdf8f.sys [2009-5-6 17376]
R1 ocgefbb;ocgefbb;c:\windows\system32\drivers\ocgefbb.sys [2009-5-5 17376]
R1 orge946;orge946;c:\windows\system32\drivers\orge946.sys [2009-5-4 17376]
R1 peh06f8;peh06f8;c:\windows\system32\drivers\peh06f8.sys [2009-5-4 17376]
R1 pshf59e;pshf59e;c:\windows\system32\drivers\pshf59e.sys [2009-5-5 17376]
R1 qad10ee;qad10ee;c:\windows\system32\drivers\qad10ee.sys [2009-5-6 17376]
R1 qtd4267;qtd4267;c:\windows\system32\drivers\qtd4267.sys [2009-5-1 17376]
R1 rae1c2f;rae1c2f;c:\windows\system32\drivers\rae1c2f.sys [2009-5-7 17376]
R1 rbeaaff;rbeaaff;c:\windows\system32\drivers\rbeaaff.sys [2009-4-29 17376]
R1 sbf6b7b;sbf6b7b;c:\windows\system32\drivers\sbf6b7b.sys [2009-5-6 17376]
R1 sbfb749;sbfb749;c:\windows\system32\drivers\sbfb749.sys [2009-4-30 17376]
R1 tcgafc4;tcgafc4;c:\windows\system32\drivers\tcgafc4.sys [2009-5-7 17376]
R1 tcgba51;tcgba51;c:\windows\system32\drivers\tcgba51.sys [2009-4-28 17376]
R1 tcld6ac;tcld6ac;c:\windows\system32\drivers\tcld6ac.sys [2009-5-6 17376]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2007-4-10 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2007-4-10 545088]
R4 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys --> c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [?]
R4 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\avgascln.sys --> c:\windows\system32\drivers\AvgAsCln.sys [?]
S1 34e3d3ec;34e3d3ec;c:\windows\system32\drivers\34e3d3ec.sys [2009-4-27 0]
S1 Dup;Dup;c:\windows\system32\drivers\dup.sys [2009-5-18 18368]
S1 ethcrzxu;ethcrzxu;c:\windows\system32\drivers\ethcrzxu.sys [2009-4-27 136192]
S1 tclf53e;tclf53e;c:\windows\system32\drivers\tclf53e.sys [2009-5-5 17376]
S3 pcm1394;pcm1394;c:\windows\system32\pcm1394.sys [2003-7-16 2304]
S3 vitra;vitra;c:\windows\system32\drivers\vitra.sys --> c:\windows\system32\drivers\vitra.sys [?]
S4 MYS Mutex Algorithm Service;MYS Mutex Algorithm Service;c:\windows\system\mysmas.exe [2009-5-15 95232]

=============== Created Last 30 ================

2009-05-18 19:50 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\Grisoft
2009-05-18 19:49 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Grisoft
2009-05-18 18:36 0 a------- c:\windows\system32\EB.tmp
2009-05-18 18:36 18,368 a------- c:\windows\system32\drivers\dup.sys
2009-05-18 18:36 22,016 a------- c:\windows\system32\E8.tmp
2009-05-18 18:36 160 a------- c:\windows\system32\E6.tmp
2009-05-18 15:35 <DIR> --d----- c:\program files\Exterminate It!
2009-05-18 15:24 <DIR> --d----- c:\program files\Enigma Software Group
2009-05-18 15:14 438 a------- C:\spyhunter.fix
2009-05-18 14:02 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-05-18 13:55 <DIR> --d----- c:\program files\Trend Micro
2009-05-18 13:30 <DIR> --d----- C:\VundoFix Backups
2009-05-18 04:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-18 04:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-18 03:58 1 a------- c:\windows\system32\E5.tmp
2009-05-18 03:58 84 a------- c:\windows\system32\E4.tmp
2009-05-18 03:43 <DIR> -cd-h--- c:\docume~1\alluse~1.win\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-18 03:26 1 a------- c:\windows\system32\E3.tmp
2009-05-18 03:26 84 a------- c:\windows\system32\E2.tmp
2009-05-18 02:24 1 a------- c:\windows\system32\E1.tmp
2009-05-18 02:24 84 a------- c:\windows\system32\E0.tmp
2009-05-18 02:18 <DIR> --d----- c:\program files\CCleaner
2009-05-18 02:16 1 a------- c:\windows\system32\DF.tmp
2009-05-18 02:16 84 a------- c:\windows\system32\DE.tmp
2009-05-17 21:19 84 a------- c:\windows\system32\DC.tmp
2009-05-17 21:19 1 a------- c:\windows\system32\DD.tmp
2009-05-17 21:12 84 a------- c:\windows\system32\D9.tmp
2009-05-17 21:12 1 a------- c:\windows\system32\DA.tmp
2009-05-17 21:05 1 a------- c:\windows\system32\DB.tmp
2009-05-17 21:05 84 a------- c:\windows\system32\D8.tmp
2009-05-17 20:41 1 a------- c:\windows\system32\D7.tmp
2009-05-17 20:41 84 a------- c:\windows\system32\D6.tmp
2009-05-17 20:19 84 a------- c:\windows\system32\D4.tmp
2009-05-17 20:19 1 a------- c:\windows\system32\D5.tmp
2009-05-17 18:34 1 a------- c:\windows\system32\D3.tmp
2009-05-17 18:34 84 a------- c:\windows\system32\D2.tmp
2009-05-17 18:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 18:23 1 a------- c:\windows\system32\D1.tmp
2009-05-17 18:23 84 a------- c:\windows\system32\CF.tmp
2009-05-17 16:30 <DIR> --d----- C:\Dan Progs
2009-05-17 16:24 1 a------- c:\windows\system32\D0.tmp
2009-05-17 16:24 84 a------- c:\windows\system32\CE.tmp
2009-05-17 15:06 560,128 ac------ c:\windows\system32\dllcache\user32.dll
2009-05-17 14:53 1 a------- c:\windows\system32\CD.tmp
2009-05-17 14:53 84 a------- c:\windows\system32\CB.tmp
2009-05-17 14:38 0 a------- c:\windows\system32\C8.tmp
2009-05-17 14:31 1 a------- c:\windows\system32\C9.tmp
2009-05-17 14:31 84 a------- c:\windows\system32\C7.tmp
2009-05-17 14:20 1 a------- c:\windows\system32\C6.tmp
2009-05-17 14:20 84 a------- c:\windows\system32\C5.tmp
2009-05-17 14:08 1 a------- c:\windows\system32\C4.tmp
2009-05-17 14:08 84 a------- c:\windows\system32\C3.tmp
2009-05-17 14:00 1 a------- c:\windows\system32\10A.tmp
2009-05-17 14:00 84 a------- c:\windows\system32\109.tmp
2009-05-17 13:52 1 a------- c:\windows\system32\C1.tmp
2009-05-17 13:52 84 a------- c:\windows\system32\BF.tmp
2009-05-17 13:45 1 a------- c:\windows\system32\2C.tmp
2009-05-17 13:45 84 a------- c:\windows\system32\2A.tmp
2009-05-17 13:08 1 a------- c:\windows\system32\28.tmp
2009-05-17 13:08 84 a------- c:\windows\system32\22.tmp
2009-05-16 18:28 1 a------- c:\windows\system32\21.tmp
2009-05-16 01:48 223 a------- C:\xcrashdump.dat
2009-05-15 22:42 2,498 a------- c:\windows\system32\tmp.reg
2009-05-15 20:29 82,324 a------- C:\lsass.exe
2009-05-15 20:28 31,232 a------- C:\ccdxwaq.exe
2009-05-15 20:28 82,324 a------- C:\vjtggt.exe
2009-05-15 20:28 27,648 a------- c:\windows\system32\__c00E6781.dat
2009-05-15 20:28 15,000 a------- c:\windows\system32\jkshfuiehi.dll
2009-05-15 20:28 57,856 a------- C:\rmkuwevt.exe
2009-05-15 20:28 32,256 a------- C:\bOC.exe
2009-05-15 20:28 402,960 a------- C:\UB13.exe
2009-05-15 20:07 <DIR> -cd-h--- c:\docume~1\alluse~1.win\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-05-15 19:54 <DIR> --d----- C:\KAV
2009-05-15 19:10 1 a------- c:\windows\system32\20.tmp
2009-05-15 19:10 84 a------- c:\windows\system32\1F.tmp
2009-05-15 18:37 21,056 a------- c:\windows\system32\drivers\sskbfd.sys
2009-05-15 18:36 164 a------- C:\install.dat
2009-05-15 17:18 1 a------- c:\windows\system32\27.tmp
2009-05-15 17:18 84 a------- c:\windows\system32\25.tmp
2009-05-15 16:56 84 a------- c:\windows\system32\1C.tmp
2009-05-15 16:56 1 a------- c:\windows\system32\1D.tmp
2009-05-15 13:15 1 a------- c:\windows\system32\18.tmp
2009-05-15 13:15 84 a------- c:\windows\system32\17.tmp
2009-05-15 13:06 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\GetRightToGo
2009-05-15 10:22 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\Malwarebytes
2009-05-15 10:22 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-05-15 10:16 0 a------- c:\windows\system32\1A.tmp
2009-05-15 10:15 95,232 ---shr-- c:\windows\system\mysmas.exe
2009-05-15 04:12 0 a------- c:\windows\system32\C2.tmp
2009-05-15 04:12 120 a------- c:\windows\system32\BD.tmp
2009-05-14 22:13 0 a------- c:\windows\system32\1E.tmp
2009-05-14 22:13 120 a------- c:\windows\system32\1B.tmp
2009-05-14 22:08 0 a------- c:\windows\system32\19.tmp
2009-05-14 22:08 120 a------- c:\windows\system32\14.tmp
2009-05-14 21:51 0 a------- c:\windows\system32\10.tmp
2009-05-14 21:00 0 a------- c:\windows\system32\C0.tmp
2009-05-14 20:59 120 a------- c:\windows\system32\B8.tmp
2009-05-14 20:56 0 a------- c:\windows\system32\B2.tmp
2009-05-14 20:56 0 a------- c:\windows\system32\2F.tmp
2009-05-14 20:56 0 a------- c:\windows\system32\2E.tmp
2009-05-14 20:56 120 a------- c:\windows\system32\2D.tmp
2009-05-14 20:54 0 a------- c:\windows\system32\2B.tmp
2009-05-14 20:49 0 a------- c:\windows\system32\29.tmp
2009-05-14 20:49 120 a------- c:\windows\system32\26.tmp
2009-05-14 20:45 5,621 a------- c:\windows\system32\24.tmp
2009-05-14 20:20 0 a------- c:\windows\system32\11.tmp
2009-05-14 19:22 0 a------- c:\windows\system32\16.tmp
2009-05-14 19:22 0 a------- c:\windows\system32\15.tmp
2009-05-14 19:18 7,081 a------- c:\windows\system32\13.tmp
2009-05-14 19:18 120 a------- c:\windows\system32\12.tmp
2009-05-14 19:18 0 a------- C:\10.tmp
2009-05-14 19:18 0 a------- C:\B.tmp
2009-05-14 19:18 0 a------- C:\A.tmp
2009-05-14 19:18 0 a------- C:\8.tmp
2009-05-14 19:17 0 a------- C:\7.tmp
2009-05-14 19:17 0 a------- C:\5.tmp
2009-05-14 15:13 <DIR> --d----- c:\windows\ERUNT
2009-05-14 15:08 <DIR> --d----- C:\SDFix
2009-05-14 15:08 0 a------- c:\windows\system32\CC.tmp
2009-05-14 15:08 84 a------- c:\windows\system32\CA.tmp
2009-05-14 15:03 0 a------- c:\windows\system32\BE.tmp
2009-05-14 15:03 84 a------- c:\windows\system32\BB.tmp
2009-05-14 14:54 0 a------- c:\windows\system32\B7.tmp
2009-05-14 14:54 84 a------- c:\windows\system32\AF.tmp
2009-05-14 14:38 0 a------- c:\windows\system32\B1.tmp
2009-05-14 14:38 84 a------- c:\windows\system32\AA.tmp
2009-05-14 13:25 0 a------- C:\B5.tmp
2009-05-14 13:25 0 a------- C:\B4.tmp
2009-05-14 13:25 0 a------- C:\B2.tmp
2009-05-14 13:24 0 a------- c:\windows\system32\B0.tmp
2009-05-14 13:24 84 a------- c:\windows\system32\AD.tmp
2009-05-14 13:20 0 a------- c:\windows\system32\AB.tmp
2009-05-14 13:20 84 a------- c:\windows\system32\A8.tmp
2009-05-14 12:49 0 a------- c:\windows\system32\AE.tmp
2009-05-14 12:49 84 a------- c:\windows\system32\AC.tmp
2009-05-14 12:40 0 a------- c:\windows\system32\A9.tmp
2009-05-14 12:40 84 a------- c:\windows\system32\A6.tmp
2009-05-14 01:47 0 a------- c:\windows\system32\A7.tmp
2009-05-14 01:47 154,624 a------- c:\windows\system32\A5.tmp
2009-05-14 01:47 124 a------- c:\windows\system32\A2.tmp
2009-05-13 18:44 0 a------- c:\windows\system32\BC.tmp
2009-05-13 18:44 152,576 a------- c:\windows\system32\BA.tmp
2009-05-13 18:44 124 a------- c:\windows\system32\B9.tmp
2009-05-13 18:21 0 a------- c:\windows\system32\B6.tmp
2009-05-13 18:21 0 a------- c:\windows\system32\B5.tmp
2009-05-13 18:21 0 a------- c:\windows\system32\B4.tmp
2009-05-13 18:19 124 a------- c:\windows\system32\B3.tmp
2009-05-13 18:11 0 a------- c:\windows\system32\A4.tmp
2009-05-13 18:10 152,576 a------- c:\windows\system32\9E.tmp
2009-05-13 18:10 124 a------- c:\windows\system32\9D.tmp
2009-05-13 14:51 0 a------- c:\windows\system32\A1.tmp
2009-05-13 14:47 0 a------- c:\windows\system32\9F.tmp
2009-05-13 14:43 154,624 a------- c:\windows\system32\9C.tmp
2009-05-13 14:43 124 a------- c:\windows\system32\97.tmp
2009-05-13 13:26 0 a------- c:\windows\system32\9A.tmp
2009-05-13 13:25 0 a------- c:\windows\system32\94.tmp
2009-05-13 13:24 124 a------- c:\windows\system32\7E.tmp
2009-05-10 21:31 61,440 a------- c:\windows\system32\A3.tmp
2009-05-10 21:30 120 a------- c:\windows\system32\A0.tmp
2009-05-10 20:38 61,440 a------- c:\windows\system32\99.tmp
2009-05-10 20:38 120 a------- c:\windows\system32\93.tmp
2009-05-10 20:16 61,440 a------- c:\windows\system32\9B.tmp
2009-05-10 20:16 120 a------- c:\windows\system32\98.tmp
2009-05-10 20:12 61,440 a------- c:\windows\system32\96.tmp
2009-05-10 20:12 120 a------- c:\windows\system32\91.tmp
2009-05-09 16:11 1 a------- c:\windows\system32\90.tmp
2009-05-09 16:11 56,832 a------- c:\windows\system32\8F.tmp
2009-05-09 16:10 84 a------- c:\windows\system32\89.tmp
2009-05-08 20:51 61,440 a------- c:\windows\system32\8C.tmp
2009-05-08 20:51 84 a------- c:\windows\system32\83.tmp
2009-05-08 18:05 61,440 a------- c:\windows\system32\86.tmp
2009-05-08 18:05 84 a------- c:\windows\system32\76.tmp
2009-05-08 17:32 61,440 a------- c:\windows\system32\8D.tmp
2009-05-08 17:32 84 a------- c:\windows\system32\8A.tmp
2009-05-08 17:31 0 a------- c:\windows\system32\88.tmp
2009-05-08 17:25 61,440 a------- c:\windows\system32\84.tmp
2009-05-08 17:25 84 a------- c:\windows\system32\82.tmp
2009-05-08 17:04 84 a------- c:\windows\system32\71.tmp
2009-05-08 16:56 61,440 a------- c:\windows\system32\87.tmp
2009-05-08 16:56 84 a------- c:\windows\system32\85.tmp
2009-05-08 16:51 61,440 a------- c:\windows\system32\81.tmp
2009-05-08 16:51 84 a------- c:\windows\system32\79.tmp
2009-05-08 16:49 61,440 a------- c:\windows\system32\73.tmp
2009-05-08 16:49 84 a------- c:\windows\system32\6E.tmp
2009-05-08 16:36 61,440 a------- c:\windows\system32\7F.tmp
2009-05-08 16:36 84 a------- c:\windows\system32\7C.tmp
2009-05-08 16:20 0 a------- c:\windows\system32\7A.tmp
2009-05-08 16:09 61,440 a------- c:\windows\system32\75.tmp
2009-05-08 16:09 84 a------- c:\windows\system32\72.tmp
2009-05-08 16:00 61,440 a------- c:\windows\system32\70.tmp
2009-05-08 16:00 84 a------- c:\windows\system32\6C.tmp
2009-05-08 04:07 61,440 a------- c:\windows\system32\6F.tmp
2009-05-08 04:07 120 a------- c:\windows\system32\6A.tmp
2009-05-07 22:01 61,440 a------- c:\windows\system32\80.tmp
2009-05-07 22:01 120 a------- c:\windows\system32\7D.tmp
2009-05-07 21:54 61,440 a------- c:\windows\system32\7B.tmp
2009-05-07 21:53 120 a------- c:\windows\system32\78.tmp
2009-05-07 21:20 61,440 a------- c:\windows\system32\6D.tmp
2009-05-07 21:20 120 a------- c:\windows\system32\68.tmp
2009-05-07 20:24 61,440 a------- c:\windows\system32\95.tmp
2009-05-07 20:24 120 a------- c:\windows\system32\92.tmp
2009-05-07 20:20 61,440 a------- c:\windows\system32\8E.tmp
2009-05-07 20:20 120 a------- c:\windows\system32\8B.tmp
2009-05-07 19:24 61,440 a------- c:\windows\system32\6B.tmp
2009-05-07 19:24 120 a------- c:\windows\system32\66.tmp
2009-05-07 18:58 61,440 a------- c:\windows\system32\69.tmp
2009-05-07 18:58 120 a------- c:\windows\system32\64.tmp
2009-05-07 18:16 61,440 a------- c:\windows\system32\77.tmp
2009-05-07 18:16 120 a------- c:\windows\system32\74.tmp
2009-05-07 17:51 61,440 a------- c:\windows\system32\67.tmp
2009-05-07 17:51 120 a------- c:\windows\system32\61.tmp
2009-05-07 16:31 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\AVG8
2009-05-07 16:13 61,440 a------- c:\windows\system32\65.tmp
2009-05-07 16:13 120 a------- c:\windows\system32\5C.tmp
2009-05-07 14:16 61,440 a------- c:\windows\system32\63.tmp
2009-05-07 12:05 61,440 a------- c:\windows\system32\62.tmp
2009-05-07 12:05 17,376 a------- c:\windows\system32\drivers\jnq1921.sys
2009-05-07 12:05 124 a------- c:\windows\system32\57.tmp
2009-05-07 02:10 61,440 a------- c:\windows\system32\5F.tmp
2009-05-07 02:10 17,376 a------- c:\windows\system32\drivers\rae1c2f.sys
2009-05-07 02:10 124 a------- c:\windows\system32\55.tmp
2009-05-07 01:00 61,440 a------- c:\windows\system32\5A.tmp
2009-05-07 01:00 17,376 a------- c:\windows\system32\drivers\tcgafc4.sys
2009-05-06 20:18 61,440 a------- c:\windows\system32\60.tmp
2009-05-06 20:18 17,376 a------- c:\windows\system32\drivers\gjn2277.sys
2009-05-06 20:18 0 a------- c:\windows\system32\5E.tmp
2009-05-06 20:18 124 a------- c:\windows\system32\5D.tmp
2009-05-06 19:56 61,440 a------- c:\windows\system32\59.tmp
2009-05-06 19:56 17,376 a------- c:\windows\system32\drivers\ocgdf8f.sys
2009-05-06 19:56 124 a------- c:\windows\system32\53.tmp
2009-05-06 17:51 61,440 a------- c:\windows\system32\5B.tmp
2009-05-06 17:51 17,376 a------- c:\windows\system32\drivers\tcld6ac.sys
2009-05-06 17:51 124 a------- c:\windows\system32\58.tmp
2009-05-06 17:45 61,440 a------- c:\windows\system32\56.tmp
2009-05-06 17:45 17,376 a------- c:\windows\system32\drivers\aeh1066.sys
2009-05-06 17:45 124 a------- c:\windows\system32\50.tmp
2009-05-06 16:14 17,376 a------- c:\windows\system32\drivers\beib90a.sys
2009-05-06 16:14 61,440 a------- c:\windows\system32\54.tmp
2009-05-06 16:14 124 a------- c:\windows\system32\4F.tmp
2009-05-06 13:39 1 a------- c:\windows\system32\52.tmp
2009-05-06 13:39 84 a------- c:\windows\system32\51.tmp
2009-05-06 13:37 1 a------- c:\windows\system32\4C.tmp
2009-05-06 13:37 84 a------- c:\windows\system32\4B.tmp
2009-05-06 13:02 61,440 a------- c:\windows\system32\4E.tmp
2009-05-06 13:02 17,376 a------- c:\windows\system32\drivers\qad10ee.sys
2009-05-06 13:02 124 a------- c:\windows\system32\3E.tmp
2009-05-06 11:29 61,440 a------- c:\windows\system32\45.tmp
2009-05-06 11:29 17,376 a------- c:\windows\system32\drivers\dhka6a5.sys
2009-05-06 11:29 19,420 a------- c:\windows\system32\42.tmp
2009-05-06 11:29 124 a------- c:\windows\system32\3C.tmp
2009-05-06 02:56 61,440 a------- c:\windows\system32\49.tmp
2009-05-06 02:56 17,376 a------- c:\windows\system32\drivers\sbf6b7b.sys
2009-05-06 02:56 19,420 a------- c:\windows\system32\47.tmp
2009-05-06 02:56 124 a------- c:\windows\system32\44.tmp
2009-05-06 02:51 61,440 a------- c:\windows\system32\41.tmp
2009-05-06 02:51 17,376 a------- c:\windows\system32\drivers\impf5a1.sys
2009-05-06 02:51 124 a------- c:\windows\system32\39.tmp
2009-05-05 22:02 61,440 a------- c:\windows\system32\4D.tmp
2009-05-05 22:02 17,376 a------- c:\windows\system32\drivers\mqtdc74.sys
2009-05-05 22:01 160 a------- c:\windows\system32\48.tmp
2009-05-05 21:08 61,440 a------- c:\windows\system32\40.tmp
2009-05-05 21:08 17,376 a------- c:\windows\system32\drivers\ilp9543.sys
2009-05-05 21:08 160 a------- c:\windows\system32\37.tmp
2009-05-05 19:31 61,440 a------- c:\windows\system32\43.tmp
2009-05-05 19:31 17,376 a------- c:\windows\system32\drivers\cgj0690.sys
2009-05-05 19:31 160 a------- c:\windows\system32\3F.tmp
2009-05-05 19:22 61,440 a------- c:\windows\system32\3D.tmp
2009-05-05 19:22 17,376 a------- c:\windows\system32\drivers\pshf59e.sys
2009-05-05 19:22 160 a------- c:\windows\system32\35.tmp
2009-05-05 19:14 61,440 a------- c:\windows\system32\3B.tmp
2009-05-05 19:14 17,376 a------- c:\windows\system32\drivers\fimc7a4.sys
2009-05-05 19:13 160 a------- c:\windows\system32\34.tmp
2009-05-05 17:40 17,376 a------- c:\windows\system32\drivers\dgpc15d.sys
2009-05-05 17:40 61,440 a------- c:\windows\system32\38.tmp
2009-05-05 17:39 160 a------- c:\windows\system32\32.tmp
2009-05-05 16:47 61,440 a------- c:\windows\system32\3A.tmp
2009-05-05 16:47 17,376 a------- c:\windows\system32\drivers\eil4374.sys
2009-05-05 16:47 160 a------- c:\windows\system32\36.tmp
2009-05-05 16:44 61,440 a------- c:\windows\system32\33.tmp
2009-05-05 16:44 17,376 a------- c:\windows\system32\drivers\tclf53e.sys
2009-05-05 14:49 17,376 a------- c:\windows\system32\drivers\ocgefbb.sys
2009-05-05 13:19 17,376 a------- c:\windows\system32\drivers\aeh9d98.sys
2009-05-05 12:14 61,440 a------- c:\windows\system32\31.tmp
2009-05-05 12:14 17,376 a------- c:\windows\system32\drivers\gkn957e.sys
2009-05-05 12:08 17,376 a------- c:\windows\system32\drivers\knr412f.sys
2009-05-05 03:01 17,376 a------- c:\windows\system32\drivers\aeh3de4.sys
2009-05-05 01:23 17,376 a------- c:\windows\system32\drivers\kncf099.sys
2009-05-04 22:44 17,376 a------- c:\windows\system32\drivers\fil2790.sys
2009-05-04 20:14 17,376 a------- c:\windows\system32\drivers\ehlb317.sys
2009-05-04 18:32 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\NortonInstaller
2009-05-04 18:20 17,376 a------- c:\windows\system32\drivers\orge946.sys
2009-05-04 16:57 17,376 a------- c:\windows\system32\drivers\peh06f8.sys
2009-05-01 05:11 61,440 a------- c:\windows\system32\4A.tmp
2009-05-01 05:10 17,376 a------- c:\windows\system32\drivers\gkn1f6c.sys
2009-05-01 05:10 124 a------- c:\windows\system32\46.tmp
2009-05-01 05:00 17,376 a------- c:\windows\system32\drivers\qtd4267.sys
2009-05-01 03:25 32,768 a------- c:\windows\system32\fxe.sp
2009-05-01 03:12 53,283 a------- c:\windows\system32\paso.el
2009-05-01 03:12 0 a------- c:\windows\ynh.dx
2009-05-01 03:12 17,376 a------- c:\windows\system32\drivers\imae990.sys
2009-04-30 21:09 17,376 a------- c:\windows\system32\drivers\ajmec3e.sys
2009-04-30 18:20 17,376 a------- c:\windows\system32\drivers\cgj1ce8.sys
2009-04-30 16:39 17,376 a------- c:\windows\system32\drivers\sbfb749.sys
2009-04-30 04:11 17,376 a------- c:\windows\system32\drivers\dgj8098.sys
2009-04-29 12:20 17,376 a------- c:\windows\system32\drivers\rbeaaff.sys
2009-04-29 08:34 519,168 a------- c:\windows\system32\Installer.exe
2009-04-29 08:34 82,432 a------- c:\windows\system32\resdll.dll
2009-04-29 08:33 0 a------- c:\windows\system32\30.tmp
2009-04-29 01:15 45,056 a------- c:\documents and settings\dan.dan-dvurede6rlu\file.exe
2009-04-28 13:27 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-28 13:27 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-04-28 12:56 17,376 a------- c:\windows\system32\drivers\tcgba51.sys
2009-04-28 04:03 61,440 a------- c:\windows\system32\75C.tmp
2009-04-28 04:03 152,064 a------- c:\windows\system32\75A.tmp
2009-04-28 04:02 13,642 a------- c:\windows\system32\759.tmp
2009-04-28 04:02 176 a------- c:\windows\system32\758.tmp
2009-04-27 18:50 0 a------- C:\F.tmp
2009-04-27 18:50 0 a------- C:\E.tmp
2009-04-27 18:49 54,784 a------- C:\D.tmp
2009-04-27 18:49 0 a------- C:\C.tmp
2009-04-27 18:49 136,192 a------- c:\windows\system32\drivers\ethcrzxu.sys
2009-04-27 17:43 <DIR> --d----- c:\windows\system32\3361
2009-04-27 17:43 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-27 17:43 <DIR> --d----- c:\windows\dhcp
2009-04-27 16:44 0 a------- C:\9C.tmp
2009-04-27 16:44 0 a------- C:\9B.tmp
2009-04-27 16:44 0 a------- C:\99.tmp
2009-04-27 16:43 0 a------- c:\windows\system32\drivers\34e3d3ec.sys
2009-04-27 16:41 290,304 a------- C:\kggi.exe

