Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laptop infected with trojan.vundo


  • Please log in to reply
32 replies to this topic

#1 drunkluck

drunkluck

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 16 December 2009 - 07:42 PM

Hey, you guys helped me out with this problem about 10 months ago, and things have been working great. Until now. For security software I'm running symantec endpoint protection. Thanks in advance for your help once again.

DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Elijah P at 19:17:02.34 on Wed 12/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.454 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Elijah P\Desktop\anti-malware\dds.scr
C:\Program Files\Java\jre6\bin\jucheck.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uSearch Bar = hxxp://www.toshiba.com/search
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [fukisukih] Rundll32.exe "c:\windows\system32\mehadafa.dll",a
StartupFolder: c:\docume~1\elijah~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {045C481D-FA6D-4599-BD82-44E837A8AD6C} = 83.149.115.182
TCP: {41FAE386-F50F-4210-ACB3-1720EEA145B1} = 83.149.115.182
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
AppInit_DLLs: c:\windows\system32\nulahovo.dll nupakeyo.dll lolazonu.dll c:\windows\system32\mehadafa.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: domewewab - {ebf46ab2-5762-45ed-a4f2-76f95929d3d1} - c:\windows\system32\nulahovo.dll
SSODL: wobinuneb - {a66a2480-865f-45ca-bae1-17f814ed382a} - c:\windows\system32\tunayiri.dll
SSODL: gudinekiw - {3cdbee6e-07c5-46f8-961e-1750ec2fa917} - c:\windows\system32\mehadafa.dll
STS: jugezatag: {ebf46ab2-5762-45ed-a4f2-76f95929d3d1} - c:\windows\system32\nulahovo.dll
STS: jugezatag: {a66a2480-865f-45ca-bae1-17f814ed382a} - c:\windows\system32\tunayiri.dll
STS: kupuhivus: {3cdbee6e-07c5-46f8-961e-1750ec2fa917} - c:\windows\system32\mehadafa.dll
LSA: Notification Packages = scecli psqlpwd fihuyuyu.dll nijonina.dll
mASetup: {11FC12D0-1A72-12D2-992D-5BC14F992BC7} - c:\windows\system32\javan.exe
mASetup: {990B770D-62AE-5421-DA6D-16033B76258C} - %SystemRoot%\system32\winup.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2009-8-19 95592]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2007-5-24 29156]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2005-12-22 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2005-12-22 33024]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2005-12-22 3456]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-5-9 2240944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-30 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091213.020\NAVENG.SYS [2009-12-14 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091213.020\NAVEX15.SYS [2009-12-14 1323568]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys --> c:\windows\system32\drivers\actccid.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]

=============== Created Last 30 ================

2009-12-17 00:04:35 0 ----a-w- C:\Settings.ini
2009-11-17 05:23:32 2713 --sh--w- c:\windows\system32\habajugi.exe

