Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus System Pro


  • This topic is locked This topic is locked
4 replies to this topic

#1 kameron78

kameron78

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 30 November 2009 - 01:31 AM

This virus started popping up and i couldn't go on internet explorer because it wouldn't let me go to any websites without paying for the program. But i had firefox and was able to browse the internet for help on how to remove it. But when i looked over the steps on how to remove it, i couldn't find the program where they said it would be.

C:\Documents and Settings\Owner\Local Settings\Application Data\btymlg\ijeisysguard.exe is part of the virus i think. I deleted it, but it still shows up in this.

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:59 PM

Posted 30 November 2009 - 11:14 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 kameron78

kameron78
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 01 December 2009 - 12:07 AM

Thank you for responding so fast!

It seems that the computer may have another virus since yesterday, called Advanced Virus Remover, and it wont let me run applications saying that the program that I'm trying to start has a virus and wants me to buy the protection. It also wouldn't allow me to access Task Manager. So when I run the OTL program, i can finish the scan, but when it says scan complete, it crashes due to the virus. I'm guessing its because OTL is making the save files and that's when its recognized and the virus pops in to stop it. But i researched and was able to unlock the task manager by typing "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f" in RUN prompt area and was able to end the process "AVR.exe". This seemed to have stopped the pop ups for now and i was able to go into program files and delete it. I will be leaving my computer on till this virus is gone or until you tell me i should restart it. I was able to do another scan on Hijackthis and OTL and i attached them. Thanks again for your help.

Here is GMER...

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-30 20:59:57
Windows 5.1.2600 Service Pack 3
Running: 2wpn9gwn.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwwcqaod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAE5C56B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAE5C5574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAE5C5A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAE5C514C]
SSDT spmh.sys ZwEnumerateKey [0xF73ADDA4]
SSDT spmh.sys ZwEnumerateValueKey [0xF73AE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAE5C564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAE5C508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAE5C50F0]
SSDT spmh.sys ZwQueryKey [0xF73AE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAE5C576E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAE5C572E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAE5C58AE]

INT 0x62 ? 87161BF8
INT 0x82 ? 87161BF8
INT 0x83 ? 87161BF8
INT 0x83 ? 87161BF8
INT 0x83 ? 86CB1F00
INT 0x83 ? 87161BF8
INT 0xB4 ? 86CB1F00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 2 Bytes [8C, 50]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 80504660 2 Bytes [F0, 50]
? spmh.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5EB9000, 0x1C5D38, 0xE8000020]
.text USBPORT.SYS!DllUnload F5E988AC 5 Bytes JMP 86CB14E0
.text a8bd5lxd.SYS F57F9386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a8bd5lxd.SYS F57F93AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a8bd5lxd.SYS F57F93C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a8bd5lxd.SYS F57F93C9 1 Byte [2E]
.text a8bd5lxd.SYS F57F93C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1976] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 01152717 c:\windows\system32\nalerosa.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1976] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01152E15 c:\windows\system32\nalerosa.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7390042] spmh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F739013E] spmh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73900C0] spmh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7390800] spmh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73906D6] spmh.sys
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a8bd5lxd.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F739FE9C] spmh.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00760002
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00760000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8714E1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 861841F8
Device \FileSystem\Udfs \UdfsCdRom 86CB0500
Device \FileSystem\Udfs \UdfsDisk 86CB0500