==================== Find3M ====================

2009-05-19 00:24 178,688 a------- c:\windows\system32\tpsaxyd.exe
2009-05-17 21:51 560,128 a------- c:\windows\system32\user32.dll
2009-04-27 16:43 162,432 ac------ c:\windows\system32\drivers\ndis.sys
2009-04-27 16:41 105,984 a--sh--- c:\windows\system32\vonibusa.dll
2009-04-27 16:41 78,848 a--sh--- c:\windows\system32\nogopofa.exe
2009-04-27 04:41 81,408 a--sh--- c:\windows\system32\nuhufise.exe
2009-04-26 04:41 106,496 a--sh--- c:\windows\system32\bolojiju.dll
2009-04-26 04:41 80,896 a--sh--- c:\windows\system32\vuviyigi.exe

============= FINISH: 14:34:24.93 ===============

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:52 AM

Posted 19 May 2009 - 04:35 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 Danlaff777

Danlaff777
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 20 May 2009 - 01:05 AM

Hi Sam,
First i just want to say thanks SO MUCH in advance for helping me, this virus has been a nightmare.

Ok so i downloaded combofix to my desktop. Unfortunately whenever i download anything i'm constantly getting the "Danger! This file probably infected or corrupted by viruses" message upon installation - this appears anywhere from 0 times up to 10 times during a download/installation.

Combofix then attempted to run and i got this message:

............
!! Alert !! It is NOT SAFE to continue!

The contents of the combofix package has been compromised
Please download a fresh copy from:
http://bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus (Virut)
.............

combofix then completely uninstalls - this happens every time i've tried to download combofix and i can't seem to download a clean copy.


Here are my latest HJT and DDS logs (running in normal mode) up to the second this error happened.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:00:33, on 5/20/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\Program Files\Mozilla Firefox\ff.exe
C:\WINDOWS\system32\CF9917.exe
C:\CF\NirCmd.cfexe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\yo9kz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\yo9kz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\yo9kz.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O20 - Winlogon Notify: __c00E6781 - C:\WINDOWS\System32\__c00E6781.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MYS Mutex Algorithm Service - Unknown owner - C:\WINDOWS\system\mysmas.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 3513 bytes








DDS (Ver_09-05-14.01) - NTFSx86
Run by Dan at 2:01:27.25 on Wed 05/20/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.255.44 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
svchost.exe C:\WINDOWS\TEMP\VRT23.tmp
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\ff.exe
C:\WINDOWS\system32\CF9917.exe
C:\CF\NirCmd.cfexe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=localhost:7171
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [services] c:\windows\services.exe
dRun: [<NO NAME>] c:\windows\temp\yo9kz.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\yo9kz.exe
dRun: [reader_s] c:\documents and settings\dan.dan-dvurede6rlu\reader_s.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Notify: __c00E6781 - c:\windows\system32\__c00E6781.dat
LSA: Notification Packages = scecli c:\windows\system32\navujoko.dll

============= SERVICES / DRIVERS ===============

R1 aeh1066;aeh1066;c:\windows\system32\drivers\aeh1066.sys [2009-5-6 17376]
R1 aeh3de4;aeh3de4;c:\windows\system32\drivers\aeh3de4.sys [2009-5-5 17376]
R1 aeh9d98;aeh9d98;c:\windows\system32\drivers\aeh9d98.sys [2009-5-5 17376]
R1 ajmec3e;ajmec3e;c:\windows\system32\drivers\ajmec3e.sys [2009-4-30 17376]
R1 beib90a;beib90a;c:\windows\system32\drivers\beib90a.sys [2009-5-6 17376]
R1 cgj0690;cgj0690;c:\windows\system32\drivers\cgj0690.sys [2009-5-5 17376]
R1 cgj1ce8;cgj1ce8;c:\windows\system32\drivers\cgj1ce8.sys [2009-4-30 17376]
R1 dgj8098;dgj8098;c:\windows\system32\drivers\dgj8098.sys [2009-4-30 17376]
R1 dgpc15d;dgpc15d;c:\windows\system32\drivers\dgpc15d.sys [2009-5-5 17376]
R1 dhka6a5;dhka6a5;c:\windows\system32\drivers\dhka6a5.sys [2009-5-6 17376]
R1 ehlb317;ehlb317;c:\windows\system32\drivers\ehlb317.sys [2009-5-4 17376]
R1 eil4374;eil4374;c:\windows\system32\drivers\eil4374.sys [2009-5-5 17376]
R1 fil2790;fil2790;c:\windows\system32\drivers\fil2790.sys [2009-5-4 17376]
R1 fimc7a4;fimc7a4;c:\windows\system32\drivers\fimc7a4.sys [2009-5-5 17376]
R1 gjn2277;gjn2277;c:\windows\system32\drivers\gjn2277.sys [2009-5-6 17376]
R1 gkn1f6c;gkn1f6c;c:\windows\system32\drivers\gkn1f6c.sys [2009-5-1 17376]
R1 gkn957e;gkn957e;c:\windows\system32\drivers\gkn957e.sys [2009-5-5 17376]
R1 ilp9543;ilp9543;c:\windows\system32\drivers\ilp9543.sys [2009-5-5 17376]
R1 imae990;imae990;c:\windows\system32\drivers\imae990.sys [2009-5-1 17376]
R1 impf5a1;impf5a1;c:\windows\system32\drivers\impf5a1.sys [2009-5-6 17376]
R1 jnq1921;jnq1921;c:\windows\system32\drivers\jnq1921.sys [2009-5-7 17376]
R1 kncf099;kncf099;c:\windows\system32\drivers\kncf099.sys [2009-5-5 17376]
R1 knr412f;knr412f;c:\windows\system32\drivers\knr412f.sys [2009-5-5 17376]
R1 mqtdc74;mqtdc74;c:\windows\system32\drivers\mqtdc74.sys [2009-5-5 17376]
R1 ocgdf8f;ocgdf8f;c:\windows\system32\drivers\ocgdf8f.sys [2009-5-6 17376]
R1 ocgefbb;ocgefbb;c:\windows\system32\drivers\ocgefbb.sys [2009-5-5 17376]
R1 orge946;orge946;c:\windows\system32\drivers\orge946.sys [2009-5-4 17376]
R1 peh06f8;peh06f8;c:\windows\system32\drivers\peh06f8.sys [2009-5-4 17376]
R1 pshf59e;pshf59e;c:\windows\system32\drivers\pshf59e.sys [2009-5-5 17376]
R1 qad10ee;qad10ee;c:\windows\system32\drivers\qad10ee.sys [2009-5-6 17376]
R1 qtd4267;qtd4267;c:\windows\system32\drivers\qtd4267.sys [2009-5-1 17376]
R1 rae1c2f;rae1c2f;c:\windows\system32\drivers\rae1c2f.sys [2009-5-7 17376]
R1 rbeaaff;rbeaaff;c:\windows\system32\drivers\rbeaaff.sys [2009-4-29 17376]
R1 sbf6b7b;sbf6b7b;c:\windows\system32\drivers\sbf6b7b.sys [2009-5-6 17376]
R1 sbfb749;sbfb749;c:\windows\system32\drivers\sbfb749.sys [2009-4-30 17376]
R1 tcgafc4;tcgafc4;c:\windows\system32\drivers\tcgafc4.sys [2009-5-7 17376]
R1 tcgba51;tcgba51;c:\windows\system32\drivers\tcgba51.sys [2009-4-28 17376]
R1 tcld6ac;tcld6ac;c:\windows\system32\drivers\tcld6ac.sys [2009-5-6 17376]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2007-4-10 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2007-4-10 545088]
S1 34e3d3ec;34e3d3ec;c:\windows\system32\drivers\34e3d3ec.sys [2009-4-27 0]
S1 Dup;Dup;c:\windows\system32\drivers\dup.sys [2009-5-18 18368]
S1 ethcrzxu;ethcrzxu;c:\windows\system32\drivers\ethcrzxu.sys [2009-4-27 136192]
S1 tclf53e;tclf53e;c:\windows\system32\drivers\tclf53e.sys [2009-5-5 17376]
S2 MYS Mutex Algorithm Service;MYS Mutex Algorithm Service;c:\windows\system\mysmas.exe [2009-5-15 95232]
S3 pcm1394;pcm1394;c:\windows\system32\pcm1394.sys [2003-7-16 2304]
S3 vitra;vitra;c:\windows\system32\drivers\vitra.sys --> c:\windows\system32\drivers\vitra.sys [?]