==================== Find3M ====================

2009-12-11 02:01:11 87608 ----a-w- c:\docume~1\elijah~1\applic~1\inst.exe
2009-12-11 02:01:10 47360 ----a-w- c:\docume~1\elijah~1\applic~1\pcouffin.sys
2005-11-03 23:29:16 72832 -c--a-r- c:\windows\inf\CamAvb.sys
2009-09-06 18:00:12 52224 --sha-w- c:\windows\system32\gayuhiyu.dll
2009-09-13 02:41:10 39424 --sha-w- c:\windows\system32\higesila.dll
2009-09-10 17:30:49 91648 --sha-w- c:\windows\system32\hugiyawi.dll
2009-09-16 17:22:18 38400 --sha-w- c:\windows\system32\huvezopi.dll
2009-08-28 02:51:20 1 --sha-w- c:\windows\system32\jifopufo.dll
2009-09-16 17:22:18 61952 --sha-w- c:\windows\system32\kuripeda.dll
2009-09-14 14:42:22 38400 --sha-w- c:\windows\system32\lekobiga.dll
2009-09-13 02:41:10 92160 --sha-w- c:\windows\system32\mapogiro.dll
2009-09-09 17:14:15 38912 --sha-w- c:\windows\system32\nawotami.dll
2009-09-13 02:41:17 51712 --sha-w- c:\windows\system32\nijonina.dll
2009-09-09 01:43:44 52224 --sha-w- c:\windows\system32\pehililu.dll
2009-09-06 18:00:12 91648 --sha-w- c:\windows\system32\pohulomo.dll
2009-09-14 02:41:56 38912 --sha-w- c:\windows\system32\rugoyire.dll
2009-09-12 14:23:55 38400 --sha-w- c:\windows\system32\sapuseba.dll
2009-09-11 17:06:36 38400 --sha-w- c:\windows\system32\sayukemi.dll
2009-09-13 02:41:10 51712 --sha-w- c:\windows\system32\suwefosa.dll
2009-09-13 14:41:32 91648 --sha-w- c:\windows\system32\tomiluvo.dll
2009-09-13 14:41:32 38912 --sha-w- c:\windows\system32\tupejuha.dll
2009-09-09 01:43:44 92672 --sha-w- c:\windows\system32\vefejutu.dll
2009-09-09 01:43:44 39424 --sha-w- c:\windows\system32\wurituya.dll
2009-09-09 17:14:15 91648 --sha-w- c:\windows\system32\yetamale.dll
2009-09-10 17:30:49 38912 --sha-w- c:\windows\system32\zotagope.dll
2009-09-13 02:00:04 52224 --sha-w- c:\windows\system32\zutozube.dll
2008-11-09 11:07:45 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110920081110\index.dat

============= FINISH: 19:19:50.07 ===============

Attached Files


Edited by drunkluck, 16 December 2009 - 08:01 PM.


BC AdBot (Login to Remove)

 


#2 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:04:26 AM

Posted 29 December 2009 - 09:43 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#3 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:07:26 AM

Posted 07 January 2010 - 01:25 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact me or another staff member.

Everyone else please start a new topic.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#4 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:07:26 AM

Posted 07 January 2010 - 06:55 PM

Topic reopened upon users request.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#5 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:07:26 AM

Posted 07 January 2010 - 06:56 PM

Please post the required logs.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#6 drunkluck

drunkluck
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 07 January 2010 - 07:02 PM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Elijah P at 8:08:31.77 on Thu 01/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.248 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
C:\Documents and Settings\Elijah P\Desktop\anti-malware\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uSearch Bar = hxxp://www.toshiba.com/search
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [fukisukih] Rundll32.exe "c:\windows\system32\tunayiri.dll",a
StartupFolder: c:\docume~1\elijah~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {045C481D-FA6D-4599-BD82-44E837A8AD6C} = 83.149.115.182
TCP: {41FAE386-F50F-4210-ACB3-1720EEA145B1} = 83.149.115.182
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
AppInit_DLLs: c:\windows\system32\nulahovo.dll,nupakeyo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: domewewab - {ebf46ab2-5762-45ed-a4f2-76f95929d3d1} - c:\windows\system32\nulahovo.dll
SSODL: wobinuneb - {a66a2480-865f-45ca-bae1-17f814ed382a} - c:\windows\system32\tunayiri.dll
SSODL: gudinekiw - {3cdbee6e-07c5-46f8-961e-1750ec2fa917} - c:\windows\system32\mehadafa.dll
SSODL: sadanased - {c88aa053-9552-4ae4-b30e-1d05a9896f12} - c:\windows\system32\wavafiyo.dll
SSODL: porolafeb - {af82706a-9017-4521-9ec1-6fd920905ab6} - c:\windows\system32\zikeyame.dll
STS: jugezatag: {ebf46ab2-5762-45ed-a4f2-76f95929d3d1} - c:\windows\system32\nulahovo.dll
STS: jugezatag: {a66a2480-865f-45ca-bae1-17f814ed382a} - c:\windows\system32\tunayiri.dll
STS: kupuhivus: {3cdbee6e-07c5-46f8-961e-1750ec2fa917} - c:\windows\system32\mehadafa.dll
STS: tokatiluy: {c88aa053-9552-4ae4-b30e-1d05a9896f12} - c:\windows\system32\wavafiyo.dll
STS: jugezatag: {af82706a-9017-4521-9ec1-6fd920905ab6} - c:\windows\system32\zikeyame.dll
LSA: Notification Packages = scecli psqlpwd fihuyuyu.dll
mASetup: {11FC12D0-1A72-12D2-992D-5BC14F992BC7} - c:\windows\system32\javan.exe
mASetup: {990B770D-62AE-5421-DA6D-16033B76258C} - %SystemRoot%\system32\winup.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2009-8-19 95592]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2007-5-24 29156]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2005-12-22 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2005-12-22 33024]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2005-12-22 3456]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-5-9 2240944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-30 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091231.118\NAVENG.SYS [2010-1-7 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091231.118\NAVEX15.SYS [2010-1-7 1323568]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys --> c:\windows\system32\drivers\actccid.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]