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 86E102B0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 871621F8
Device \Driver\dmio \Device\DmControl\DmConfig 871621F8
Device \Driver\dmio \Device\DmControl\DmPnP 871621F8
Device \Driver\dmio \Device\DmControl\DmInfo 871621F8
Device \Driver\usbehci \Device\USBPDO-1 86D49500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 871D31F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 871D31F8
Device \Driver\Cdrom \Device\CdRom0 86CF5500
Device \Driver\usbstor \Device\000000b0 86C98500
Device \Driver\Cdrom \Device\CdRom1 86CF5500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\sptd \Device\1386174768 spmh.sys
Device \Driver\Cdrom \Device\CdRom2 86CF5500
Device \Driver\usbstor \Device\000000c1 86C98500
Device \Driver\usbstor \Device\000000b4 86C98500
Device \Driver\usbstor \Device\000000b5 86C98500
Device \Driver\NetBT \Device\NetBt_Wins_Export 861521F8
Device \Driver\usbstor \Device\000000b6 86C98500
Device \Driver\PCI_PNP7268 \Device\00000084 spmh.sys
Device \Driver\NetBT \Device\NetbiosSmb 861521F8
Device \Driver\usbstor \Device\000000b7 86C98500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 86E102B0
Device \Driver\usbehci \Device\USBFDO-1 86D49500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 861941F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 861941F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7DD732BA-5E2D-475A-926E-D237FFC3E0FD} 861521F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C82F691C-F91F-4094-8DB1-D4331FB65FF7} 861521F8
Device \Driver\Ftdisk \Device\FtControl 871D31F8
Device \Driver\usbstor \Device\000000bd 86C98500
Device \Driver\a8bd5lxd \Device\Scsi\a8bd5lxd1Port4Path0Target0Lun0 86D24500
Device \Driver\a8bd5lxd \Device\Scsi\a8bd5lxd1 86D24500
Device \FileSystem\Fastfat \Fat 861841F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 86D4F500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x69 0xF4 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x19 0xD1 0x15 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5B 0x69 0x06 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xC6 0xB9 0x43 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x69 0xF4 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x19 0xD1 0x15 0x18 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5B 0x69 0x06 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xC6 0xB9 0x43 ...

---- EOF - GMER 1.0.15 ----




OTL logfile created on: 12/1/2009 12:41:32 AM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 423.55 Mb Available Physical Memory | 41.42% Memory free
2.40 Gb Paging File | 1.67 Gb Available in Paging File | 69.49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 70.76 Gb Free Space | 30.97% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 1.39 Gb Free Space | 31.64% Space Free | Partition Type: FAT32
Drive E: | 6.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 323.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-944A765532
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/30 16:39:59 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2009/11/28 22:41:39 | 00,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009/11/28 01:06:34 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/09/29 18:08:50 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009/09/15 02:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 02:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 02:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 02:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 02:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/14 15:37:30 | 00,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/09/02 14:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:27:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/09/01 23:45:02 | 03,224,848 | ---- | M] (Garena Interactive PTE LTD) -- C:\Program Files\Garena\Garena.exe
PRC - [2009/08/24 12:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/12/18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/29 19:12:22 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/28 08:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2007/02/14 06:36:15 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/08/06 22:10:34 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/12/14 21:06:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/12/14 10:32:24 | 05,247,488 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
PRC - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/08/11 15:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/07/04 15:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2005/04/30 17:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2009/11/30 16:39:59 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2009/08/31 18:11:39 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\nalerosa.dll
MOD - [2009/08/30 06:12:01 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\system32\nokanoza.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (WUSB54GCSVC)
SRV - [2009/11/28 22:41:39 | 00,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/11/28 01:06:34 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/09/29 21:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/09/29 18:08:50 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/09/15 02:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 02:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 02:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 02:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/16 16:30:00 | 03,233,912 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/21 22:22:36 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/28 08:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/14 06:36:15 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/10/30 09:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/06 22:10:34 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/04/30 17:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.etsy.com/
IE - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\S-1-5-21-3762143748-2639739301-3043083911-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.etsy.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1A8B30B6-AE86-4053-B082-DC5713D18F71}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{1A8B30B6-AE86-4053-B082-DC5713D18F71}: C:\Documents and Settings\Owner\Local Settings\Application Data\{1A8B30B6-AE86-4053-B082-DC5713D18F71} [2009/09/23 17:28:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/04 14:57:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/27 15:09:02 | 00,000,000 | ---D | M]