=============== Created Last 30 ================

2009-05-20 01:52 <DIR> --d----- C:\CF
2009-05-20 01:52 396,288 a------- c:\windows\system32\CF9917.exe
2009-05-20 01:47 67,584 a------- c:\windows\services.exe
2009-05-20 01:47 0 a------- c:\windows\system32\F3.tmp
2009-05-20 01:47 60,929 a------- c:\windows\system32\reader_s.exe
2009-05-20 01:47 40,449 a------- c:\documents and settings\dan.dan-dvurede6rlu\reader_s.exe
2009-05-20 01:46 120 a------- c:\windows\system32\EC.tmp
2009-05-20 01:38 396,288 a------- c:\windows\system32\CF7102.exe
2009-05-19 19:23 0 a------- c:\windows\system32\F0.tmp
2009-05-19 19:23 120 a------- c:\windows\system32\EA.tmp
2009-05-19 17:46 0 a------- c:\windows\system32\EE.tmp
2009-05-19 17:46 120 a------- c:\windows\system32\E9.tmp
2009-05-19 16:00 0 a------- c:\windows\system32\ED.tmp
2009-05-19 16:00 120 a------- c:\windows\system32\E7.tmp
2009-05-18 19:50 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\Grisoft
2009-05-18 19:49 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Grisoft
2009-05-18 18:36 0 a------- c:\windows\system32\EB.tmp
2009-05-18 18:36 18,368 a------- c:\windows\system32\drivers\dup.sys
2009-05-18 18:36 22,016 a------- c:\windows\system32\E8.tmp
2009-05-18 18:36 160 a------- c:\windows\system32\E6.tmp
2009-05-18 15:35 <DIR> --d----- c:\program files\Exterminate It!
2009-05-18 15:24 <DIR> --d----- c:\program files\Enigma Software Group
2009-05-18 15:14 438 a------- C:\spyhunter.fix
2009-05-18 14:02 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-05-18 13:55 <DIR> --d----- c:\program files\Trend Micro
2009-05-18 13:30 <DIR> --d----- C:\VundoFix Backups
2009-05-18 04:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-18 04:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-18 03:58 1 a------- c:\windows\system32\E5.tmp
2009-05-18 03:58 84 a------- c:\windows\system32\E4.tmp
2009-05-18 03:43 <DIR> -cd-h--- c:\docume~1\alluse~1.win\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-18 03:26 1 a------- c:\windows\system32\E3.tmp
2009-05-18 03:26 84 a------- c:\windows\system32\E2.tmp
2009-05-18 02:24 1 a------- c:\windows\system32\E1.tmp
2009-05-18 02:24 84 a------- c:\windows\system32\E0.tmp
2009-05-18 02:18 <DIR> --d----- c:\program files\CCleaner
2009-05-18 02:16 1 a------- c:\windows\system32\DF.tmp
2009-05-18 02:16 84 a------- c:\windows\system32\DE.tmp
2009-05-17 21:19 84 a------- c:\windows\system32\DC.tmp
2009-05-17 21:19 1 a------- c:\windows\system32\DD.tmp
2009-05-17 21:12 84 a------- c:\windows\system32\D9.tmp
2009-05-17 21:12 1 a------- c:\windows\system32\DA.tmp
2009-05-17 21:05 1 a------- c:\windows\system32\DB.tmp
2009-05-17 21:05 84 a------- c:\windows\system32\D8.tmp
2009-05-17 20:41 1 a------- c:\windows\system32\D7.tmp
2009-05-17 20:41 84 a------- c:\windows\system32\D6.tmp
2009-05-17 20:19 84 a------- c:\windows\system32\D4.tmp
2009-05-17 20:19 1 a------- c:\windows\system32\D5.tmp
2009-05-17 18:34 1 a------- c:\windows\system32\D3.tmp
2009-05-17 18:34 84 a------- c:\windows\system32\D2.tmp
2009-05-17 18:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 18:23 1 a------- c:\windows\system32\D1.tmp
2009-05-17 18:23 84 a------- c:\windows\system32\CF.tmp
2009-05-17 16:30 <DIR> --d----- C:\Dan Progs
2009-05-17 16:24 1 a------- c:\windows\system32\D0.tmp
2009-05-17 16:24 84 a------- c:\windows\system32\CE.tmp
2009-05-17 15:06 560,128 ac------ c:\windows\system32\dllcache\user32.dll
2009-05-17 14:53 1 a------- c:\windows\system32\CD.tmp
2009-05-17 14:53 84 a------- c:\windows\system32\CB.tmp
2009-05-17 14:38 0 a------- c:\windows\system32\C8.tmp
2009-05-17 14:31 1 a------- c:\windows\system32\C9.tmp
2009-05-17 14:31 84 a------- c:\windows\system32\C7.tmp
2009-05-17 14:20 1 a------- c:\windows\system32\C6.tmp
2009-05-17 14:20 84 a------- c:\windows\system32\C5.tmp
2009-05-17 14:08 1 a------- c:\windows\system32\C4.tmp
2009-05-17 14:08 84 a------- c:\windows\system32\C3.tmp
2009-05-17 14:00 1 a------- c:\windows\system32\10A.tmp
2009-05-17 14:00 84 a------- c:\windows\system32\109.tmp
2009-05-17 13:52 1 a------- c:\windows\system32\C1.tmp
2009-05-17 13:52 84 a------- c:\windows\system32\BF.tmp
2009-05-17 13:45 1 a------- c:\windows\system32\2C.tmp
2009-05-17 13:45 84 a------- c:\windows\system32\2A.tmp
2009-05-17 13:08 1 a------- c:\windows\system32\28.tmp
2009-05-17 13:08 84 a------- c:\windows\system32\22.tmp
2009-05-16 18:28 1 a------- c:\windows\system32\21.tmp
2009-05-16 01:48 673 a------- C:\xcrashdump.dat
2009-05-15 22:42 2,498 a------- c:\windows\system32\tmp.reg
2009-05-15 20:29 82,324 a------- C:\lsass.exe
2009-05-15 20:28 31,232 a------- C:\ccdxwaq.exe
2009-05-15 20:28 82,324 a------- C:\vjtggt.exe
2009-05-15 20:28 27,648 a------- c:\windows\system32\__c00E6781.dat
2009-05-15 20:28 15,000 a------- c:\windows\system32\jkshfuiehi.dll
2009-05-15 20:28 57,856 a------- C:\rmkuwevt.exe
2009-05-15 20:28 32,256 a------- C:\bOC.exe
2009-05-15 20:28 402,960 a------- C:\UB13.exe
2009-05-15 20:07 <DIR> -cd-h--- c:\docume~1\alluse~1.win\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-05-15 19:54 <DIR> --d----- C:\KAV
2009-05-15 19:10 1 a------- c:\windows\system32\20.tmp
2009-05-15 19:10 84 a------- c:\windows\system32\1F.tmp
2009-05-15 18:37 21,056 a------- c:\windows\system32\drivers\sskbfd.sys
2009-05-15 18:36 164 a------- C:\install.dat
2009-05-15 17:18 1 a------- c:\windows\system32\27.tmp
2009-05-15 17:18 84 a------- c:\windows\system32\25.tmp
2009-05-15 16:56 84 a------- c:\windows\system32\1C.tmp
2009-05-15 16:56 1 a------- c:\windows\system32\1D.tmp
2009-05-15 13:15 1 a------- c:\windows\system32\18.tmp
2009-05-15 13:15 84 a------- c:\windows\system32\17.tmp
2009-05-15 13:06 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\GetRightToGo
2009-05-15 10:22 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\Malwarebytes
2009-05-15 10:22 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-05-15 10:16 0 a------- c:\windows\system32\1A.tmp
2009-05-15 10:15 95,232 ---shr-- c:\windows\system\mysmas.exe
2009-05-15 04:12 0 a------- c:\windows\system32\C2.tmp
2009-05-15 04:12 120 a------- c:\windows\system32\BD.tmp
2009-05-14 22:13 0 a------- c:\windows\system32\1E.tmp
2009-05-14 22:13 120 a------- c:\windows\system32\1B.tmp
2009-05-14 22:08 0 a------- c:\windows\system32\19.tmp
2009-05-14 22:08 120 a------- c:\windows\system32\14.tmp
2009-05-14 21:51 0 a------- c:\windows\system32\10.tmp
2009-05-14 21:00 0 a------- c:\windows\system32\C0.tmp
2009-05-14 20:59 120 a------- c:\windows\system32\B8.tmp
2009-05-14 20:56 0 a------- c:\windows\system32\B2.tmp
2009-05-14 20:56 0 a------- c:\windows\system32\2F.tmp
2009-05-14 20:56 0 a------- c:\windows\system32\2E.tmp
2009-05-14 20:56 120 a------- c:\windows\system32\2D.tmp
2009-05-14 20:54 0 a------- c:\windows\system32\2B.tmp
2009-05-14 20:49 0 a------- c:\windows\system32\29.tmp
2009-05-14 20:49 120 a------- c:\windows\system32\26.tmp
2009-05-14 20:45 5,621 a------- c:\windows\system32\24.tmp
2009-05-14 20:20 0 a------- c:\windows\system32\11.tmp
2009-05-14 19:22 0 a------- c:\windows\system32\16.tmp
2009-05-14 19:22 0 a------- c:\windows\system32\15.tmp
2009-05-14 19:18 7,081 a------- c:\windows\system32\13.tmp
2009-05-14 19:18 120 a------- c:\windows\system32\12.tmp
2009-05-14 19:18 0 a------- C:\10.tmp
2009-05-14 19:18 0 a------- C:\B.tmp
2009-05-14 19:18 0 a------- C:\A.tmp
2009-05-14 19:18 0 a------- C:\8.tmp
2009-05-14 19:17 0 a------- C:\7.tmp
2009-05-14 19:17 0 a------- C:\5.tmp
2009-05-14 15:13 <DIR> --d----- c:\windows\ERUNT
2009-05-14 15:08 <DIR> --d----- C:\SDFix
2009-05-14 15:08 0 a------- c:\windows\system32\CC.tmp
2009-05-14 15:08 84 a------- c:\windows\system32\CA.tmp
2009-05-14 15:03 0 a------- c:\windows\system32\BE.tmp
2009-05-14 15:03 84 a------- c:\windows\system32\BB.tmp
2009-05-14 14:54 0 a------- c:\windows\system32\B7.tmp
2009-05-14 14:54 84 a------- c:\windows\system32\AF.tmp
2009-05-14 14:38 0 a------- c:\windows\system32\B1.tmp
2009-05-14 14:38 84 a------- c:\windows\system32\AA.tmp
2009-05-14 13:25 0 a------- C:\B5.tmp
2009-05-14 13:25 0 a------- C:\B4.tmp
2009-05-14 13:25 0 a------- C:\B2.tmp
2009-05-14 13:24 0 a------- c:\windows\system32\B0.tmp
2009-05-14 13:24 84 a------- c:\windows\system32\AD.tmp
2009-05-14 13:20 0 a------- c:\windows\system32\AB.tmp
2009-05-14 13:20 84 a------- c:\windows\system32\A8.tmp
2009-05-14 12:49 0 a------- c:\windows\system32\AE.tmp
2009-05-14 12:49 84 a------- c:\windows\system32\AC.tmp
2009-05-14 12:40 0 a------- c:\windows\system32\A9.tmp
2009-05-14 12:40 84 a------- c:\windows\system32\A6.tmp
2009-05-14 01:47 0 a------- c:\windows\system32\A7.tmp
2009-05-14 01:47 154,624 a------- c:\windows\system32\A5.tmp
2009-05-14 01:47 124 a------- c:\windows\system32\A2.tmp
2009-05-13 18:44 0 a------- c:\windows\system32\BC.tmp
2009-05-13 18:44 152,576 a------- c:\windows\system32\BA.tmp
2009-05-13 18:44 124 a------- c:\windows\system32\B9.tmp
2009-05-13 18:21 0 a------- c:\windows\system32\B6.tmp
2009-05-13 18:21 0 a------- c:\windows\system32\B5.tmp
2009-05-13 18:21 0 a------- c:\windows\system32\B4.tmp
2009-05-13 18:19 124 a------- c:\windows\system32\B3.tmp
2009-05-13 18:11 0 a------- c:\windows\system32\A4.tmp
2009-05-13 18:10 152,576 a------- c:\windows\system32\9E.tmp
2009-05-13 18:10 124 a------- c:\windows\system32\9D.tmp
2009-05-13 14:51 0 a------- c:\windows\system32\A1.tmp
2009-05-13 14:47 0 a------- c:\windows\system32\9F.tmp
2009-05-13 14:43 154,624 a------- c:\windows\system32\9C.tmp
2009-05-13 14:43 124 a------- c:\windows\system32\97.tmp
2009-05-13 13:26 0 a------- c:\windows\system32\9A.tmp
2009-05-13 13:25 0 a------- c:\windows\system32\94.tmp
2009-05-13 13:24 124 a------- c:\windows\system32\7E.tmp
2009-05-10 21:31 61,440 a------- c:\windows\system32\A3.tmp
2009-05-10 21:30 120 a------- c:\windows\system32\A0.tmp
2009-05-10 20:38 61,440 a------- c:\windows\system32\99.tmp
2009-05-10 20:38 120 a------- c:\windows\system32\93.tmp
2009-05-10 20:16 61,440 a------- c:\windows\system32\9B.tmp
2009-05-10 20:16 120 a------- c:\windows\system32\98.tmp
2009-05-10 20:12 61,440 a------- c:\windows\system32\96.tmp
2009-05-10 20:12 120 a------- c:\windows\system32\91.tmp
2009-05-09 16:11 1 a------- c:\windows\system32\90.tmp
2009-05-09 16:11 56,832 a------- c:\windows\system32\8F.tmp
2009-05-09 16:10 84 a------- c:\windows\system32\89.tmp
2009-05-08 20:51 61,440 a------- c:\windows\system32\8C.tmp
2009-05-08 20:51 84 a------- c:\windows\system32\83.tmp
2009-05-08 18:05 61,440 a------- c:\windows\system32\86.tmp
2009-05-08 18:05 84 a------- c:\windows\system32\76.tmp
2009-05-08 17:32 61,440 a------- c:\windows\system32\8D.tmp
2009-05-08 17:32 84 a------- c:\windows\system32\8A.tmp
2009-05-08 17:31 0 a------- c:\windows\system32\88.tmp
2009-05-08 17:25 61,440 a------- c:\windows\system32\84.tmp
2009-05-08 17:25 84 a------- c:\windows\system32\82.tmp
2009-05-08 17:04 84 a------- c:\windows\system32\71.tmp
2009-05-08 16:56 61,440 a------- c:\windows\system32\87.tmp
2009-05-08 16:56 84 a------- c:\windows\system32\85.tmp
2009-05-08 16:51 61,440 a------- c:\windows\system32\81.tmp
2009-05-08 16:51 84 a------- c:\windows\system32\79.tmp
2009-05-08 16:49 61,440 a------- c:\windows\system32\73.tmp
2009-05-08 16:49 84 a------- c:\windows\system32\6E.tmp
2009-05-08 16:36 61,440 a------- c:\windows\system32\7F.tmp
2009-05-08 16:36 84 a------- c:\windows\system32\7C.tmp
2009-05-08 16:20 0 a------- c:\windows\system32\7A.tmp
2009-05-08 16:09 61,440 a------- c:\windows\system32\75.tmp
2009-05-08 16:09 84 a------- c:\windows\system32\72.tmp
2009-05-08 16:00 61,440 a------- c:\windows\system32\70.tmp
2009-05-08 16:00 84 a------- c:\windows\system32\6C.tmp
2009-05-08 04:07 61,440 a------- c:\windows\system32\6F.tmp
2009-05-08 04:07 120 a------- c:\windows\system32\6A.tmp
2009-05-07 22:01 61,440 a------- c:\windows\system32\80.tmp
2009-05-07 22:01 120 a------- c:\windows\system32\7D.tmp
2009-05-07 21:54 61,440 a------- c:\windows\system32\7B.tmp
2009-05-07 21:53 120 a------- c:\windows\system32\78.tmp
2009-05-07 21:20 61,440 a------- c:\windows\system32\6D.tmp
2009-05-07 21:20 120 a------- c:\windows\system32\68.tmp
2009-05-07 20:24 61,440 a------- c:\windows\system32\95.tmp
2009-05-07 20:24 120 a------- c:\windows\system32\92.tmp
2009-05-07 20:20 61,440 a------- c:\windows\system32\8E.tmp
2009-05-07 20:20 120 a------- c:\windows\system32\8B.tmp
2009-05-07 19:24 61,440 a------- c:\windows\system32\6B.tmp
2009-05-07 19:24 120 a------- c:\windows\system32\66.tmp
2009-05-07 18:58 61,440 a------- c:\windows\system32\69.tmp
2009-05-07 18:58 120 a------- c:\windows\system32\64.tmp
2009-05-07 18:16 61,440 a------- c:\windows\system32\77.tmp
2009-05-07 18:16 120 a------- c:\windows\system32\74.tmp
2009-05-07 17:51 61,440 a------- c:\windows\system32\67.tmp
2009-05-07 17:51 120 a------- c:\windows\system32\61.tmp
2009-05-07 16:31 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\AVG8
2009-05-07 16:13 61,440 a------- c:\windows\system32\65.tmp
2009-05-07 16:13 120 a------- c:\windows\system32\5C.tmp
2009-05-07 14:16 61,440 a------- c:\windows\system32\63.tmp
2009-05-07 12:05 61,440 a------- c:\windows\system32\62.tmp
2009-05-07 12:05 17,376 a------- c:\windows\system32\drivers\jnq1921.sys
2009-05-07 12:05 124 a------- c:\windows\system32\57.tmp
2009-05-07 02:10 61,440 a------- c:\windows\system32\5F.tmp
2009-05-07 02:10 17,376 a------- c:\windows\system32\drivers\rae1c2f.sys
2009-05-07 02:10 124 a------- c:\windows\system32\55.tmp
2009-05-07 01:00 61,440 a------- c:\windows\system32\5A.tmp
2009-05-07 01:00 17,376 a------- c:\windows\system32\drivers\tcgafc4.sys
2009-05-06 20:18 61,440 a------- c:\windows\system32\60.tmp
2009-05-06 20:18 17,376 a------- c:\windows\system32\drivers\gjn2277.sys
2009-05-06 20:18 0 a------- c:\windows\system32\5E.tmp
2009-05-06 20:18 124 a------- c:\windows\system32\5D.tmp
2009-05-06 19:56 61,440 a------- c:\windows\system32\59.tmp
2009-05-06 19:56 17,376 a------- c:\windows\system32\drivers\ocgdf8f.sys
2009-05-06 19:56 124 a------- c:\windows\system32\53.tmp
2009-05-06 17:51 61,440 a------- c:\windows\system32\5B.tmp
2009-05-06 17:51 17,376 a------- c:\windows\system32\drivers\tcld6ac.sys
2009-05-06 17:51 124 a------- c:\windows\system32\58.tmp
2009-05-06 17:45 61,440 a------- c:\windows\system32\56.tmp
2009-05-06 17:45 17,376 a------- c:\windows\system32\drivers\aeh1066.sys
2009-05-06 17:45 124 a------- c:\windows\system32\50.tmp
2009-05-06 16:14 17,376 a------- c:\windows\system32\drivers\beib90a.sys
2009-05-06 16:14 61,440 a------- c:\windows\system32\54.tmp
2009-05-06 16:14 124 a------- c:\windows\system32\4F.tmp
2009-05-06 13:39 1 a------- c:\windows\system32\52.tmp
2009-05-06 13:39 84 a------- c:\windows\system32\51.tmp
2009-05-06 13:37 1 a------- c:\windows\system32\4C.tmp
2009-05-06 13:37 84 a------- c:\windows\system32\4B.tmp
2009-05-06 13:02 61,440 a------- c:\windows\system32\4E.tmp
2009-05-06 13:02 17,376 a------- c:\windows\system32\drivers\qad10ee.sys
2009-05-06 13:02 124 a------- c:\windows\system32\3E.tmp
2009-05-06 11:29 61,440 a------- c:\windows\system32\45.tmp
2009-05-06 11:29 17,376 a------- c:\windows\system32\drivers\dhka6a5.sys
2009-05-06 11:29 19,420 a------- c:\windows\system32\42.tmp
2009-05-06 11:29 124 a------- c:\windows\system32\3C.tmp
2009-05-06 02:56 61,440 a------- c:\windows\system32\49.tmp
2009-05-06 02:56 17,376 a------- c:\windows\system32\drivers\sbf6b7b.sys
2009-05-06 02:56 19,420 a------- c:\windows\system32\47.tmp
2009-05-06 02:56 124 a------- c:\windows\system32\44.tmp
2009-05-06 02:51 61,440 a------- c:\windows\system32\41.tmp
2009-05-06 02:51 17,376 a------- c:\windows\system32\drivers\impf5a1.sys
2009-05-06 02:51 124 a------- c:\windows\system32\39.tmp
2009-05-05 22:02 61,440 a------- c:\windows\system32\4D.tmp
2009-05-05 22:02 17,376 a------- c:\windows\system32\drivers\mqtdc74.sys
2009-05-05 22:01 160 a------- c:\windows\system32\48.tmp
2009-05-05 21:08 61,440 a------- c:\windows\system32\40.tmp
2009-05-05 21:08 17,376 a------- c:\windows\system32\drivers\ilp9543.sys
2009-05-05 21:08 160 a------- c:\windows\system32\37.tmp
2009-05-05 19:31 61,440 a------- c:\windows\system32\43.tmp
2009-05-05 19:31 17,376 a------- c:\windows\system32\drivers\cgj0690.sys
2009-05-05 19:31 160 a------- c:\windows\system32\3F.tmp
2009-05-05 19:22 61,440 a------- c:\windows\system32\3D.tmp
2009-05-05 19:22 17,376 a------- c:\windows\system32\drivers\pshf59e.sys
2009-05-05 19:22 160 a------- c:\windows\system32\35.tmp
2009-05-05 19:14 61,440 a------- c:\windows\system32\3B.tmp
2009-05-05 19:14 17,376 a------- c:\windows\system32\drivers\fimc7a4.sys
2009-05-05 19:13 160 a------- c:\windows\system32\34.tmp
2009-05-05 17:40 17,376 a------- c:\windows\system32\drivers\dgpc15d.sys
2009-05-05 17:40 61,440 a------- c:\windows\system32\38.tmp
2009-05-05 17:39 160 a------- c:\windows\system32\32.tmp
2009-05-05 16:47 61,440 a------- c:\windows\system32\3A.tmp
2009-05-05 16:47 17,376 a------- c:\windows\system32\drivers\eil4374.sys
2009-05-05 16:47 160 a------- c:\windows\system32\36.tmp
2009-05-05 16:44 61,440 a------- c:\windows\system32\33.tmp
2009-05-05 16:44 17,376 a------- c:\windows\system32\drivers\tclf53e.sys
2009-05-05 14:49 17,376 a------- c:\windows\system32\drivers\ocgefbb.sys
2009-05-05 13:19 17,376 a------- c:\windows\system32\drivers\aeh9d98.sys
2009-05-05 12:14 61,440 a------- c:\windows\system32\31.tmp
2009-05-05 12:14 17,376 a------- c:\windows\system32\drivers\gkn957e.sys
2009-05-05 12:08 17,376 a------- c:\windows\system32\drivers\knr412f.sys
2009-05-05 03:01 17,376 a------- c:\windows\system32\drivers\aeh3de4.sys
2009-05-05 01:23 17,376 a------- c:\windows\system32\drivers\kncf099.sys
2009-05-04 22:44 17,376 a------- c:\windows\system32\drivers\fil2790.sys
2009-05-04 20:14 17,376 a------- c:\windows\system32\drivers\ehlb317.sys
2009-05-04 18:32 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\NortonInstaller
2009-05-04 18:20 17,376 a------- c:\windows\system32\drivers\orge946.sys
2009-05-04 16:57 17,376 a------- c:\windows\system32\drivers\peh06f8.sys
2009-05-01 05:11 61,440 a------- c:\windows\system32\4A.tmp
2009-05-01 05:10 17,376 a------- c:\windows\system32\drivers\gkn1f6c.sys
2009-05-01 05:10 124 a------- c:\windows\system32\46.tmp
2009-05-01 05:00 17,376 a------- c:\windows\system32\drivers\qtd4267.sys
2009-05-01 03:25 32,768 a------- c:\windows\system32\fxe.sp
2009-05-01 03:12 53,283 a------- c:\windows\system32\paso.el
2009-05-01 03:12 0 a------- c:\windows\ynh.dx
2009-05-01 03:12 17,376 a------- c:\windows\system32\drivers\imae990.sys
2009-04-30 21:09 17,376 a------- c:\windows\system32\drivers\ajmec3e.sys
2009-04-30 18:20 17,376 a------- c:\windows\system32\drivers\cgj1ce8.sys
2009-04-30 16:39 17,376 a------- c:\windows\system32\drivers\sbfb749.sys
2009-04-30 04:11 17,376 a------- c:\windows\system32\drivers\dgj8098.sys
2009-04-29 12:20 17,376 a------- c:\windows\system32\drivers\rbeaaff.sys
2009-04-29 08:34 519,168 a------- c:\windows\system32\Installer.exe
2009-04-29 08:34 82,432 a------- c:\windows\system32\resdll.dll
2009-04-29 08:33 0 a------- c:\windows\system32\30.tmp
2009-04-29 01:15 45,056 a------- c:\documents and settings\dan.dan-dvurede6rlu\file.exe
2009-04-28 13:27 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-28 13:27 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-04-28 12:56 17,376 a------- c:\windows\system32\drivers\tcgba51.sys
2009-04-28 04:03 61,440 a------- c:\windows\system32\75C.tmp
2009-04-28 04:03 152,064 a------- c:\windows\system32\75A.tmp
2009-04-28 04:02 13,642 a------- c:\windows\system32\759.tmp
2009-04-28 04:02 176 a------- c:\windows\system32\758.tmp
2009-04-27 18:50 0 a------- C:\F.tmp
2009-04-27 18:50 0 a------- C:\E.tmp
2009-04-27 18:49 54,784 a------- C:\D.tmp
2009-04-27 18:49 0 a------- C:\C.tmp
2009-04-27 18:49 136,192 a------- c:\windows\system32\drivers\ethcrzxu.sys
2009-04-27 17:43 <DIR> --d----- c:\windows\system32\3361
2009-04-27 17:43 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-27 17:43 <DIR> --d----- c:\windows\dhcp
2009-04-27 16:44 0 a------- C:\9C.tmp
2009-04-27 16:44 0 a------- C:\9B.tmp
2009-04-27 16:44 0 a------- C:\99.tmp
2009-04-27 16:43 0 a------- c:\windows\system32\drivers\34e3d3ec.sys
2009-04-27 16:41 290,304 a------- C:\kggi.exe