[2009/10/04 14:57:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/30 19:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\26wmjyb1.default\extensions
[2009/11/30 19:08:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (806 bytes) - C:\WINDOWS\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 217.148.179.75 nprotect.battlelands.net
O1 - Hosts: 70.87.69.66 nprotect.ryl.com.my
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [92013621] C:\Documents and Settings\All Users\Application Data\92013621\92013621.exe File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [payudunih] C:\WINDOWS\System32\nalerosa.DLL ()
O4 - HKLM..\Run: [pnkukbgo] C:\Documents and Settings\Owner\Local Settings\Application Data\btymlg\ijeisysguard.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\remind_xp.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe ()
O4 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\AVR.exe File not found
O4 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage =
O7 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage =
O7 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage =
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} http://72.29.84.224/OCX/gwnet.cab (ActiveXPortal Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtual...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1175136842359 (MUWebControl Class)
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} http://www.legendofares.com/download/mgusamanagerv1001.cab (MGAME manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://linds.digitalcameradeveloping.com/u...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (nokanoza.dll) - C:\WINDOWS\System32\nokanoza.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\nalerosa.dll) - C:\WINDOWS\system32\nalerosa.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe ()
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - C:\WINDOWS\System32\GTGina.dll (Gemtek)
O20 - Winlogon\Notify\__c002C833: DllName - C:\WINDOWS\system32\__c002C833.dat - C:\WINDOWS\system32\__c002C833.dat (Canon Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: hukodogel - {74f90ceb-d8d0-4403-9b13-affab6289f8b} - C:\WINDOWS\system32\nalerosa.dll ()
O22 - SharedTaskScheduler: {74f90ceb-d8d0-4403-9b13-affab6289f8b} - kupuhivus - C:\WINDOWS\system32\nalerosa.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 17:13:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/11 18:27:33 | 00,000,140 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{807792e6-7883-11de-aa15-0018f8a526a6}\Shell - "" = AutoRun
O33 - MountPoints2\{807792e6-7883-11de-aa15-0018f8a526a6}\Shell\1\Command - "" = G:\.\RECYCLER\Lcass.exe -- File not found
O33 - MountPoints2\{807792e6-7883-11de-aa15-0018f8a526a6}\Shell\2\Command - "" = G:\.\RECYCLER\Lcass.exe -- File not found
O33 - MountPoints2\{807792e6-7883-11de-aa15-0018f8a526a6}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/02/20 17:17:16 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/30 18:22:50 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/11/29 22:11:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/29 22:11:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 22:11:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 22:05:37 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/11/29 18:03:24 | 00,046,080 | ---- | C] (AIMP DevTeam) -- C:\vbaaaah.exe
[2009/11/29 18:03:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2009/11/28 01:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PunkBuster
[2009/11/27 23:59:30 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/11/26 19:20:41 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/11/19 13:03:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/11/18 18:07:24 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/11/17 23:29:46 | 00,000,000 | ---D | C] -- C:\Program Files\Activision
[2009/11/17 20:46:47 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2005/05/11 22:36:48 | 00,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/01 00:45:37 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rupamoza
[2009/12/01 00:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ndyutazt.job
[2009/11/30 23:33:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/11/30 23:13:29 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/30 23:13:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/11/30 23:13:11 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/11/30 23:12:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/30 23:12:27 | 00,232,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/30 23:12:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/30 23:12:11 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/30 23:10:59 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/30 23:10:43 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/30 23:10:09 | 04,237,378 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/30 22:40:13 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\Owner\ntuser.pol
[2009/11/30 21:05:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2009/11/30 20:45:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2009/11/30 20:25:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2009/11/30 20:05:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/11/30 19:45:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/11/30 19:25:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/11/30 19:05:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/11/30 17:54:13 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2009/11/30 16:54:29 | 00,000,259 | ---- | M] () -- C:\xcrashdump.dat
[2009/11/29 23:13:08 | 00,713,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lancraft.exe
[2009/11/29 22:13:52 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/29 22:11:27 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 22:05:37 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2009/11/29 18:54:55 | 00,000,517 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to oct etsy.lnk
[2009/11/29 18:08:40 | 00,214,016 | ---- | M] () -- C:\evcwinw.exe
[2009/11/29 18:04:44 | 00,052,736 | ---- | M] () -- C:\imoliv.exe
[2009/11/29 18:03:31 | 00,046,080 | ---- | M] (AIMP DevTeam) -- C:\vbaaaah.exe
[2009/11/29 09:25:31 | 00,000,916 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/28 22:41:39 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/11/28 22:41:39 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/11/28 21:54:39 | 00,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/11/28 18:50:03 | 00,000,241 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Welcome to Facebook! Facebook.url
[2009/11/28 11:52:42 | 00,000,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\U.S. Bank Personal Banking.url
[2009/11/28 01:06:34 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/11/28 00:14:48 | 00,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2009/11/28 00:14:48 | 00,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2009/11/28 00:14:19 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2009/11/28 00:13:53 | 00,000,319 | ---- | M] () -- C:\WINDOWS\game.ini
[2009/11/27 12:39:20 | 00,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/11/26 19:20:41 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ProcessScanner.lnk
[2009/11/26 13:24:19 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/11/19 16:48:42 | 00,000,262 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Send Money, Money Transfer - PayPal.url
[2009/11/19 08:04:04 | 00,000,212 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\www.etsy.com.url
[2009/11/18 14:10:50 | 00,000,226 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Handmade and Artisan - Gifts, Jewelry, Clothing, Art & Food – 1000 Markets.url
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/30 22:40:04 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\Owner\ntuser.pol
[2009/11/30 21:05:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/11/30 20:45:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/11/30 20:25:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/11/30 20:05:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/11/30 19:45:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/11/30 19:25:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/11/30 19:05:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/11/30 18:45:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/11/30 18:11:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/11/30 18:11:52 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/11/30 18:11:45 | 00,027,136 | -HS- | C] () -- C:\WINDOWS\System32\winupdate86.exe
[2009/11/30 18:11:45 | 00,027,136 | -HS- | C] () -- C:\WINDOWS\System32\winlogon86.exe
[2009/11/30 18:11:44 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ndyutazt.job
[2009/11/30 17:54:13 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2009/11/29 23:10:42 | 00,713,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lancraft.exe
[2009/11/29 22:13:52 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/29 22:11:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 22:05:37 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2009/11/29 21:28:37 | 00,000,259 | ---- | C] () -- C:\xcrashdump.dat
[2009/11/29 18:03:39 | 00,052,736 | ---- | C] () -- C:\imoliv.exe
[2009/11/29 18:03:29 | 00,214,016 | ---- | C] () -- C:\evcwinw.exe
[2009/11/28 01:09:15 | 00,215,104 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/11/28 00:14:48 | 00,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2009/11/28 00:14:48 | 00,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2009/11/28 00:14:19 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2009/11/28 00:13:53 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/11/26 19:20:41 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ProcessScanner.lnk
[2009/11/18 18:07:25 | 00,002,207 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/11/17 19:59:48 | 00,283,042 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Alganon Uninstall Log.txt
[2009/10/24 01:39:32 | 00,631,448 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Alganon Setup Log.txt
[2009/10/17 02:20:40 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/14 11:10:06 | 01,511,424 | ---- | C] () -- C:\WINDOWS\System32\sn3win.dll
[2009/10/09 08:09:04 | 00,007,965 | ---- | C] () -- C:\WINDOWS\axesaciwiqulo.dll
[2009/09/16 09:19:37 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/09/16 08:07:02 | 00,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/09/15 04:39:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\XTrapD12.sys
[2009/08/31 18:11:41 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\lijujuto.dll
[2009/08/31 18:11:40 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\refobaju.dll
[2009/08/31 18:11:39 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\nalerosa.dll
[2009/08/31 18:11:39 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bimujofo.dll
[2009/08/30 06:12:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\nunayeta.dll
[2009/08/30 06:12:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\nokanoza.dll
[2009/08/30 06:12:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\kulufegi.dll
[2009/08/30 06:11:27 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dayoyadu.dll
[2009/08/30 06:11:25 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yirumuno.dll
[2009/08/30 06:11:24 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\yejedufi.dll