==================== Find3M ====================

2009-05-19 00:24 178,688 a------- c:\windows\system32\tpsaxyd.exe
2009-05-17 21:51 560,128 a------- c:\windows\system32\user32.dll
2009-04-27 16:43 162,432 ac------ c:\windows\system32\drivers\ndis.sys
2009-04-27 16:41 105,984 a--sh--- c:\windows\system32\vonibusa.dll
2009-04-27 16:41 78,848 a--sh--- c:\windows\system32\nogopofa.exe
2009-04-27 04:41 81,408 a--sh--- c:\windows\system32\nuhufise.exe
2009-04-26 04:41 106,496 a--sh--- c:\windows\system32\bolojiju.dll
2009-04-26 04:41 80,896 a--sh--- c:\windows\system32\vuviyigi.exe

============= FINISH: 2:02:54.72 ===============


what should i do next?

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:52 AM

Posted 20 May 2009 - 11:48 AM

Let me start by saying that it appears that you have a Virut infection. This particular infection actually does infect files on your computer and in most cases becomes impossible to completely remove. In these cases, formatting your hard drive and reinstalling everything becomes the only viable solution. That's not to say we can't give this a go and try to remove this nastiness, but I want you to know up front that it will be a difficult process. Regardless I recommend that you begin backing up any photos or media files that you don't want to lose. DO NOT BACKUP ANY .EXE FILES AS THEY MAY BE INFECTED.

If you do decide that you want to format and reinstall, here is an excellent guide that you can follow.

http://web.mit.edu/ist/products/winxp/adva...all-format.html


If you'd like to see if we can remove it without having to resort to a format, here is the next step.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb in your next reply.


================


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Danlaff777

Danlaff777
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 21 May 2009 - 12:36 PM

Hi Sam,
couldn't download Dr Web from the link you sent (i think the virus was blocking the site) but i managed to download it from CNET. I tried to run it in normal mode and kept getting an error so i ran it in safe mode.

I then rebooted in normal mode and things already seem to be running better. That danger popup hasn't reappeared as of yet. Dr Web CSV and OTListit reports are attached. I ran the OTListit report after rebooting in normal mode.


Dr Web CSV:
ahcsr.exe;C:\Documents and Settings\Administrator\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Deleted.;
Adobe_Photoshop_CS2_CS2_serial_number.exe\crack.exe;C:\Documents and Settings\Dan.DAN-78SEU6OW7Z1\My Documents\downloads\Adobe_Photoshop_CS2_CS2_serial_number.exe;Trojan.DownLoader.28737;;
Adobe_Photoshop_CS2_CS2_serial_number.exe\install.exe;C:\Documents and Settings\Dan.DAN-78SEU6OW7Z1\My Documents\downloads\Adobe_Photoshop_CS2_CS2_serial_number.exe;Trojan.DownLoader.22968;;
Adobe_Photoshop_CS2_CS2_serial_number.exe;C:\Documents and Settings\Dan.DAN-78SEU6OW7Z1\My Documents\downloads;Archive contains infected objects;Moved.;





Here is my OTListit log:

OTListIt logfile created on: 5/21/2009 1:18:29 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.07 Mb Total Physical Memory | 21.34 Mb Available Physical Memory | 8.37% Memory free
617.04 Mb Paging File | 409.44 Mb Available in Paging File | 66.36% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 4.00 Gb Free Space | 10.75% Space Free | Partition Type: NTFS
Drive D: | 48.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN-DVUREDE6RLU
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2004/03/04 11:30:48 | 00,331,776 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/03/04 11:26:20 | 00,195,072 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2003/07/16 16:28:11 | 01,024,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/07/16 16:30:13 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2005/07/04 16:46:04 | 00,073,787 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2006/08/29 03:23:44 | 05,548,032 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
PRC - [2009/05/20 14:15:06 | 00,523,776 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/04/11 00:16:35 | 00,093,184 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2003/07/16 16:41:07 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/03/04 11:30:48 | 00,331,776 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2009/05/15 10:15:23 | 00,095,232 | RHS- | M] () -- C:\WINDOWS\system\mysmas.exe -- (MYS Mutex Algorithm Service [Auto | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/07/16 16:41:07 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Running])
SRV - [2003/07/16 16:36:35 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspmspsv.dll -- (WmdmPmSp [Auto | Running])
SRV - [2005/07/04 16:46:04 | 00,073,787 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -- (WUSB54GCSVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/05/04 16:54:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\34e3d3ec.sys -- (34e3d3ec [System | Stopped])
DRV - [2003/06/23 16:52:00 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2009/05/06 17:45:52 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aeh1066.sys -- (aeh1066 [System | Running])
DRV - [2009/05/05 03:01:06 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aeh3de4.sys -- (aeh3de4 [System | Running])
DRV - [2009/05/05 13:19:01 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aeh9d98.sys -- (aeh9d98 [System | Running])
DRV - [2009/04/30 21:09:56 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ajmec3e.sys -- (ajmec3e [System | Running])
DRV - [2009/05/06 16:14:24 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\beib90a.sys -- (beib90a [System | Running])
DRV - [2009/05/05 19:31:40 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\cgj0690.sys -- (cgj0690 [System | Running])
DRV - [2009/04/30 18:20:26 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\cgj1ce8.sys -- (cgj1ce8 [System | Running])
DRV - [2009/04/30 04:11:09 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\dgj8098.sys -- (dgj8098 [System | Running])
DRV - [2009/05/05 17:40:02 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\dgpc15d.sys -- (dgpc15d [System | Running])
DRV - [2009/05/06 11:29:04 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\dhka6a5.sys -- (dhka6a5 [System | Running])
DRV - [2009/05/19 14:17:53 | 00,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\dup.sys -- (Dup [System | Stopped])
DRV - [2009/05/04 20:14:44 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ehlb317.sys -- (ehlb317 [System | Running])
DRV - [2009/05/05 16:47:35 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\eil4374.sys -- (eil4374 [System | Running])
DRV - [2009/04/27 18:49:32 | 00,136,192 | ---- | M] () -- C:\WINDOWS\system32\drivers\ethcrzxu.sys -- (ethcrzxu [System | Stopped])
DRV - [2009/05/04 22:44:04 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\fil2790.sys -- (fil2790 [System | Running])
DRV - [2009/05/05 19:14:06 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\fimc7a4.sys -- (fimc7a4 [System | Running])
DRV - [2002/08/29 01:32:44 | 00,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/05/06 20:18:35 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\gjn2277.sys -- (gjn2277 [System | Running])
DRV - [2009/05/01 05:10:59 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\gkn1f6c.sys -- (gkn1f6c [System | Running])
DRV - [2009/05/05 12:14:43 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\gkn957e.sys -- (gkn957e [System | Running])
DRV - [2009/05/05 21:08:29 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ilp9543.sys -- (ilp9543 [System | Running])
DRV - [2009/05/01 03:12:01 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\imae990.sys -- (imae990 [System | Running])
DRV - [2009/05/06 02:51:43 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\impf5a1.sys -- (impf5a1 [System | Running])
DRV - [2009/05/07 12:05:27 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\jnq1921.sys -- (jnq1921 [System | Running])
DRV - [2009/05/05 01:23:45 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\kncf099.sys -- (kncf099 [System | Running])
DRV - [2009/05/05 12:08:04 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\knr412f.sys -- (knr412f [System | Running])
DRV - [2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2009/05/05 22:02:03 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\mqtdc74.sys -- (mqtdc74 [System | Running])
DRV - [2009/05/06 19:56:33 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ocgdf8f.sys -- (ocgdf8f [System | Running])
DRV - [2009/05/05 14:49:17 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ocgefbb.sys -- (ocgefbb [System | Running])
DRV - [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2009/05/04 18:20:44 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\orge946.sys -- (orge946 [System | Running])
DRV - [2003/07/16 16:33:33 | 00,002,304 | ---- | M] () -- C:\WINDOWS\System32\pcm1394.sys -- (pcm1394 [On_Demand | Stopped])
DRV - [2009/05/04 16:57:16 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\peh06f8.sys -- (peh06f8 [System | Running])
DRV - [2009/05/05 19:22:54 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\pshf59e.sys -- (pshf59e [System | Running])
DRV - [2003/07/16 16:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009/05/06 13:02:17 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\qad10ee.sys -- (qad10ee [System | Running])
DRV - [2009/05/01 05:00:26 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\qtd4267.sys -- (qtd4267 [System | Running])
DRV - [2009/05/07 02:10:14 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\rae1c2f.sys -- (rae1c2f [System | Running])
DRV - [2009/04/29 12:20:56 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\rbeaaff.sys -- (rbeaaff [System | Running])
DRV - [2005/11/24 19:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\DRIVERS\rt73.sys -- (RT73 [On_Demand | Running])
DRV - [2009/05/06 02:56:39 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\sbf6b7b.sys -- (sbf6b7b [System | Running])
DRV - [2009/04/30 16:39:54 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\sbfb749.sys -- (sbfb749 [System | Running])
DRV - [2003/07/16 16:44:08 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/04/03 15:51:12 | 00,144,768 | ---- | M] (Voyetra Turtle Beach) -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud [On_Demand | Running])
DRV - [2002/04/03 15:51:16 | 00,545,088 | ---- | M] (Voyetra Turtle Beach) -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm [On_Demand | Running])
DRV - [2009/05/07 01:00:23 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcgafc4.sys -- (tcgafc4 [System | Running])
DRV - [2009/04/28 12:56:57 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcgba51.sys -- (tcgba51 [System | Running])
DRV - [2009/05/06 17:51:51 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcld6ac.sys -- (tcld6ac [System | Running])
DRV - [2009/05/05 16:44:32 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tclf53e.sys -- (tclf53e [System | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\S-1-5-21-1715567821-1580818891-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/20 14:10:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/20 14:10:32 | 00,000,000 | ---D | M]

[2008/10/01 14:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Extensions
[2008/10/01 14:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/19 16:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Firefox\Profiles\p88qvi7m.default\extensions
[2009/05/18 02:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Firefox\Profiles\p88qvi7m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/29 17:52:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Firefox\Profiles\p88qvi7m.default\extensions\moveplayer@movenetworks.com
[2009/05/19 16:10:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/20 14:10:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/06 15:10:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\webbrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\webbrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKU\.DEFAULT..\Run: [] C:\WINDOWS\TEMP\yo9kz.exe ()
O4 - HKU\.DEFAULT..\Run: [reader_s] C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\reader_s.exe File not found
O4 - HKU\.DEFAULT..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\yo9kz.exe ()
O4 - HKU\S-1-5-18..\Run: [] C:\WINDOWS\TEMP\yo9kz.exe ()
O4 - HKU\S-1-5-18..\Run: [reader_s] C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\reader_s.exe File not found
O4 - HKU\S-1-5-18..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\yo9kz.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\Dan\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1715567821-1580818891-854245398-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (NVDESK32.DLL) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\System32\navujoko.dll) - C:\WINDOWS\System32\navujoko.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\haligogu.dll) - c:\windows\system32\haligogu.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c00E6781: DllName - C:\WINDOWS\System32\__c00E6781.dat - C:\WINDOWS\System32\__c00E6781.dat ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/10 17:51:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/02/28 23:42:20 | 00,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/21 13:13:21 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[33 C:\*.tmp files]
[236 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/21 13:19:16 | 00,036,864 | ---- | C] (shnqx hdotlbcml hsnfm kctxyyifijpckeplbecx) -- C:\WINDOWS\System32\dpcxool64.sys
[2009/05/21 13:19:16 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\comsa32.sys
[2009/05/21 13:13:21 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb2.csv
[2009/05/21 13:11:13 | 00,000,634 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb.csv
[2009/05/20 14:17:31 | 13,308,944 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\cureit.exe
[2009/05/20 14:15:08 | 00,523,776 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\OTListIt2.exe
[2009/05/20 01:39:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/20 01:38:15 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7102.exe
[2009/05/19 14:32:16 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\dds.scr
[2009/05/18 19:50:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\Grisoft
[2009/05/18 19:49:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2009/05/18 19:48:12 | 12,413,440 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\av.exe
[2009/05/18 18:36:37 | 00,018,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dup.sys
[2009/05/18 15:47:52 | 00,000,390 | ---- | C] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/05/18 15:35:24 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/05/18 15:24:42 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/05/18 15:14:01 | 00,000,438 | ---- | C] () -- C:\spyhunter.fix
[2009/05/18 14:12:52 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HijackThis.lnk
[2009/05/18 14:02:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/05/18 13:55:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/18 13:55:34 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HJTInstall(2).exe
[2009/05/18 13:30:32 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/18 04:05:42 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/18 04:05:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/18 04:05:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/18 03:43:17 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/18 02:29:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2009/05/18 02:18:58 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\CCleaner.lnk
[2009/05/18 02:18:57 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/17 18:26:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/17 16:30:30 | 00,000,000 | ---D | C] -- C:\Dan Progs
[2009/05/17 15:06:33 | 00,560,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/17 14:39:08 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/16 01:48:40 | 00,000,728 | ---- | C] () -- C:\xcrashdump.dat
[2009/05/15 22:42:43 | 00,002,498 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/15 20:29:10 | 00,082,324 | ---- | C] () -- C:\lsass.exe
[2009/05/15 20:28:47 | 00,031,232 | ---- | C] () -- C:\ccdxwaq.exe
[2009/05/15 20:28:43 | 00,082,324 | ---- | C] () -- C:\vjtggt.exe
[2009/05/15 20:28:40 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c00E6781.dat
[2009/05/15 20:28:37 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\jkshfuiehi.dll
[2009/05/15 20:28:32 | 00,057,856 | ---- | C] () -- C:\rmkuwevt.exe
[2009/05/15 20:28:23 | 00,032,256 | ---- | C] () -- C:\bOC.exe
[2009/05/15 20:28:18 | 00,402,960 | ---- | C] () -- C:\UB13.exe
[2009/05/15 20:07:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/05/15 19:54:38 | 00,000,000 | ---D | C] -- C:\KAV
[2009/05/15 19:19:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2009/05/15 19:17:51 | 00,897,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\WGAPluginInstall.exe
[2009/05/15 18:37:06 | 00,021,056 | ---- | C] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sskbfd.sys
[2009/05/15 18:37:02 | 00,233,024 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\System32\WRLogonNtf.dll
[2009/05/15 18:36:16 | 00,000,164 | ---- | C] () -- C:\install.dat
[2009/05/15 13:10:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/05/15 13:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Downloads
[2009/05/15 13:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\GetRightToGo
[2009/05/15 12:34:21 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2009/05/15 10:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\Malwarebytes
[2009/05/15 10:22:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2009/05/15 10:15:27 | 00,095,232 | RHS- | C] () -- C:\WINDOWS\System\mysmas.exe
[2009/05/14 21:01:07 | 07,526,856 | ---- | C] (Mozilla) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Firefox Setup 3.0.10.exe
[2009/05/14 15:13:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/05/14 15:08:33 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/13 03:53:25 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\My Computer.lnk
[2009/05/08 18:33:05 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/07 16:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\AVG8
[2009/05/07 12:05:27 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\jnq1921.sys
[2009/05/07 02:10:14 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\rae1c2f.sys
[2009/05/07 01:00:23 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\tcgafc4.sys
[2009/05/06 20:18:35 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\gjn2277.sys
[2009/05/06 19:56:33 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ocgdf8f.sys
[2009/05/06 17:51:51 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\tcld6ac.sys
[2009/05/06 17:45:52 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aeh1066.sys
[2009/05/06 16:14:24 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\beib90a.sys
[2009/05/06 13:02:17 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\qad10ee.sys
[2009/05/06 11:29:04 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\dhka6a5.sys
[2009/05/06 02:56:39 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbf6b7b.sys
[2009/05/06 02:51:43 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\impf5a1.sys
[2009/05/05 22:02:02 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\mqtdc74.sys
[2009/05/05 21:08:29 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ilp9543.sys
[2009/05/05 19:31:40 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\cgj0690.sys
[2009/05/05 19:22:54 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\pshf59e.sys
[2009/05/05 19:14:06 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\fimc7a4.sys
[2009/05/05 17:40:02 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\dgpc15d.sys
[2009/05/05 16:47:35 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\eil4374.sys
[2009/05/05 16:44:32 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\tclf53e.sys
[2009/05/05 14:49:17 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ocgefbb.sys
[2009/05/05 13:19:01 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aeh9d98.sys
[2009/05/05 12:14:43 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\gkn957e.sys
[2009/05/05 12:08:04 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\knr412f.sys
[2009/05/05 03:01:06 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aeh3de4.sys
[2009/05/05 01:23:45 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\kncf099.sys
[2009/05/04 22:44:04 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\fil2790.sys
[2009/05/04 20:14:44 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ehlb317.sys
[2009/05/04 18:32:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
[2009/05/04 18:20:44 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\orge946.sys
[2009/05/04 16:57:16 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\peh06f8.sys
[2009/05/01 05:10:59 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\gkn1f6c.sys
[2009/05/01 05:08:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
[2009/05/01 05:00:26 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\qtd4267.sys
[2009/05/01 03:25:27 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\fxe.sp
[2009/05/01 03:12:11 | 00,053,283 | ---- | C] () -- C:\WINDOWS\System32\paso.el
[2009/05/01 03:12:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ynh.dx
[2009/05/01 03:12:01 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\imae990.sys
[2009/04/30 21:09:56 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ajmec3e.sys
[2009/04/30 18:20:26 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\cgj1ce8.sys
[2009/04/30 16:39:54 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbfb749.sys
[2009/04/30 04:11:09 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\dgj8098.sys
[2009/04/29 13:52:39 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/29 12:20:56 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\rbeaaff.sys
[2009/04/29 08:34:25 | 00,519,168 | ---- | C] (Coreguard Software) -- C:\WINDOWS\System32\Installer.exe
[2009/04/29 05:20:47 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/28 13:27:11 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/28 13:27:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2009/04/28 12:56:57 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\tcgba51.sys
[2009/04/27 18:49:32 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\ethcrzxu.sys
[2009/04/27 17:43:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/04/27 17:43:37 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/27 17:43:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009/04/27 16:43:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\34e3d3ec.sys
[2009/04/27 16:41:59 | 00,290,304 | ---- | C] () -- C:\kggi.exe
[2009/04/23 12:00:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/04/23 11:59:34 | 00,002,509 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Microsoft Office Word 2003.lnk
[2009/04/23 11:59:28 | 00,001,776 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Adobe Photoshop CS2.lnk
[2009/04/23 11:58:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2009/04/23 11:54:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop
[2008/06/12 03:27:10 | 00,000,532 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/06/12 03:26:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2008/06/12 03:26:30 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/07/16 16:51:23 | 00,000,696 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 16:47:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/16 16:44:08 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/07/16 16:42:22 | 00,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2003/07/16 16:33:33 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\msncav32.dll
[2003/07/16 16:33:33 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Iasv32.dll
[2003/07/16 16:33:33 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\sndintd.sys
[2003/07/16 16:33:33 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\pcm1394.sys
[2003/06/24 00:44:01 | 00,000,601 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2003/06/23 19:03:17 | 00,016,548 | ---- | C] () -- C:\WINDOWS\cs_cache.ini
[2003/06/23 17:14:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/23 16:51:59 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2003/06/23 16:51:49 | 00,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/11/29 09:50:40 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll

========== Files - Modified Within 30 Days ==========

[33 C:\*.tmp files]
[236 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/21 13:16:12 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Local Settings\desktop.ini
[2009/05/21 13:16:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/21 13:16:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/21 13:16:07 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/05/21 13:14:58 | 00,000,696 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/21 13:14:58 | 00,000,194 | -HS- | M] () -- C:\boot.ini
[2009/05/21 13:14:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/21 13:13:21 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb2.csv
[2009/05/21 13:11:13 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb.csv
[2009/05/20 23:35:17 | 00,178,176 | ---- | M] () -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/05/20 14:18:26 | 13,308,944 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\cureit.exe
[2009/05/20 14:15:06 | 00,523,776 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\OTListIt2.exe
[2009/05/20 14:10:37 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2009/05/20 02:16:07 | 00,000,728 | ---- | M] () -- C:\xcrashdump.dat
[2009/05/20 01:37:57 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7102.exe
[2009/05/19 14:32:14 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\dds.scr
[2009/05/19 14:17:53 | 00,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dup.sys
[2009/05/18 19:48:35 | 12,413,440 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\av.exe
[2009/05/18 15:47:55 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/05/18 15:24:57 | 00,000,438 | ---- | M] () -- C:\spyhunter.fix
[2009/05/18 14:12:52 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HijackThis.lnk
[2009/05/18 13:55:33 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HJTInstall(2).exe
[2009/05/18 04:06:07 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/18 02:18:58 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\CCleaner.lnk
[2009/05/17 21:51:54 | 00,560,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2009/05/17 15:06:33 | 00,560,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/17 13:58:18 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/17 13:27:02 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\__c00E6781.dat
[2009/05/15 23:12:17 | 00,002,498 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/15 20:28:47 | 00,031,232 | ---- | M] () -- C:\ccdxwaq.exe
[2009/05/15 20:28:44 | 00,082,324 | ---- | M] () -- C:\vjtggt.exe
[2009/05/15 20:28:44 | 00,082,324 | ---- | M] () -- C:\lsass.exe
[2009/05/15 20:28:37 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\jkshfuiehi.dll
[2009/05/15 20:28:33 | 00,057,856 | ---- | M] () -- C:\rmkuwevt.exe
[2009/05/15 20:28:23 | 00,032,256 | ---- | M] () -- C:\bOC.exe
[2009/05/15 20:28:18 | 00,402,960 | ---- | M] () -- C:\UB13.exe
[2009/05/15 19:22:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/15 19:17:54 | 00,897,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\WGAPluginInstall.exe
[2009/05/15 18:36:16 | 00,000,164 | ---- | M] () -- C:\install.dat
[2009/05/15 13:16:10 | 00,519,168 | ---- | M] (Coreguard Software) -- C:\WINDOWS\System32\Installer.exe
[2009/05/15 10:15:23 | 00,095,232 | RHS- | M] () -- C:\WINDOWS\System\mysmas.exe
[2009/05/15 09:33:37 | 00,036,864 | ---- | M] (shnqx hdotlbcml hsnfm kctxyyifijpckeplbecx) -- C:\WINDOWS\System32\dpcxool64.sys
[2009/05/14 21:02:01 | 07,526,856 | ---- | M] (Mozilla) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Firefox Setup 3.0.10.exe
[2009/05/13 03:53:25 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\My Computer.lnk
[2009/05/11 20:17:39 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/11 20:17:39 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/11 20:17:39 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/07 21:27:06 | 00,000,532 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/05/07 12:05:27 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\jnq1921.sys
[2009/05/07 02:10:14 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\rae1c2f.sys
[2009/05/07 01:00:23 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcgafc4.sys
[2009/05/06 20:18:35 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\gjn2277.sys
[2009/05/06 19:56:33 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ocgdf8f.sys
[2009/05/06 17:51:51 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcld6ac.sys
[2009/05/06 17:45:52 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aeh1066.sys
[2009/05/06 16:14:24 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\beib90a.sys
[2009/05/06 15:59:20 | 00,000,601 | ---- | M] () -- C:\WINDOWS\WinInit.INI
[2009/05/06 13:02:17 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\qad10ee.sys
[2009/05/06 11:29:04 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\dhka6a5.sys
[2009/05/06 02:56:39 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\sbf6b7b.sys
[2009/05/06 02:51:43 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\impf5a1.sys
[2009/05/05 22:02:03 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\mqtdc74.sys
[2009/05/05 21:08:29 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ilp9543.sys
[2009/05/05 19:31:40 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\cgj0690.sys
[2009/05/05 19:22:54 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\pshf59e.sys
[2009/05/05 19:14:06 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\fimc7a4.sys
[2009/05/05 18:03:11 | 00,305,118 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2009/05/05 17:54:38 | 00,305,118 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090505-180311.backup
[2009/05/05 17:40:02 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\dgpc15d.sys
[2009/05/05 16:47:35 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\eil4374.sys
[2009/05/05 16:44:32 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tclf53e.sys
[2009/05/05 14:49:17 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ocgefbb.sys
[2009/05/05 13:19:01 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aeh9d98.sys
[2009/05/05 12:14:43 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\gkn957e.sys
[2009/05/05 12:08:04 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\knr412f.sys
[2009/05/05 03:01:06 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aeh3de4.sys
[2009/05/05 01:23:45 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\kncf099.sys
[2009/05/04 22:44:04 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\fil2790.sys
[2009/05/04 20:14:44 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ehlb317.sys
[2009/05/04 18:20:44 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\orge946.sys
[2009/05/04 16:57:16 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\peh06f8.sys
[2009/05/04 16:54:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\34e3d3ec.sys
[2009/05/01 05:10:59 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\gkn1f6c.sys
[2009/05/01 05:00:26 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\qtd4267.sys
[2009/05/01 03:25:27 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\fxe.sp
[2009/05/01 03:12:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ynh.dx
[2009/05/01 03:12:01 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\imae990.sys
[2009/05/01 03:11:57 | 00,053,283 | ---- | M] () -- C:\WINDOWS\System32\paso.el
[2009/04/30 21:09:56 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ajmec3e.sys
[2009/04/30 18:20:26 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\cgj1ce8.sys
[2009/04/30 16:39:54 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\sbfb749.sys
[2009/04/30 04:11:09 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\dgj8098.sys
[2009/04/29 12:20:56 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\rbeaaff.sys
[2009/04/28 19:52:04 | 00,000,201 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090505-175438.backup
[2009/04/28 19:24:42 | 00,000,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090428-195204.backup
[2009/04/28 17:33:36 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\kigohase
[2009/04/28 12:56:57 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcgba51.sys
[2009/04/27 18:49:32 | 00,136,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\ethcrzxu.sys
[2009/04/27 18:42:57 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/04/27 18:33:44 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\My Documents\desktop.ini
[2009/04/27 17:43:38 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/27 16:43:54 | 00,162,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/27 16:43:54 | 00,162,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/04/27 16:42:02 | 00,290,304 | ---- | M] () -- C:\kggi.exe
[2009/04/27 16:41:49 | 00,105,984 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\vonibusa.dll
[2009/04/27 16:41:49 | 00,078,848 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\nogopofa.exe
[2009/04/27 04:41:23 | 00,081,408 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\nuhufise.exe
[2009/04/26 04:41:46 | 00,106,496 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\bolojiju.dll
[2009/04/26 04:41:36 | 00,080,896 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\vuviyigi.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
< End of report >

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:52 AM

Posted 21 May 2009 - 01:28 PM

Ok. next step.


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - [2003/07/16 16:30:13 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
    DRV - [2009/05/04 16:54:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\34e3d3ec.sys -- (34e3d3ec [System | Stopped])
    DRV - [2009/05/06 17:45:52 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aeh1066.sys -- (aeh1066 [System | Running])
    DRV - [2009/05/05 03:01:06 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aeh3de4.sys -- (aeh3de4 [System | Running])
    DRV - [2009/05/05 13:19:01 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aeh9d98.sys -- (aeh9d98 [System | Running])
    DRV - [2009/04/30 21:09:56 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ajmec3e.sys -- (ajmec3e [System | Running])
    DRV - [2009/05/06 16:14:24 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\beib90a.sys -- (beib90a [System | Running])
    DRV - [2009/05/05 19:31:40 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\cgj0690.sys -- (cgj0690 [System | Running])
    DRV - [2009/04/30 18:20:26 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\cgj1ce8.sys -- (cgj1ce8 [System | Running])
    DRV - [2009/04/30 04:11:09 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\dgj8098.sys -- (dgj8098 [System | Running])
    DRV - [2009/05/05 17:40:02 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\dgpc15d.sys -- (dgpc15d [System | Running])
    DRV - [2009/05/06 11:29:04 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\dhka6a5.sys -- (dhka6a5 [System | Running])
    DRV - [2009/05/04 20:14:44 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ehlb317.sys -- (ehlb317 [System | Running])
    DRV - [2009/05/05 16:47:35 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\eil4374.sys -- (eil4374 [System | Running])
    DRV - [2009/04/27 18:49:32 | 00,136,192 | ---- | M] () -- C:\WINDOWS\system32\drivers\ethcrzxu.sys -- (ethcrzxu [System | Stopped])
    DRV - [2009/05/04 22:44:04 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\fil2790.sys -- (fil2790 [System | Running])
    DRV - [2009/05/05 19:14:06 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\fimc7a4.sys -- (fimc7a4 [System | Running])
    DRV - [2009/05/06 20:18:35 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\gjn2277.sys -- (gjn2277 [System | Running])
    DRV - [2009/05/01 05:10:59 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\gkn1f6c.sys -- (gkn1f6c [System | Running])
    DRV - [2009/05/05 12:14:43 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\gkn957e.sys -- (gkn957e [System | Running])
    DRV - [2009/05/05 21:08:29 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ilp9543.sys -- (ilp9543 [System | Running])
    DRV - [2009/05/01 03:12:01 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\imae990.sys -- (imae990 [System | Running])
    DRV - [2009/05/06 02:51:43 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\impf5a1.sys -- (impf5a1 [System | Running])
    DRV - [2009/05/07 12:05:27 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\jnq1921.sys -- (jnq1921 [System | Running])
    DRV - [2009/05/05 01:23:45 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\kncf099.sys -- (kncf099 [System | Running])
    DRV - [2009/05/05 12:08:04 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\knr412f.sys -- (knr412f [System | Running])
    DRV - [2009/05/05 22:02:03 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\mqtdc74.sys -- (mqtdc74 [System | Running])
    DRV - [2009/05/06 19:56:33 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ocgdf8f.sys -- (ocgdf8f [System | Running])
    DRV - [2009/05/05 14:49:17 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ocgefbb.sys -- (ocgefbb [System | Running])
    DRV - [2009/05/04 18:20:44 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\orge946.sys -- (orge946 [System | Running])
    DRV - [2003/07/16 16:33:33 | 00,002,304 | ---- | M] () -- C:\WINDOWS\System32\pcm1394.sys -- (pcm1394 [On_Demand | Stopped])
    DRV - [2009/05/04 16:57:16 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\peh06f8.sys -- (peh06f8 [System | Running])
    DRV - [2009/05/05 19:22:54 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\pshf59e.sys -- (pshf59e [System | Running])
    DRV - [2009/05/06 13:02:17 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\qad10ee.sys -- (qad10ee [System | Running])
    DRV - [2009/05/01 05:00:26 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\qtd4267.sys -- (qtd4267 [System | Running])
    DRV - [2009/05/07 02:10:14 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\rae1c2f.sys -- (rae1c2f [System | Running])
    DRV - [2009/04/29 12:20:56 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\rbeaaff.sys -- (rbeaaff [System | Running])
    DRV - [2009/05/06 02:56:39 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\sbf6b7b.sys -- (sbf6b7b [System | Running])
    DRV - [2009/04/30 16:39:54 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\sbfb749.sys -- (sbfb749 [System | Running])
    DRV - [2009/05/07 01:00:23 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcgafc4.sys -- (tcgafc4 [System | Running])
    DRV - [2009/04/28 12:56:57 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcgba51.sys -- (tcgba51 [System | Running])
    DRV - [2009/05/06 17:51:51 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tcld6ac.sys -- (tcld6ac [System | Running])
    DRV - [2009/05/05 16:44:32 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\tclf53e.sys -- (tclf53e [System | Stopped])
    O1 - Hosts: 127.0.0.1 jL.chura.pl
    O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
    O4 - HKU\.DEFAULT..\Run: [] C:\WINDOWS\TEMP\yo9kz.exe ()
    O4 - HKU\.DEFAULT..\Run: [reader_s] C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\reader_s.exe File not found
    O4 - HKU\.DEFAULT..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\yo9kz.exe ()
    O4 - HKU\S-1-5-18..\Run: [] C:\WINDOWS\TEMP\yo9kz.exe ()
    O4 - HKU\S-1-5-18..\Run: [reader_s] C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\reader_s.exe File not found
    O4 - HKU\S-1-5-18..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\yo9kz.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-1715567821-1580818891-854245398-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O20 - AppInit_DLLs: (NVDESK32.DLL) - File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\navujoko.dll) - C:\WINDOWS\System32\navujoko.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\haligogu.dll) - c:\windows\system32\haligogu.dll File not found
    O20 - Winlogon\Notify\__c00E6781: DllName - C:\WINDOWS\System32\__c00E6781.dat - C:\WINDOWS\System32\__c00E6781.dat ()
    
    :Files
    C:\windows\system32\drivers\TDSS*.*
    C:\windows\system32\TDSS*.*
    C:\windows\system32\drivers\UACd*.*
    C:\windows\system32\UACd*.*
    C:\windows\system32\drivers\gaopdx*.*
    C:\windows\system32\gaopdx*.*
    C:\windows\system32\drivers\ovfsthx*.*
    C:\windows\system32\ovfsthx*.*
    C:\WINDOWS\Tasks\At*.job
    C:\lsass.exe
    C:\ccdxwaq.exe
    C:\vjtggt.exe
    C:\rmkuwevt.exe
    C:\bOC.exe
    C:\UB13.exe
    C:\WINDOWS\System\mysmas.exe
    C:\*.tmp
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\*.tmp
    
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

=================


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Danlaff777

Danlaff777
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 21 May 2009 - 02:52 PM

ok heres the log that popped up on restart, and below that i've attached the latest OTlistit report. Combofix coming up in next post...

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Process Iexplore.exe killed successfully!

Service\Driver 34e3d3ec deleted successfully.
C:\WINDOWS\System32\drivers\34e3d3ec.sys moved successfully.

Service\Driver aeh1066 deleted successfully.
C:\WINDOWS\System32\drivers\aeh1066.sys moved successfully.

Service\Driver aeh3de4 deleted successfully.
C:\WINDOWS\System32\drivers\aeh3de4.sys moved successfully.

Service\Driver aeh9d98 deleted successfully.
C:\WINDOWS\System32\drivers\aeh9d98.sys moved successfully.

Service\Driver ajmec3e deleted successfully.
C:\WINDOWS\System32\drivers\ajmec3e.sys moved successfully.

Service\Driver beib90a deleted successfully.
C:\WINDOWS\System32\drivers\beib90a.sys moved successfully.

Service\Driver cgj0690 deleted successfully.
C:\WINDOWS\System32\drivers\cgj0690.sys moved successfully.

Service\Driver cgj1ce8 deleted successfully.
C:\WINDOWS\System32\drivers\cgj1ce8.sys moved successfully.

Service\Driver dgj8098 deleted successfully.
C:\WINDOWS\System32\drivers\dgj8098.sys moved successfully.

Service\Driver dgpc15d deleted successfully.
C:\WINDOWS\System32\drivers\dgpc15d.sys moved successfully.

Service\Driver dhka6a5 deleted successfully.
C:\WINDOWS\System32\drivers\dhka6a5.sys moved successfully.

Service\Driver ehlb317 deleted successfully.
C:\WINDOWS\System32\drivers\ehlb317.sys moved successfully.

Service\Driver eil4374 deleted successfully.
C:\WINDOWS\System32\drivers\eil4374.sys moved successfully.

Service\Driver ethcrzxu deleted successfully.
C:\WINDOWS\system32\drivers\ethcrzxu.sys moved successfully.

Service\Driver fil2790 deleted successfully.
C:\WINDOWS\System32\drivers\fil2790.sys moved successfully.

Service\Driver fimc7a4 deleted successfully.
C:\WINDOWS\System32\drivers\fimc7a4.sys moved successfully.

Service\Driver gjn2277 deleted successfully.
C:\WINDOWS\System32\drivers\gjn2277.sys moved successfully.

Service\Driver gkn1f6c deleted successfully.
C:\WINDOWS\System32\drivers\gkn1f6c.sys moved successfully.

Service\Driver gkn957e deleted successfully.
C:\WINDOWS\System32\drivers\gkn957e.sys moved successfully.

Service\Driver ilp9543 deleted successfully.
C:\WINDOWS\System32\drivers\ilp9543.sys moved successfully.

Service\Driver imae990 deleted successfully.
C:\WINDOWS\System32\drivers\imae990.sys moved successfully.

Service\Driver impf5a1 deleted successfully.
C:\WINDOWS\System32\drivers\impf5a1.sys moved successfully.

Service\Driver jnq1921 deleted successfully.
C:\WINDOWS\System32\drivers\jnq1921.sys moved successfully.

Service\Driver kncf099 deleted successfully.
C:\WINDOWS\System32\drivers\kncf099.sys moved successfully.

Service\Driver knr412f deleted successfully.
C:\WINDOWS\System32\drivers\knr412f.sys moved successfully.

Service\Driver mqtdc74 deleted successfully.
C:\WINDOWS\System32\drivers\mqtdc74.sys moved successfully.

Service\Driver ocgdf8f deleted successfully.
C:\WINDOWS\System32\drivers\ocgdf8f.sys moved successfully.

Service\Driver ocgefbb deleted successfully.
C:\WINDOWS\System32\drivers\ocgefbb.sys moved successfully.

Service\Driver orge946 deleted successfully.
C:\WINDOWS\System32\drivers\orge946.sys moved successfully.

Service\Driver pcm1394 deleted successfully.
C:\WINDOWS\System32\pcm1394.sys moved successfully.