[2009/08/29 18:12:08 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\mesafari.dll
[2009/08/29 18:12:07 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\wifufulu.dll
[2009/08/29 18:12:07 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\ritinezu.dll
[2009/05/06 18:23:53 | 00,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/02/15 17:47:30 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/12/26 22:41:10 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/12/26 22:41:01 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/12/26 22:12:26 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/03/03 18:33:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/01/29 11:31:35 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/11/21 20:29:28 | 00,000,044 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2006/11/03 15:23:50 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/03 15:23:50 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/27 11:04:50 | 00,121,654 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Cosmos Prefs
[2006/10/13 17:16:53 | 00,006,736 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/09/18 16:20:23 | 00,066,927 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/09/18 16:20:23 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/09/18 16:18:21 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2006/09/18 16:18:20 | 00,000,352 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2006/09/18 16:18:20 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/09/18 16:16:12 | 00,002,423 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/09/18 16:16:12 | 00,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/09/18 16:15:58 | 00,002,829 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_InstantShareJPG.log
[2006/09/18 16:15:58 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/09/18 16:15:14 | 00,003,623 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_IZClosingDiscError.log
[2006/09/18 16:15:14 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/09/18 16:13:17 | 00,005,573 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/09/18 16:13:17 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/18 16:11:39 | 00,050,680 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/09/18 16:11:39 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/09/17 15:17:45 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/09/17 15:13:10 | 00,002,609 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/04 12:45:06 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/17 11:45:21 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/14 22:05:41 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/08/14 17:46:35 | 00,001,206 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/14 17:46:31 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/14 12:26:31 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/06 22:08:57 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/06 20:39:43 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\lpcio.dll
[2005/08/05 21:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 09:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 15:49:16 | 00,001,220 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 15:49:16 | 00,000,477 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/09/16 08:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2006/08/29 13:24:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2006/08/22 16:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/02/09 23:40:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/09/09 12:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/10/04 07:48:14 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2007/03/01 02:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\SampleView
[2007/02/26 18:36:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2009/09/16 08:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2008/01/14 16:49:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM
[2009/04/24 17:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HDRsoft
[2006/12/23 15:32:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/09/03 22:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2006/08/29 13:56:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2008/08/27 19:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2006/08/07 06:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/12/06 19:41:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2006/10/13 17:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/11/30 18:11:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/12/01 00:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\ndyutazt.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/08/06 22:47:15 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2009/11/29 18:08:40 | 00,214,016 | ---- | M] () -- C:\evcwinw.exe
[2007/02/15 19:01:52 | 00,745,088 | ---- | M] () -- C:\Google Updater.exe
[2009/11/29 18:04:44 | 00,052,736 | ---- | M] () -- C:\imoliv.exe
[2007/11/07 07:03:18 | 00,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2009/11/29 18:03:31 | 00,046,080 | ---- | M] (AIMP DevTeam) -- C:\vbaaaah.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/10 11:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/10 11:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/10 11:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2005/10/12 12:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\I386\DRV\SCS\iastor.sys
[2005/10/12 12:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iastor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/10 11:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 15:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >
< End of report >

Attached Files


Edited by Buckeye_Sam, 01 December 2009 - 07:55 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:59 PM

Posted 01 December 2009 - 08:04 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2009/08/31 18:11:39 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\nalerosa.dll
    MOD - [2009/08/30 06:12:01 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\system32\nokanoza.dll
    O4 - HKLM..\Run: [92013621] C:\Documents and Settings\All Users\Application Data\92013621\92013621.exe File not found
    O4 - HKLM..\Run: [payudunih] C:\WINDOWS\System32\nalerosa.DLL ()
    O4 - HKLM..\Run: [pnkukbgo] C:\Documents and Settings\Owner\Local Settings\Application Data\btymlg\ijeisysguard.exe File not found
    O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe ()
    O4 - HKU\S-1-5-21-3762143748-2639739301-3043083911-1006..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\AVR.exe File not found
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O20 - AppInit_DLLs: (nokanoza.dll) - C:\WINDOWS\System32\nokanoza.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\nalerosa.dll) - C:\WINDOWS\system32\nalerosa.dll ()
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe ()
    O20 - Winlogon\Notify\__c002C833: DllName - C:\WINDOWS\system32\__c002C833.dat - C:\WINDOWS\system32\__c002C833.dat (Canon Inc.)
    O21 - SSODL: hukodogel - {74f90ceb-d8d0-4403-9b13-affab6289f8b} - C:\WINDOWS\system32\nalerosa.dll ()
    O22 - SharedTaskScheduler: {74f90ceb-d8d0-4403-9b13-affab6289f8b} - kupuhivus - C:\WINDOWS\system32\nalerosa.dll ()
    O33 - MountPoints2\{807792e6-7883-11de-aa15-0018f8a526a6}\Shell - "" = AutoRun
    O33 - MountPoints2\{807792e6-7883-11de-aa15-0018f8a526a6}\Shell\1\Command - "" = G:\.\RECYCLER\Lcass.exe -- File not found
    O33 - MountPoints2\{807792e6-7883-11de-aa15-0018f8a526a6}\Shell\2\Command - "" = G:\.\RECYCLER\Lcass.exe -- File not found
    O33 - MountPoints2\{807792e6-7883-11de-aa15-0018f8a526a6}\Shell\AutoRun - "" = Auto&Play
    [2009/11/29 18:03:24 | 00,046,080 | ---- | C] (AIMP DevTeam) -- C:\vbaaaah.exe
    [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2009/12/01 00:45:37 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rupamoza
    [2009/12/01 00:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ndyutazt.job
    [2009/11/30 23:33:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2009/11/30 23:13:29 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/11/30 23:13:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
    [2009/11/30 23:13:11 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
    [2009/11/30 21:05:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
    [2009/11/30 20:45:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
    [2009/11/30 20:25:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
    [2009/11/30 20:05:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
    [2009/11/30 19:45:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
    [2009/11/30 19:25:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
    [2009/11/30 19:05:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
    [2009/11/29 18:08:40 | 00,214,016 | ---- | M] () -- C:\evcwinw.exe
    [2009/11/29 18:04:44 | 00,052,736 | ---- | M] () -- C:\imoliv.exe
    [2009/08/31 18:11:41 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\lijujuto.dll
    [2009/08/31 18:11:40 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\refobaju.dll
    [2009/08/31 18:11:39 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\nalerosa.dll
    [2009/08/31 18:11:39 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bimujofo.dll
    [2009/08/30 06:12:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\nunayeta.dll
    [2009/08/30 06:12:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\nokanoza.dll
    [2009/08/30 06:12:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\kulufegi.dll
    [2009/08/30 06:11:27 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\dayoyadu.dll
    [2009/08/30 06:11:25 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\yirumuno.dll
    [2009/08/30 06:11:24 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\yejedufi.dll
    [2009/08/29 18:12:08 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\mesafari.dll
    [2009/08/29 18:12:07 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\wifufulu.dll
    [2009/08/29 18:12:07 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\ritinezu.dll
    
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:59 PM

Posted 13 December 2009 - 11:56 AM

Unfortunately there has been no response. :(
This topic will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users