Service\Driver peh06f8 deleted successfully.
C:\WINDOWS\System32\drivers\peh06f8.sys moved successfully.

Service\Driver pshf59e deleted successfully.
C:\WINDOWS\System32\drivers\pshf59e.sys moved successfully.

Service\Driver qad10ee deleted successfully.
C:\WINDOWS\System32\drivers\qad10ee.sys moved successfully.

Service\Driver qtd4267 deleted successfully.
C:\WINDOWS\System32\drivers\qtd4267.sys moved successfully.

Service\Driver rae1c2f deleted successfully.
C:\WINDOWS\System32\drivers\rae1c2f.sys moved successfully.

Service\Driver rbeaaff deleted successfully.
C:\WINDOWS\System32\drivers\rbeaaff.sys moved successfully.

Service\Driver sbf6b7b deleted successfully.
C:\WINDOWS\System32\drivers\sbf6b7b.sys moved successfully.

Service\Driver sbfb749 deleted successfully.
C:\WINDOWS\System32\drivers\sbfb749.sys moved successfully.

Service\Driver tcgafc4 deleted successfully.
C:\WINDOWS\System32\drivers\tcgafc4.sys moved successfully.

Service\Driver tcgba51 deleted successfully.
C:\WINDOWS\System32\drivers\tcgba51.sys moved successfully.

Service\Driver tcld6ac deleted successfully.
C:\WINDOWS\System32\drivers\tcld6ac.sys moved successfully.

Service\Driver tclf53e deleted successfully.
C:\WINDOWS\System32\drivers\tclf53e.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2BA40A1-74F3-42BD-F434-12345A2C8953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2BA40A1-74F3-42BD-F434-12345A2C8953}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\WINDOWS\TEMP\yo9kz.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\reader_s deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\uidenhiufgsduiazghs deleted successfully.
File C:\WINDOWS\TEMP\yo9kz.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File C:\WINDOWS\TEMP\yo9kz.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\reader_s not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\uidenhiufgsduiazghs not found.
File C:\WINDOWS\TEMP\yo9kz.exe not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-1715567821-1580818891-854245398-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:NVDESK32.DLL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\navujoko.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\haligogu.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00E6781\ deleted successfully.
File move failed. C:\WINDOWS\System32\__c00E6781.dat scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\windows\system32\drivers\TDSS*.* not found.
File\Folder C:\windows\system32\TDSS*.* not found.
File\Folder C:\windows\system32\drivers\UACd*.* not found.
File\Folder C:\windows\system32\UACd*.* not found.
File\Folder C:\windows\system32\drivers\gaopdx*.* not found.
File\Folder C:\windows\system32\gaopdx*.* not found.
File\Folder C:\windows\system32\drivers\ovfsthx*.* not found.
File\Folder C:\windows\system32\ovfsthx*.* not found.
File\Folder C:\WINDOWS\Tasks\At*.job not found.
C:\lsass.exe moved successfully.
C:\ccdxwaq.exe moved successfully.
C:\vjtggt.exe moved successfully.
C:\rmkuwevt.exe moved successfully.
C:\bOC.exe moved successfully.
C:\UB13.exe moved successfully.
C:\WINDOWS\System\mysmas.exe moved successfully.
C:\10.tmp moved successfully.
C:\11.tmp moved successfully.
C:\12.tmp moved successfully.
C:\13.tmp moved successfully.
C:\14.tmp moved successfully.
C:\15.tmp moved successfully.
C:\16.tmp moved successfully.
C:\17.tmp moved successfully.
C:\18.tmp moved successfully.
C:\19.tmp moved successfully.
C:\1A.tmp moved successfully.
C:\1B.tmp moved successfully.
C:\1C.tmp moved successfully.
C:\1D.tmp moved successfully.
C:\1E.tmp moved successfully.
C:\1F.tmp moved successfully.
C:\20.tmp moved successfully.
C:\22.tmp moved successfully.
C:\5.tmp moved successfully.
C:\7.tmp moved successfully.
C:\8.tmp moved successfully.
C:\99.tmp moved successfully.
C:\9B.tmp moved successfully.
C:\9C.tmp moved successfully.
C:\A.tmp moved successfully.
C:\B.tmp moved successfully.
C:\B2.tmp moved successfully.
C:\B4.tmp moved successfully.
C:\B5.tmp moved successfully.
C:\C.tmp moved successfully.
C:\D.tmp moved successfully.
C:\E.tmp moved successfully.
C:\F.tmp moved successfully.
C:\WINDOWS\System32\10.tmp moved successfully.
C:\WINDOWS\System32\109.tmp moved successfully.
C:\WINDOWS\System32\10A.tmp moved successfully.
C:\WINDOWS\System32\11.tmp moved successfully.
C:\WINDOWS\System32\12.tmp moved successfully.
C:\WINDOWS\System32\13.tmp moved successfully.
C:\WINDOWS\System32\14.tmp moved successfully.
C:\WINDOWS\System32\15.tmp moved successfully.
C:\WINDOWS\System32\16.tmp moved successfully.
C:\WINDOWS\System32\17.tmp moved successfully.
C:\WINDOWS\System32\18.tmp moved successfully.
C:\WINDOWS\System32\19.tmp moved successfully.
C:\WINDOWS\System32\1A.tmp moved successfully.
C:\WINDOWS\System32\1B.tmp moved successfully.
C:\WINDOWS\System32\1C.tmp moved successfully.
C:\WINDOWS\System32\1D.tmp moved successfully.
C:\WINDOWS\System32\1E.tmp moved successfully.
C:\WINDOWS\System32\1F.tmp moved successfully.
C:\WINDOWS\System32\20.tmp moved successfully.
C:\WINDOWS\System32\21.tmp moved successfully.
C:\WINDOWS\System32\22.tmp moved successfully.
C:\WINDOWS\System32\23.tmp moved successfully.
C:\WINDOWS\System32\24.tmp moved successfully.
C:\WINDOWS\System32\25.tmp moved successfully.
C:\WINDOWS\System32\26.tmp moved successfully.
C:\WINDOWS\System32\27.tmp moved successfully.
C:\WINDOWS\System32\28.tmp moved successfully.
C:\WINDOWS\System32\29.tmp moved successfully.
C:\WINDOWS\System32\2A.tmp moved successfully.
C:\WINDOWS\System32\2B.tmp moved successfully.
C:\WINDOWS\System32\2C.tmp moved successfully.
C:\WINDOWS\System32\2D.tmp moved successfully.
C:\WINDOWS\System32\2E.tmp moved successfully.
C:\WINDOWS\System32\2F.tmp moved successfully.
C:\WINDOWS\System32\30.tmp moved successfully.
C:\WINDOWS\System32\31.tmp moved successfully.
C:\WINDOWS\System32\32.tmp moved successfully.
C:\WINDOWS\System32\33.tmp moved successfully.
C:\WINDOWS\System32\34.tmp moved successfully.
C:\WINDOWS\System32\35.tmp moved successfully.
C:\WINDOWS\System32\36.tmp moved successfully.
C:\WINDOWS\System32\37.tmp moved successfully.
C:\WINDOWS\System32\38.tmp moved successfully.
C:\WINDOWS\System32\39.tmp moved successfully.
C:\WINDOWS\System32\3A.tmp moved successfully.
C:\WINDOWS\System32\3B.tmp moved successfully.
C:\WINDOWS\System32\3C.tmp moved successfully.
C:\WINDOWS\System32\3D.tmp moved successfully.
C:\WINDOWS\System32\3E.tmp moved successfully.
C:\WINDOWS\System32\3F.tmp moved successfully.
C:\WINDOWS\System32\40.tmp moved successfully.
C:\WINDOWS\System32\41.tmp moved successfully.
C:\WINDOWS\System32\42.tmp moved successfully.
C:\WINDOWS\System32\43.tmp moved successfully.
C:\WINDOWS\System32\44.tmp moved successfully.
C:\WINDOWS\System32\45.tmp moved successfully.
C:\WINDOWS\System32\46.tmp moved successfully.
C:\WINDOWS\System32\47.tmp moved successfully.
C:\WINDOWS\System32\48.tmp moved successfully.
C:\WINDOWS\System32\49.tmp moved successfully.
C:\WINDOWS\System32\4A.tmp moved successfully.
C:\WINDOWS\System32\4B.tmp moved successfully.
C:\WINDOWS\System32\4C.tmp moved successfully.
C:\WINDOWS\System32\4D.tmp moved successfully.
C:\WINDOWS\System32\4E.tmp moved successfully.
C:\WINDOWS\System32\4F.tmp moved successfully.
C:\WINDOWS\System32\50.tmp moved successfully.
C:\WINDOWS\System32\51.tmp moved successfully.
C:\WINDOWS\System32\52.tmp moved successfully.
C:\WINDOWS\System32\53.tmp moved successfully.
C:\WINDOWS\System32\54.tmp moved successfully.
C:\WINDOWS\System32\55.tmp moved successfully.
C:\WINDOWS\System32\56.tmp moved successfully.
C:\WINDOWS\System32\57.tmp moved successfully.
C:\WINDOWS\System32\58.tmp moved successfully.
C:\WINDOWS\System32\59.tmp moved successfully.
C:\WINDOWS\System32\5A.tmp moved successfully.
C:\WINDOWS\System32\5B.tmp moved successfully.
C:\WINDOWS\System32\5C.tmp moved successfully.
C:\WINDOWS\System32\5D.tmp moved successfully.
C:\WINDOWS\System32\5E.tmp moved successfully.
C:\WINDOWS\System32\5F.tmp moved successfully.
C:\WINDOWS\System32\60.tmp moved successfully.
C:\WINDOWS\System32\61.tmp moved successfully.
C:\WINDOWS\System32\62.tmp moved successfully.
C:\WINDOWS\System32\63.tmp moved successfully.
C:\WINDOWS\System32\64.tmp moved successfully.
C:\WINDOWS\System32\65.tmp moved successfully.
C:\WINDOWS\System32\66.tmp moved successfully.
C:\WINDOWS\System32\67.tmp moved successfully.
C:\WINDOWS\System32\68.tmp moved successfully.
C:\WINDOWS\System32\69.tmp moved successfully.
C:\WINDOWS\System32\6A.tmp moved successfully.
C:\WINDOWS\System32\6B.tmp moved successfully.
C:\WINDOWS\System32\6C.tmp moved successfully.
C:\WINDOWS\System32\6D.tmp moved successfully.
C:\WINDOWS\System32\6E.tmp moved successfully.
C:\WINDOWS\System32\6F.tmp moved successfully.
C:\WINDOWS\System32\70.tmp moved successfully.
C:\WINDOWS\System32\71.tmp moved successfully.
C:\WINDOWS\System32\72.tmp moved successfully.
C:\WINDOWS\System32\73.tmp moved successfully.
C:\WINDOWS\System32\74.tmp moved successfully.
C:\WINDOWS\System32\75.tmp moved successfully.
C:\WINDOWS\System32\758.tmp moved successfully.
C:\WINDOWS\System32\759.tmp moved successfully.
C:\WINDOWS\System32\75A.tmp moved successfully.
C:\WINDOWS\System32\75C.tmp moved successfully.
C:\WINDOWS\System32\76.tmp moved successfully.
C:\WINDOWS\System32\77.tmp moved successfully.
C:\WINDOWS\System32\78.tmp moved successfully.
C:\WINDOWS\System32\79.tmp moved successfully.
C:\WINDOWS\System32\7A.tmp moved successfully.
C:\WINDOWS\System32\7B.tmp moved successfully.
C:\WINDOWS\System32\7C.tmp moved successfully.
C:\WINDOWS\System32\7D.tmp moved successfully.
C:\WINDOWS\System32\7E.tmp moved successfully.
C:\WINDOWS\System32\7F.tmp moved successfully.
C:\WINDOWS\System32\80.tmp moved successfully.
C:\WINDOWS\System32\81.tmp moved successfully.
C:\WINDOWS\System32\82.tmp moved successfully.
C:\WINDOWS\System32\83.tmp moved successfully.
C:\WINDOWS\System32\84.tmp moved successfully.
C:\WINDOWS\System32\85.tmp moved successfully.
C:\WINDOWS\System32\86.tmp moved successfully.
C:\WINDOWS\System32\87.tmp moved successfully.
C:\WINDOWS\System32\88.tmp moved successfully.
C:\WINDOWS\System32\89.tmp moved successfully.
C:\WINDOWS\System32\8A.tmp moved successfully.
C:\WINDOWS\System32\8B.tmp moved successfully.
C:\WINDOWS\System32\8C.tmp moved successfully.
C:\WINDOWS\System32\8D.tmp moved successfully.
C:\WINDOWS\System32\8E.tmp moved successfully.
C:\WINDOWS\System32\8F.tmp moved successfully.
C:\WINDOWS\System32\90.tmp moved successfully.
C:\WINDOWS\System32\91.tmp moved successfully.
C:\WINDOWS\System32\92.tmp moved successfully.
C:\WINDOWS\System32\93.tmp moved successfully.
C:\WINDOWS\System32\94.tmp moved successfully.
C:\WINDOWS\System32\95.tmp moved successfully.
C:\WINDOWS\System32\96.tmp moved successfully.
C:\WINDOWS\System32\97.tmp moved successfully.
C:\WINDOWS\System32\98.tmp moved successfully.
C:\WINDOWS\System32\99.tmp moved successfully.
C:\WINDOWS\System32\9A.tmp moved successfully.
C:\WINDOWS\System32\9B.tmp moved successfully.
C:\WINDOWS\System32\9C.tmp moved successfully.
C:\WINDOWS\System32\9D.tmp moved successfully.
C:\WINDOWS\System32\9E.tmp moved successfully.
C:\WINDOWS\System32\9F.tmp moved successfully.
C:\WINDOWS\System32\A0.tmp moved successfully.
C:\WINDOWS\System32\A1.tmp moved successfully.
C:\WINDOWS\System32\A2.tmp moved successfully.
C:\WINDOWS\System32\A3.tmp moved successfully.
C:\WINDOWS\System32\A4.tmp moved successfully.
C:\WINDOWS\System32\A5.tmp moved successfully.
C:\WINDOWS\System32\A6.tmp moved successfully.
C:\WINDOWS\System32\A7.tmp moved successfully.
C:\WINDOWS\System32\A8.tmp moved successfully.
C:\WINDOWS\System32\A9.tmp moved successfully.
C:\WINDOWS\System32\AA.tmp moved successfully.
C:\WINDOWS\System32\AB.tmp moved successfully.
C:\WINDOWS\System32\AC.tmp moved successfully.
C:\WINDOWS\System32\AD.tmp moved successfully.
C:\WINDOWS\System32\AE.tmp moved successfully.
C:\WINDOWS\System32\AF.tmp moved successfully.
C:\WINDOWS\System32\B0.tmp moved successfully.
C:\WINDOWS\System32\B1.tmp moved successfully.
C:\WINDOWS\System32\B2.tmp moved successfully.
C:\WINDOWS\System32\B3.tmp moved successfully.
C:\WINDOWS\System32\B4.tmp moved successfully.
C:\WINDOWS\System32\B5.tmp moved successfully.
C:\WINDOWS\System32\B6.tmp moved successfully.
C:\WINDOWS\System32\B7.tmp moved successfully.
C:\WINDOWS\System32\B8.tmp moved successfully.
C:\WINDOWS\System32\B9.tmp moved successfully.
C:\WINDOWS\System32\BA.tmp moved successfully.
C:\WINDOWS\System32\BB.tmp moved successfully.
C:\WINDOWS\System32\BC.tmp moved successfully.
C:\WINDOWS\System32\BD.tmp moved successfully.
C:\WINDOWS\System32\BE.tmp moved successfully.
C:\WINDOWS\System32\BF.tmp moved successfully.
C:\WINDOWS\System32\C0.tmp moved successfully.
C:\WINDOWS\System32\C1.tmp moved successfully.
C:\WINDOWS\System32\C2.tmp moved successfully.
C:\WINDOWS\System32\C3.tmp moved successfully.
C:\WINDOWS\System32\C4.tmp moved successfully.
C:\WINDOWS\System32\C5.tmp moved successfully.
C:\WINDOWS\System32\C6.tmp moved successfully.
C:\WINDOWS\System32\C7.tmp moved successfully.
C:\WINDOWS\System32\C8.tmp moved successfully.
C:\WINDOWS\System32\C9.tmp moved successfully.
C:\WINDOWS\System32\CA.tmp moved successfully.
C:\WINDOWS\System32\CB.tmp moved successfully.
C:\WINDOWS\System32\CC.tmp moved successfully.
C:\WINDOWS\System32\CD.tmp moved successfully.
C:\WINDOWS\System32\CE.tmp moved successfully.
C:\WINDOWS\System32\CF.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\D0.tmp moved successfully.
C:\WINDOWS\System32\D1.tmp moved successfully.
C:\WINDOWS\System32\D2.tmp moved successfully.
C:\WINDOWS\System32\D3.tmp moved successfully.
C:\WINDOWS\System32\D4.tmp moved successfully.
C:\WINDOWS\System32\D5.tmp moved successfully.
C:\WINDOWS\System32\D6.tmp moved successfully.
C:\WINDOWS\System32\D7.tmp moved successfully.
C:\WINDOWS\System32\D8.tmp moved successfully.
C:\WINDOWS\System32\D9.tmp moved successfully.
C:\WINDOWS\System32\DA.tmp moved successfully.
C:\WINDOWS\System32\DB.tmp moved successfully.
C:\WINDOWS\System32\DC.tmp moved successfully.
C:\WINDOWS\System32\DD.tmp moved successfully.
C:\WINDOWS\System32\DE.tmp moved successfully.
C:\WINDOWS\System32\DF.tmp moved successfully.
C:\WINDOWS\System32\E0.tmp moved successfully.
C:\WINDOWS\System32\E1.tmp moved successfully.
C:\WINDOWS\System32\E2.tmp moved successfully.
C:\WINDOWS\System32\E3.tmp moved successfully.
C:\WINDOWS\System32\E4.tmp moved successfully.
C:\WINDOWS\System32\E5.tmp moved successfully.
C:\WINDOWS\System32\E6.tmp moved successfully.
C:\WINDOWS\System32\E7.tmp moved successfully.
C:\WINDOWS\System32\E8.tmp moved successfully.
C:\WINDOWS\System32\E9.tmp moved successfully.
C:\WINDOWS\System32\EA.tmp moved successfully.
C:\WINDOWS\System32\EB.tmp moved successfully.
C:\WINDOWS\System32\EC.tmp moved successfully.
C:\WINDOWS\System32\ED.tmp moved successfully.
C:\WINDOWS\System32\EE.tmp moved successfully.
C:\WINDOWS\System32\EF.tmp moved successfully.
C:\WINDOWS\System32\F0.tmp moved successfully.
C:\WINDOWS\System32\F1.tmp moved successfully.
C:\WINDOWS\System32\F2.tmp moved successfully.
C:\WINDOWS\System32\F3.tmp moved successfully.
C:\WINDOWS\System32\F5.tmp moved successfully.
C:\WINDOWS\msdownld.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET7.tmp moved successfully.
C:\WINDOWS\SETD.tmp moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Local Settings\Temp\etilqs_wacZrSg7EpjoJn7vDyMv scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CC91FE94000004D6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\fla50.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mpj20922.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mta13187.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mta53720.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\x1c37377.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF48A7.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05212009_152147

Files moved on Reboot...
File move failed. C:\WINDOWS\System32\__c00E6781.dat scheduled to be moved on reboot.
File C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Local Settings\Temp\etilqs_wacZrSg7EpjoJn7vDyMv not found!
C:\WINDOWS\temp\CC91FE94000004D6 moved successfully.
C:\WINDOWS\temp\fla50.tmp moved successfully.
C:\WINDOWS\temp\mpj20922.dll unregistered successfully.
C:\WINDOWS\temp\mpj20922.dll moved successfully.
C:\WINDOWS\temp\mta13187.dll unregistered successfully.
C:\WINDOWS\temp\mta13187.dll moved successfully.
C:\WINDOWS\temp\mta53720.dll unregistered successfully.
C:\WINDOWS\temp\mta53720.dll moved successfully.
C:\WINDOWS\temp\x1c37377.dll unregistered successfully.
C:\WINDOWS\temp\x1c37377.dll moved successfully.
C:\WINDOWS\temp\~DF48A7.tmp moved successfully.

Registry entries deleted on Reboot...









OTListIt logfile created on: 5/21/2009 3:47:57 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.07 Mb Total Physical Memory | 62.07 Mb Available Physical Memory | 24.33% Memory free
617.04 Mb Paging File | 356.13 Mb Available in Paging File | 57.72% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 4.49 Gb Free Space | 12.04% Space Free | Partition Type: NTFS
Drive D: | 48.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN-DVUREDE6RLU
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2003/07/16 16:28:11 | 01,024,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/03/04 11:30:48 | 00,331,776 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/03/04 11:26:20 | 00,195,072 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2005/07/04 16:46:04 | 00,073,787 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2006/08/29 03:23:44 | 05,548,032 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
PRC - [2003/07/16 16:39:13 | 00,086,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2003/07/16 16:30:13 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/04/24 00:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/20 14:15:06 | 00,523,776 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/04/11 00:16:35 | 00,093,184 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - File not found -- -- (DhcpSrv [Unknown | Stopped])
SRV - [2003/07/16 16:41:07 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/03/04 11:30:48 | 00,331,776 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - File not found -- -- (msncache [Unknown | Stopped])
SRV - File not found -- -- (MYS Mutex Algorithm Service [Auto | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - File not found -- -- (sopidkc [Unknown | Stopped])
SRV - [2003/07/16 16:41:07 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Running])
SRV - [2003/07/16 16:36:35 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspmspsv.dll -- (WmdmPmSp [Auto | Running])
SRV - [2005/07/04 16:46:04 | 00,073,787 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -- (WUSB54GCSVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2003/06/23 16:52:00 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2009/05/19 14:17:53 | 00,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\dup.sys -- (Dup [System | Stopped])
DRV - [2002/08/29 01:32:44 | 00,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2003/07/16 16:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/11/24 19:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\DRIVERS\rt73.sys -- (RT73 [On_Demand | Running])
DRV - [2003/07/16 16:44:08 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/07/16 16:33:33 | 00,002,304 | ---- | M] () -- C:\WINDOWS\System32\sndintd.sys -- (sndintd [On_Demand | Stopped])
DRV - [2002/04/03 15:51:12 | 00,144,768 | ---- | M] (Voyetra Turtle Beach) -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud [On_Demand | Running])
DRV - [2002/04/03 15:51:16 | 00,545,088 | ---- | M] (Voyetra Turtle Beach) -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm [On_Demand | Running])
DRV - [2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/20 14:10:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/20 14:10:32 | 00,000,000 | ---D | M]

[2008/10/01 14:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Extensions
[2008/10/01 14:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/21 13:34:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Firefox\Profiles\p88qvi7m.default\extensions
[2009/05/18 02:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Firefox\Profiles\p88qvi7m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/29 17:52:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Firefox\Profiles\p88qvi7m.default\extensions\moveplayer@movenetworks.com
[2009/05/21 13:34:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/20 14:10:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/06 15:10:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (29 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 63.119.44.200 www.kplmi.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c00E6781: DllName - C:\WINDOWS\System32\__c00E6781.dat - C:\WINDOWS\System32\__c00E6781.dat ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/10 17:51:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/02/28 23:42:20 | 00,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/21 15:31:51 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/21 15:42:38 | 02,277,376 | ---- | C] () -- C:\WINDOWS\System32\TRSOCR.dat
[2009/05/21 15:41:23 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\IPHACTION.dll
[2009/05/21 15:31:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\IpSvchostF.dll
[2009/05/21 15:21:47 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/21 14:24:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\tcpd.exe
[2009/05/21 14:24:04 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\AUTMGR.EXE
[2009/05/21 14:23:54 | 00,930,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32_check.dll
[2009/05/21 14:23:51 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tcpcon.dll
[2009/05/21 14:23:51 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\Packer.dll
[2009/05/21 14:23:51 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\iphy.dll
[2009/05/21 14:23:51 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/05/21 14:23:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\fiplock.dll
[2009/05/21 13:13:21 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb2.csv
[2009/05/21 13:11:13 | 00,000,634 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb.csv
[2009/05/20 14:17:31 | 13,308,944 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\cureit.exe
[2009/05/20 14:15:08 | 00,523,776 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\OTListIt2.exe
[2009/05/20 01:39:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/20 01:38:15 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7102.exe
[2009/05/19 14:32:16 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\dds.scr
[2009/05/18 19:50:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\Grisoft
[2009/05/18 19:49:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2009/05/18 19:48:12 | 12,413,440 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\av.exe
[2009/05/18 18:36:37 | 00,018,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dup.sys
[2009/05/18 15:47:52 | 00,000,390 | ---- | C] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/05/18 15:35:24 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/05/18 15:24:42 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/05/18 15:14:01 | 00,000,438 | ---- | C] () -- C:\spyhunter.fix
[2009/05/18 14:12:52 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HijackThis.lnk
[2009/05/18 14:02:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/05/18 13:55:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/18 13:55:34 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HJTInstall(2).exe
[2009/05/18 13:30:32 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/18 04:05:42 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/18 04:05:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/18 04:05:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/18 03:43:17 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/18 02:29:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2009/05/18 02:18:58 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\CCleaner.lnk
[2009/05/18 02:18:57 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/17 18:26:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/17 16:30:30 | 00,000,000 | ---D | C] -- C:\Dan Progs
[2009/05/17 15:06:33 | 00,560,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/17 14:39:08 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/16 01:48:40 | 00,000,728 | ---- | C] () -- C:\xcrashdump.dat
[2009/05/15 22:42:43 | 00,002,498 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/15 20:28:40 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c00E6781.dat
[2009/05/15 20:28:37 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\jkshfuiehi.dll
[2009/05/15 20:07:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/05/15 19:54:38 | 00,000,000 | ---D | C] -- C:\KAV
[2009/05/15 19:19:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2009/05/15 19:17:51 | 00,897,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\WGAPluginInstall.exe
[2009/05/15 18:37:06 | 00,021,056 | ---- | C] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sskbfd.sys
[2009/05/15 18:37:02 | 00,233,024 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\System32\WRLogonNtf.dll
[2009/05/15 18:36:16 | 00,000,164 | ---- | C] () -- C:\install.dat
[2009/05/15 13:10:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/05/15 13:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Downloads
[2009/05/15 13:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\GetRightToGo
[2009/05/15 12:34:21 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2009/05/15 10:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\Malwarebytes
[2009/05/15 10:22:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2009/05/14 21:01:07 | 07,526,856 | ---- | C] (Mozilla) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Firefox Setup 3.0.10.exe
[2009/05/14 15:13:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/05/14 15:08:33 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/13 03:53:25 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\My Computer.lnk
[2009/05/08 18:33:05 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/07 16:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\AVG8
[2009/05/04 18:32:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
[2009/05/01 05:08:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
[2009/05/01 03:25:27 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\fxe.sp
[2009/05/01 03:12:11 | 00,053,283 | ---- | C] () -- C:\WINDOWS\System32\paso.el
[2009/05/01 03:12:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ynh.dx
[2009/04/29 13:52:39 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/29 08:34:25 | 00,519,168 | ---- | C] (Coreguard Software) -- C:\WINDOWS\System32\Installer.exe
[2009/04/29 05:20:47 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/28 13:27:11 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/28 13:27:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2009/04/27 17:43:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/04/27 17:43:37 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/27 17:43:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009/04/27 16:41:59 | 00,290,304 | ---- | C] () -- C:\kggi.exe
[2009/04/23 12:00:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/04/23 11:59:34 | 00,002,509 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Microsoft Office Word 2003.lnk
[2009/04/23 11:59:28 | 00,001,776 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Adobe Photoshop CS2.lnk
[2009/04/23 11:58:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2009/04/23 11:54:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop
[2008/06/12 03:27:10 | 00,000,532 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/06/12 03:26:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2008/06/12 03:26:30 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/07/16 16:51:23 | 00,000,696 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 16:47:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/16 16:44:08 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/07/16 16:42:22 | 00,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2003/07/16 16:33:33 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\msncav32.dll
[2003/07/16 16:33:33 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Iasv32.dll
[2003/07/16 16:33:33 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\sndintd.sys
[2003/06/24 00:44:01 | 00,000,601 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2003/06/23 19:03:17 | 00,016,548 | ---- | C] () -- C:\WINDOWS\cs_cache.ini
[2003/06/23 17:14:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/23 16:51:59 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2003/06/23 16:51:49 | 00,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/11/29 09:50:40 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll

========== Files - Modified Within 30 Days ==========

[2009/05/21 15:42:38 | 02,441,216 | ---- | M] () -- C:\WINDOWS\System32\TRSOCR.dat
[2009/05/21 15:42:37 | 00,581,632 | ---- | M] () -- C:\WINDOWS\System32\IPHACTION.dll
[2009/05/21 15:31:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/21 15:31:26 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Local Settings\desktop.ini
[2009/05/21 15:31:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/21 15:31:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\IpSvchostF.dll
[2009/05/21 15:01:41 | 00,000,029 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/05/21 14:24:04 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\tcpd.exe
[2009/05/21 14:24:04 | 00,022,016 | ---- | M] () -- C:\WINDOWS\System32\AUTMGR.EXE
[2009/05/21 14:23:53 | 00,930,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32_check.dll
[2009/05/21 14:23:53 | 00,930,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/05/21 14:23:51 | 00,172,032 | ---- | M] () -- C:\WINDOWS\System32\tcpcon.dll
[2009/05/21 14:23:51 | 00,010,240 | ---- | M] () -- C:\WINDOWS\System32\Packer.dll
[2009/05/21 14:23:51 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\iphy.dll
[2009/05/21 14:23:51 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\fhpatch.dll
[2009/05/21 14:23:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\fiplock.dll
[2009/05/21 13:14:58 | 00,000,696 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/21 13:14:58 | 00,000,194 | -HS- | M] () -- C:\boot.ini
[2009/05/21 13:14:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/21 13:13:21 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb2.csv
[2009/05/21 13:11:13 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb.csv
[2009/05/20 23:35:17 | 00,178,176 | ---- | M] () -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/05/20 14:18:26 | 13,308,944 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\cureit.exe
[2009/05/20 14:15:06 | 00,523,776 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\OTListIt2.exe
[2009/05/20 14:10:37 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2009/05/20 02:16:07 | 00,000,728 | ---- | M] () -- C:\xcrashdump.dat
[2009/05/20 01:37:57 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7102.exe
[2009/05/19 14:32:14 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\dds.scr
[2009/05/19 14:17:53 | 00,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dup.sys
[2009/05/18 19:48:35 | 12,413,440 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\av.exe
[2009/05/18 15:47:55 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/05/18 15:24:57 | 00,000,438 | ---- | M] () -- C:\spyhunter.fix
[2009/05/18 14:12:52 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HijackThis.lnk
[2009/05/18 13:55:33 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HJTInstall(2).exe
[2009/05/18 04:06:07 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/18 02:18:58 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\CCleaner.lnk
[2009/05/17 21:51:54 | 00,560,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2009/05/17 15:06:33 | 00,560,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/17 13:58:18 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/17 13:27:02 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\__c00E6781.dat
[2009/05/15 23:12:17 | 00,002,498 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/15 20:28:37 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\jkshfuiehi.dll
[2009/05/15 19:22:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/15 19:17:54 | 00,897,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\WGAPluginInstall.exe
[2009/05/15 18:36:16 | 00,000,164 | ---- | M] () -- C:\install.dat
[2009/05/15 13:16:10 | 00,519,168 | ---- | M] (Coreguard Software) -- C:\WINDOWS\System32\Installer.exe
[2009/05/14 21:02:01 | 07,526,856 | ---- | M] (Mozilla) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Firefox Setup 3.0.10.exe
[2009/05/13 03:53:25 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\My Computer.lnk
[2009/05/11 20:17:39 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/11 20:17:39 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/11 20:17:39 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/07 21:27:06 | 00,000,532 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/05/06 15:59:20 | 00,000,601 | ---- | M] () -- C:\WINDOWS\WinInit.INI
[2009/05/05 18:03:11 | 00,305,118 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2009/05/05 17:54:38 | 00,305,118 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090505-180311.backup
[2009/05/01 03:25:27 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\fxe.sp
[2009/05/01 03:12:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ynh.dx
[2009/05/01 03:11:57 | 00,053,283 | ---- | M] () -- C:\WINDOWS\System32\paso.el
[2009/04/28 19:52:04 | 00,000,201 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090505-175438.backup
[2009/04/28 19:24:42 | 00,000,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090428-195204.backup
[2009/04/28 17:33:36 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\kigohase
[2009/04/27 18:42:57 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/04/27 18:33:44 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\My Documents\desktop.ini
[2009/04/27 17:43:38 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/27 16:43:54 | 00,162,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/27 16:43:54 | 00,162,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/04/27 16:42:02 | 00,290,304 | ---- | M] () -- C:\kggi.exe
[2009/04/27 16:41:49 | 00,105,984 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\vonibusa.dll
[2009/04/27 16:41:49 | 00,078,848 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\nogopofa.exe
[2009/04/27 04:41:23 | 00,081,408 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\nuhufise.exe
[2009/04/26 04:41:46 | 00,106,496 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\bolojiju.dll
[2009/04/26 04:41:36 | 00,080,896 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\vuviyigi.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
< End of report >

#9 Danlaff777

Danlaff777
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 21 May 2009 - 03:08 PM

damn, just when i thought we had almost killed this thing ... downloaded combofix with no danger popup, attempted to run it in both regular and safe mode and got this message both times:

............
!! Alert !! It is NOT SAFE to continue!

The contents of the combofix package has been compromised
Please download a fresh copy from:
http://bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus (Virut)
.............

combofix then uninstalls

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:52 AM

Posted 22 May 2009 - 11:41 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    SRV - File not found -- -- (DhcpSrv [Unknown | Stopped])
    SRV - File not found -- -- (msncache [Unknown | Stopped])
    SRV - File not found -- -- (MYS Mutex Algorithm Service [Auto | Stopped])
    SRV - File not found -- -- (sopidkc [Unknown | Stopped])
    DRV - [2003/07/16 16:33:33 | 00,002,304 | ---- | M] () -- C:\WINDOWS\System32\sndintd.sys -- (sndintd [On_Demand | Stopped])
    O20 - Winlogon\Notify\__c00E6781: DllName - C:\WINDOWS\System32\__c00E6781.dat - C:\WINDOWS\System32\__c00E6781.dat ()
    
    :Files
    C:\WINDOWS\System32\TRSOCR.dat
    C:\WINDOWS\System32\IPHACTION.dll
    C:\WINDOWS\System32\IpSvchostF.dll
    C:\WINDOWS\System32\tcpd.exe
    C:\WINDOWS\System32\AUTMGR.EXE
    C:\WINDOWS\System32\kernel32_check.dll
    C:\WINDOWS\System32\tcpcon.dll
    C:\WINDOWS\System32\Packer.dll
    C:\WINDOWS\System32\iphy.dll
    C:\WINDOWS\System32\fhpatch.dll
    C:\WINDOWS\System32\fiplock.dll
    C:\WINDOWS\System32\tmp.reg
    C:\WINDOWS\System32\__c00E6781.dat
    C:\WINDOWS\System32\jkshfuiehi.dll
    C:\WINDOWS\System32\3361
    C:\WINDOWS\dhcp
    C:\kggi.exe
    C:\WINDOWS\System32\vonibusa.dll
    C:\WINDOWS\System32\nogopofa.exe
    C:\WINDOWS\System32\nuhufise.exe
    C:\WINDOWS\System32\bolojiju.dll
    C:\WINDOWS\System32\vuviyigi.exe
    
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

==================


Run a new scan with DrWeb and post the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Danlaff777

Danlaff777
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 23 May 2009 - 02:56 PM

Hi Sam, sorry for the delay that Dr Web takes a long time to run so i just left it running all night last night... here is the Cureit log below.

SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop;Archive contains infected objects;Moved.;
~3242.tmp;C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop;BackDoor.Generic.1578;Deleted.;
~3247.tmp;C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop;Trojan.PWS.Tanspy;Deleted.;
Process.exe;C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop\SmitfraudFix;Tool.ShutDown.14;;
SmitfraudFix(3).exe\SmitfraudFix\Process.exe;C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop\SmitfraudFix\SmitfraudFix(3).exe;Tool.Prockill;;
SmitfraudFix(3).exe\SmitfraudFix\restart.exe;C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop\SmitfraudFix\SmitfraudFix(3).exe;Tool.ShutDown.14;;
SmitfraudFix(3).exe;C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\misc desktop\SmitfraudFix;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
lo1[1];C:\SDFix\backups_old1\movedfile.vir\Local Settings\Temporary Internet Files\Content.IE5\T633534J;Trojan.Virtumod;Deleted.;
wmvds32.dll;C:\WINDOWS\system32;Trojan.DownLoader.24817;Deleted.;
user32.dll;C:\WINDOWS\system32\dllcache;BackDoor.Zapinit;Cured.;
42.tmp;C:\_OTListIt\MovedFiles\05212009_152147\WINDOWS\System32;Trojan.MulDrop.30600;Deleted.;
47.tmp;C:\_OTListIt\MovedFiles\05212009_152147\WINDOWS\System32;Trojan.MulDrop.30600;Deleted.;
tcpcon.dll;C:\_OTListIt\MovedFiles\05222009_134009\WINDOWS\System32;Trojan.DownLoad.33121;Deleted.;

#12 Danlaff777

Danlaff777
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 23 May 2009 - 03:01 PM

Just a heads up - Downloaded Combofix again (changed the name with 'save link as' before downloading) and tried to open it and got the same "Alert! it is NOT safe to continue..." message. So unfortunately it looks like theres still a combofix problem.

#13 Danlaff777

Danlaff777
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 23 May 2009 - 03:11 PM

Latest DDS and OTlistit reports below just in case you need them:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Dan at 16:05:12.69 on Sat 05/23/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.255.39 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
svchost.exe C:\WINDOWS\TEMP\VRT3.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page =
uInternet Settings,ProxyServer = http=localhost:7171
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: c:\windows\system32\sdjee3inf.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\sdjee3inf.dll
BHO: MS extension: {d3e70f65-9d73-47ee-9e5f-2d7d1023d570} - irmserv32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [reader_s] c:\documents and settings\dan.dan-dvurede6rlu\reader_s.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [reader_s] c:\documents and settings\dan.dan-dvurede6rlu\reader_s.exe
dRun: [<NO NAME>] c:\windows\temp\oxgoxv.exe
dRun: [Windows Resurections] c:\windows\temp\oxgoxv.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Notify: __c00E6781 - c:\windows\system32\__c00E6781.dat
STS: c:\windows\system32\sdjee3inf.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\sdjee3inf.dll
LSA: Notification Packages = scecli c:\windows\system32\navujoko.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan~2.dan\applic~1\mozilla\firefox\profiles\p88qvi7m.default\
FF - plugin: c:\documents and settings\dan.dan-dvurede6rlu\application data\mozilla\firefox\profiles\p88qvi7m.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2007-4-10 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2007-4-10 545088]
S1 Dup;Dup;c:\windows\system32\drivers\dup.sys [2009-5-18 18368]
S3 sndintd;sndintd;c:\windows\system32\sndintd.sys [2003-7-16 2304]
S3 vitra;vitra;c:\windows\system32\drivers\vitra.sys --> c:\windows\system32\drivers\vitra.sys [?]
SUnknown DhcpSrv;DhcpSrv; [x]
SUnknown msncache;msncache; [x]

=============== Created Last 30 ================

2009-05-23 15:53 46,592 a------- c:\windows\system32\irmserv32.dll
2009-05-23 15:53 48 a------- c:\windows\system32\4.tmp
2009-05-23 15:25 <DIR> --d----- c:\windows\system32\3361
2009-05-23 15:24 <DIR> --d----- c:\windows\dhcp
2009-05-22 15:43 0 a------- c:\windows\system32\14.tmp
2009-05-22 14:37 0 a------- c:\windows\system32\13.tmp
2009-05-22 14:37 44,032 a------- c:\windows\system32\12.tmp
2009-05-22 14:37 40,449 a------- c:\windows\system32\11.tmp
2009-05-22 14:37 120 a------- c:\windows\system32\10.tmp
2009-05-22 14:13 0 a------- C:\15.tmp
2009-05-22 14:13 0 a------- C:\14.tmp
2009-05-22 14:13 0 a------- C:\13.tmp
2009-05-22 14:13 0 a------- C:\12.tmp
2009-05-22 14:13 0 a------- C:\11.tmp
2009-05-22 14:13 0 a------- C:\F.tmp
2009-05-22 14:13 0 a------- C:\10.tmp
2009-05-22 14:12 0 a------- C:\E.tmp
2009-05-22 14:12 0 a------- C:\D.tmp
2009-05-22 14:12 0 a------- C:\C.tmp
2009-05-22 14:12 0 a------- C:\B.tmp
2009-05-22 14:12 0 a------- C:\A.tmp
2009-05-22 14:12 0 a------- C:\9.tmp
2009-05-22 14:12 0 a------- C:\8.tmp
2009-05-22 14:12 0 a------- C:\7.tmp
2009-05-22 14:12 0 a------- C:\6.tmp
2009-05-22 14:12 51,712 a------- C:\4.tmp
2009-05-22 14:12 15,000 a------- c:\windows\system32\sdjee3inf.dll
2009-05-22 13:25 40,448 a------- c:\windows\system32\SYSDLL.exe
2009-05-22 13:25 <DIR> --d----- c:\windows\system32\121973
2009-05-22 03:38 0 a------- c:\windows\system32\76.tmp
2009-05-22 03:38 120 a------- c:\windows\system32\73.tmp
2009-05-22 03:38 0 a------- c:\windows\system32\71.tmp
2009-05-22 03:38 120 a------- c:\windows\system32\6E.tmp
2009-05-21 21:18 <DIR> --d----- c:\program files\LanqiEngine
2009-05-21 21:16 735,232 a------- c:\windows\system32\AdvOcr.dll
2009-05-21 21:16 94,208 a------- c:\windows\system32\TRSOCR.dll
2009-05-21 21:16 95 a------- c:\windows\system32\TRSOCR.ini
2009-05-21 18:08 3 a------- c:\windows\system32\bversion.dll
2009-05-21 16:03 1,094 a------- c:\windows\system32\jxa
2009-05-21 15:21 <DIR> --d----- C:\_OTListIt
2009-05-20 13:54 <DIR> --d----- c:\documents and settings\dan.dan-dvurede6rlu\DoctorWeb
2009-05-20 01:38 396,288 a------- c:\windows\system32\CF7102.exe
2009-05-18 19:50 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\Grisoft
2009-05-18 19:49 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Grisoft
2009-05-18 18:36 18,368 a------- c:\windows\system32\drivers\dup.sys
2009-05-18 15:35 <DIR> --d----- c:\program files\Exterminate It!
2009-05-18 15:24 <DIR> --d----- c:\program files\Enigma Software Group
2009-05-18 15:14 438 a------- C:\spyhunter.fix
2009-05-18 14:02 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-05-18 13:55 <DIR> --d----- c:\program files\Trend Micro
2009-05-18 13:30 <DIR> --d----- C:\VundoFix Backups
2009-05-18 04:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-18 04:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-18 03:43 <DIR> -cd-h--- c:\docume~1\alluse~1.win\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-18 02:18 <DIR> --d----- c:\program files\CCleaner
2009-05-17 18:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 16:30 <DIR> --d----- C:\Dan Progs
2009-05-17 15:06 560,128 ac------ c:\windows\system32\dllcache\user32.dll
2009-05-16 01:48 728 a------- C:\xcrashdump.dat
2009-05-15 20:28 27,648 a------- c:\windows\system32\__c00E6781.dat
2009-05-15 20:07 <DIR> -cd-h--- c:\docume~1\alluse~1.win\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-05-15 19:54 <DIR> --d----- C:\KAV
2009-05-15 18:37 21,056 a------- c:\windows\system32\drivers\sskbfd.sys
2009-05-15 18:36 164 a------- C:\install.dat
2009-05-15 13:06 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\GetRightToGo
2009-05-15 10:22 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\Malwarebytes
2009-05-15 10:22 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-05-14 15:13 <DIR> --d----- c:\windows\ERUNT
2009-05-14 15:08 <DIR> --d----- C:\SDFix
2009-05-07 16:31 <DIR> --d----- c:\docume~1\dan~2.dan\applic~1\AVG8
2009-05-04 18:32 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\NortonInstaller
2009-05-01 03:25 32,768 a------- c:\windows\system32\fxe.sp
2009-05-01 03:12 53,283 a------- c:\windows\system32\paso.el
2009-05-01 03:12 0 a------- c:\windows\ynh.dx
2009-04-29 08:34 519,168 a------- c:\windows\system32\Installer.exe
2009-04-29 01:15 45,056 a------- c:\documents and settings\dan.dan-dvurede6rlu\file.exe
2009-04-28 13:27 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-28 13:27 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-04-27 17:43 108,336 a------- c:\windows\system32\MSWINSCK.OCX

==================== Find3M ====================

2009-05-18 10:28 178,688 a------- c:\windows\system32\tpsaxyd.exe
2009-05-17 21:51 560,128 a------- c:\windows\system32\user32.dll
2009-04-27 16:43 162,432 ac------ c:\windows\system32\drivers\ndis.sys

============= FINISH: 16:07:24.36 ===============










OTListIt logfile created on: 5/23/2009 4:08:32 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.07 Mb Total Physical Memory | 24.55 Mb Available Physical Memory | 9.62% Memory free
617.04 Mb Paging File | 306.49 Mb Available in Paging File | 49.67% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 4.43 Gb Free Space | 11.89% Space Free | Partition Type: NTFS
Drive D: | 48.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN-DVUREDE6RLU
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2003/07/16 16:28:11 | 01,024,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/03/04 11:30:48 | 00,331,776 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/03/04 11:26:20 | 00,195,072 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2005/07/04 16:46:04 | 00,073,787 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2006/08/29 03:23:44 | 05,548,032 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
PRC - [2009/04/24 00:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2003/07/16 16:30:13 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/05/20 14:15:06 | 00,523,776 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\OTListIt2.exe
PRC - [2003/07/16 16:52:28 | 00,224,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/04/11 00:16:35 | 00,093,184 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - File not found -- -- (DhcpSrv [Unknown | Stopped])
SRV - [2003/07/16 16:41:07 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/03/04 11:30:48 | 00,331,776 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2003/07/16 16:25:37 | 00,044,544 | ---- | M] (X-Ways Software Technology ) -- C:\WINDOWS\System32\msncache.dll -- (msncache [Unknown | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/07/16 16:41:07 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Running])
SRV - [2003/07/16 16:36:35 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspmspsv.dll -- (WmdmPmSp [Auto | Running])
SRV - [2005/07/04 16:46:04 | 00,073,787 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -- (WUSB54GCSVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2003/06/23 16:52:00 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2009/05/19 14:17:53 | 00,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\dup.sys -- (Dup [System | Stopped])
DRV - [2002/08/29 01:32:44 | 00,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2003/07/16 16:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/11/24 19:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\DRIVERS\rt73.sys -- (RT73 [On_Demand | Running])
DRV - [2003/07/16 16:44:08 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/07/16 16:33:33 | 00,002,304 | ---- | M] () -- C:\WINDOWS\System32\sndintd.sys -- (sndintd [On_Demand | Stopped])
DRV - [2002/04/03 15:51:12 | 00,144,768 | ---- | M] (Voyetra Turtle Beach) -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud [On_Demand | Running])
DRV - [2002/04/03 15:51:16 | 00,545,088 | ---- | M] (Voyetra Turtle Beach) -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm [On_Demand | Running])
DRV - [2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/20 14:10:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/20 14:10:32 | 00,000,000 | ---D | M]

[2008/10/01 14:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Extensions
[2008/10/01 14:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/23 16:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Firefox\Profiles\p88qvi7m.default\extensions
[2009/05/18 02:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Firefox\Profiles\p88qvi7m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/29 17:52:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\mozilla\Firefox\Profiles\p88qvi7m.default\extensions\moveplayer@movenetworks.com
[2009/05/21 13:34:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/20 14:10:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/06 15:10:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (29 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 63.119.44.200 www.kplmi.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (C:\WINDOWS\System32\sdjee3inf.dll) - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\System32\sdjee3inf.dll ()
O2 - BHO: (MS extension) - {D3E70F65-9D73-47ee-9E5F-2D7D1023D570} - C:\WINDOWS\system32\irmserv32.dll (Google Inc)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKCU..\Run: [reader_s] C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\reader_s.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\ntos.exe) - C:\WINDOWS\System32\ntos.exe [FILE handle not seen by OS]
O20 - Winlogon\Notify\__c00E6781: DllName - C:\WINDOWS\System32\__c00E6781.dat - C:\WINDOWS\System32\__c00E6781.dat ()
O22 - SharedTaskScheduler: {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - gsf87hfunf98398jd - C:\WINDOWS\System32\sdjee3inf.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/10 17:51:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/02/28 23:42:20 | 00,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/23 16:00:21 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[17 C:\*.tmp files]
[10 C:\WINDOWS\System32\*.tmp files]
[2009/05/23 15:25:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/05/23 15:24:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009/05/23 15:17:09 | 00,001,754 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb3.csv
[2009/05/22 14:12:06 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\sdjee3inf.dll
[2009/05/22 13:25:44 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\SYSDLL.exe
[2009/05/22 13:25:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\121973
[2009/05/21 21:18:39 | 00,000,000 | ---D | C] -- C:\Program Files\LanqiEngine
[2009/05/21 21:16:32 | 00,735,232 | ---- | C] (???? http://www.lunchsoft.com/yzm) -- C:\WINDOWS\System32\AdvOcr.dll
[2009/05/21 21:16:17 | 00,094,208 | ---- | C] (Transym Computer Services Ltd) -- C:\WINDOWS\System32\TRSOCR.dll
[2009/05/21 21:16:16 | 00,000,095 | ---- | C] () -- C:\WINDOWS\System32\TRSOCR.ini
[2009/05/21 18:08:40 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\bversion.dll
[2009/05/21 16:03:49 | 00,001,094 | ---- | C] () -- C:\WINDOWS\System32\jxa
[2009/05/21 15:21:47 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/21 13:13:21 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb2.csv
[2009/05/21 13:11:13 | 00,000,634 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb.csv
[2009/05/20 14:17:31 | 13,308,944 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\cureit.exe
[2009/05/20 14:15:08 | 00,523,776 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\OTListIt2.exe
[2009/05/20 01:39:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/20 01:38:15 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7102.exe
[2009/05/19 14:32:16 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\dds.scr
[2009/05/18 19:50:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\Grisoft
[2009/05/18 19:49:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2009/05/18 19:48:12 | 12,413,440 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\av.exe
[2009/05/18 18:36:37 | 00,018,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dup.sys
[2009/05/18 15:47:52 | 00,000,390 | ---- | C] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/05/18 15:35:24 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/05/18 15:24:42 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/05/18 15:14:01 | 00,000,438 | ---- | C] () -- C:\spyhunter.fix
[2009/05/18 14:12:52 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HijackThis.lnk
[2009/05/18 14:02:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/05/18 13:55:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/18 13:55:34 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HJTInstall(2).exe
[2009/05/18 13:30:32 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/18 04:05:42 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/18 04:05:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/18 04:05:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/18 03:43:17 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/18 02:29:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2009/05/18 02:18:58 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\CCleaner.lnk
[2009/05/18 02:18:57 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/17 18:26:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/17 16:30:30 | 00,000,000 | ---D | C] -- C:\Dan Progs
[2009/05/17 15:06:33 | 00,560,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/17 14:39:08 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/16 01:48:40 | 00,000,728 | ---- | C] () -- C:\xcrashdump.dat
[2009/05/15 20:28:40 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c00E6781.dat
[2009/05/15 20:07:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/05/15 19:54:38 | 00,000,000 | ---D | C] -- C:\KAV
[2009/05/15 19:19:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2009/05/15 19:17:51 | 00,897,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\WGAPluginInstall.exe
[2009/05/15 18:37:06 | 00,021,056 | ---- | C] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sskbfd.sys
[2009/05/15 18:37:02 | 00,233,024 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\System32\WRLogonNtf.dll
[2009/05/15 18:36:16 | 00,000,164 | ---- | C] () -- C:\install.dat
[2009/05/15 13:10:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/05/15 13:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Downloads
[2009/05/15 13:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\GetRightToGo
[2009/05/15 12:34:21 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2009/05/15 10:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\Malwarebytes
[2009/05/15 10:22:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2009/05/14 21:01:07 | 07,526,856 | ---- | C] (Mozilla) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Firefox Setup 3.0.10.exe
[2009/05/14 15:13:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/05/14 15:08:33 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/13 03:53:25 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\My Computer.lnk
[2009/05/08 18:33:05 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/07 16:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Application Data\AVG8
[2009/05/04 18:32:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
[2009/05/01 05:08:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
[2009/05/01 03:25:27 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\fxe.sp
[2009/05/01 03:12:11 | 00,053,283 | ---- | C] () -- C:\WINDOWS\System32\paso.el
[2009/05/01 03:12:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ynh.dx
[2009/04/29 13:52:39 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/29 08:34:25 | 00,519,168 | ---- | C] (Coreguard Software) -- C:\WINDOWS\System32\Installer.exe
[2009/04/29 05:20:47 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/28 13:27:11 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/28 13:27:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2009/04/27 17:43:37 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2008/06/12 03:27:10 | 00,000,532 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/06/12 03:26:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2008/06/12 03:26:30 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/07/16 16:51:23 | 00,000,696 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 16:47:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/16 16:44:08 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/07/16 16:42:22 | 00,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2003/07/16 16:33:33 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\msncav32.dll
[2003/07/16 16:33:33 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Iasv32.dll
[2003/07/16 16:33:33 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\sndintd.sys
[2003/06/24 00:44:01 | 00,000,601 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2003/06/23 19:03:17 | 00,016,548 | ---- | C] () -- C:\WINDOWS\cs_cache.ini
[2003/06/23 17:14:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/23 16:51:59 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2003/06/23 16:51:49 | 00,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/11/29 09:50:40 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll

========== Files - Modified Within 30 Days ==========

[17 C:\*.tmp files]
[10 C:\WINDOWS\System32\*.tmp files]
[2009/05/23 15:53:50 | 00,001,094 | ---- | M] () -- C:\WINDOWS\System32\jxa
[2009/05/23 15:52:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/23 15:51:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Local Settings\desktop.ini
[2009/05/23 15:51:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/23 15:17:09 | 00,001,754 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb3.csv
[2009/05/22 14:12:06 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\sdjee3inf.dll
[2009/05/22 13:28:07 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\__c00E6781.dat
[2009/05/22 13:25:43 | 00,040,448 | ---- | M] () -- C:\WINDOWS\System32\SYSDLL.exe
[2009/05/21 21:18:38 | 00,735,232 | ---- | M] (???? http://www.lunchsoft.com/yzm) -- C:\WINDOWS\System32\AdvOcr.dll
[2009/05/21 21:18:38 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\bversion.dll
[2009/05/21 21:16:31 | 00,094,208 | ---- | M] (Transym Computer Services Ltd) -- C:\WINDOWS\System32\TRSOCR.dll
[2009/05/21 21:16:17 | 00,000,095 | ---- | M] () -- C:\WINDOWS\System32\TRSOCR.ini
[2009/05/21 15:01:41 | 00,000,029 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/05/21 14:23:53 | 00,930,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/05/21 13:14:58 | 00,000,696 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/21 13:14:58 | 00,000,194 | -HS- | M] () -- C:\boot.ini
[2009/05/21 13:14:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/21 13:13:21 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb2.csv
[2009/05/21 13:11:13 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\DrWeb.csv
[2009/05/20 14:18:26 | 13,308,944 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\cureit.exe
[2009/05/20 14:15:06 | 00,523,776 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\OTListIt2.exe
[2009/05/20 14:10:37 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2009/05/20 02:16:07 | 00,000,728 | ---- | M] () -- C:\xcrashdump.dat
[2009/05/20 01:37:57 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7102.exe
[2009/05/19 14:32:14 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\dds.scr
[2009/05/19 14:17:53 | 00,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dup.sys
[2009/05/18 19:48:35 | 12,413,440 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\av.exe
[2009/05/18 15:47:55 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/05/18 15:24:57 | 00,000,438 | ---- | M] () -- C:\spyhunter.fix
[2009/05/18 14:12:52 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HijackThis.lnk
[2009/05/18 13:55:33 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\HJTInstall(2).exe
[2009/05/18 10:28:28 | 00,178,688 | ---- | M] () -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/05/18 04:06:07 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/18 02:18:58 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\CCleaner.lnk
[2009/05/17 21:51:54 | 00,560,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2009/05/17 15:06:34 | 00,560,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/17 13:58:18 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/15 19:22:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/15 19:17:54 | 00,897,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\WGAPluginInstall.exe
[2009/05/15 18:36:16 | 00,000,164 | ---- | M] () -- C:\install.dat
[2009/05/15 13:16:10 | 00,519,168 | ---- | M] (Coreguard Software) -- C:\WINDOWS\System32\Installer.exe
[2009/05/14 21:02:01 | 07,526,856 | ---- | M] (Mozilla) -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\Firefox Setup 3.0.10.exe
[2009/05/13 03:53:25 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\Desktop\My Computer.lnk
[2009/05/11 20:17:39 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/11 20:17:39 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/11 20:17:39 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/07 21:27:06 | 00,000,532 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/05/06 15:59:20 | 00,000,601 | ---- | M] () -- C:\WINDOWS\WinInit.INI
[2009/05/05 18:03:11 | 00,305,118 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2009/05/05 17:54:38 | 00,305,118 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090505-180311.backup
[2009/05/01 03:25:27 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\fxe.sp
[2009/05/01 03:12:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ynh.dx
[2009/05/01 03:11:57 | 00,053,283 | ---- | M] () -- C:\WINDOWS\System32\paso.el
[2009/04/28 19:52:04 | 00,000,201 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090505-175438.backup
[2009/04/28 19:24:42 | 00,000,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090428-195204.backup
[2009/04/28 17:33:36 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\kigohase
[2009/04/27 18:42:57 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/04/27 18:33:44 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\My Documents\desktop.ini
[2009/04/27 17:43:38 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/27 16:43:54 | 00,162,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/27 16:43:54 | 00,162,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
< End of report >

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:52 AM

Posted 24 May 2009 - 10:05 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    O2 - BHO: (C:\WINDOWS\System32\sdjee3inf.dll) - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\System32\sdjee3inf.dll ()
    O2 - BHO: (MS extension) - {D3E70F65-9D73-47ee-9E5F-2D7D1023D570} - C:\WINDOWS\system32\irmserv32.dll (Google Inc)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKCU..\Run: [reader_s] C:\Documents and Settings\Dan.DAN-DVUREDE6RLU\reader_s.exe File not found
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\ntos.exe) - C:\WINDOWS\System32\ntos.exe [FILE handle not seen by OS]
    O20 - Winlogon\Notify\__c00E6781: DllName - C:\WINDOWS\System32\__c00E6781.dat - C:\WINDOWS\System32\__c00E6781.dat ()
    O22 - SharedTaskScheduler: {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - gsf87hfunf98398jd - C:\WINDOWS\System32\sdjee3inf.dll ()
    
    :Files
    C:\*.tmp
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\System32\3361
    C:\WINDOWS\dhcp
    C:\WINDOWS\System32\sdjee3inf.dll
    C:\WINDOWS\System32\SYSDLL.exe
    C:\WINDOWS\System32\121973
    C:\Program Files\LanqiEngine
    C:\WINDOWS\System32\AdvOcr.dll
    C:\WINDOWS\System32\TRSOCR.dll
    C:\WINDOWS\System32\TRSOCR.ini
    C:\WINDOWS\System32\bversion.dll
    C:\WINDOWS\System32\CF7102.exe
    C:\WINDOWS\System32\__c00E6781.dat
    C:\WINDOWS\System32\jxa
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL2 log.

====================


Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Danlaff777

Danlaff777
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 26 May 2009 - 07:33 PM

sorry sam these scans are taking a very long time (especially the AVP tool - my computer has crashed on more than one occasion while attempting to run it) I'll do my best to get a log up for you soon.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users