=============== Created Last 30 ================

2009-12-17 00:04:35 0 ----a-w- C:\Settings.ini

==================== Find3M ====================

2009-12-11 02:01:11 87608 ----a-w- c:\docume~1\elijah~1\applic~1\inst.exe
2009-12-11 02:01:10 47360 ----a-w- c:\docume~1\elijah~1\applic~1\pcouffin.sys
2009-11-17 05:23:32 2713 --sh--w- c:\windows\system32\habajugi.exe
2005-11-03 23:29:16 72832 -c--a-r- c:\windows\inf\CamAvb.sys
2009-09-21 00:39:20 38400 --sha-w- c:\windows\system32\fapimana.dll
2009-09-22 18:56:28 37888 --sha-w- c:\windows\system32\farolafo.dll
1601-01-01 00:03:28 38400 --sha-w- c:\windows\system32\fozovinu.dll
2009-09-06 18:00:12 52224 --sha-w- c:\windows\system32\gayuhiyu.dll
2009-09-13 02:41:10 39424 --sha-w- c:\windows\system32\higesila.dll
2009-09-10 17:30:49 91648 --sha-w- c:\windows\system32\hugiyawi.dll
2009-09-16 17:22:18 38400 --sha-w- c:\windows\system32\huvezopi.dll
2009-08-28 02:51:20 1 --sha-w- c:\windows\system32\jifopufo.dll
2009-09-25 17:25:38 38400 --sha-w- c:\windows\system32\johuwepu.dll
2009-09-14 14:42:22 38400 --sha-w- c:\windows\system32\lekobiga.dll
2009-09-13 02:41:10 92160 --sha-w- c:\windows\system32\mapogiro.dll
2009-09-20 00:31:28 1 --sha-w- c:\windows\system32\mofesime.dll
2009-09-09 17:14:15 38912 --sha-w- c:\windows\system32\nawotami.dll
2009-09-30 17:05:41 38400 --sha-w- c:\windows\system32\nerefone.dll
2009-09-09 01:43:44 52224 --sha-w- c:\windows\system32\pehililu.dll
2009-09-24 17:30:02 91648 --sha-w- c:\windows\system32\pilerana.dll
2009-09-06 18:00:12 91648 --sha-w- c:\windows\system32\pohulomo.dll
2009-09-24 17:30:02 37888 --sha-w- c:\windows\system32\puzuduju.dll
2009-09-21 13:43:24 38912 --sha-w- c:\windows\system32\rahohipa.dll
2009-09-14 02:41:56 38912 --sha-w- c:\windows\system32\rugoyire.dll
2009-09-12 14:23:55 38400 --sha-w- c:\windows\system32\sapuseba.dll
2009-09-11 17:06:36 38400 --sha-w- c:\windows\system32\sayukemi.dll
2009-09-13 02:41:10 51712 --sha-w- c:\windows\system32\suwefosa.dll
2009-09-30 17:05:41 61952 --sha-w- c:\windows\system32\tobuvuzi.dll
2009-09-13 14:41:32 91648 --sha-w- c:\windows\system32\tomiluvo.dll
2009-09-13 14:41:32 38912 --sha-w- c:\windows\system32\tupejuha.dll
2009-09-09 01:43:44 92672 --sha-w- c:\windows\system32\vefejutu.dll
2009-09-09 01:43:44 39424 --sha-w- c:\windows\system32\wurituya.dll
2009-09-09 17:14:15 91648 --sha-w- c:\windows\system32\yetamale.dll
2009-09-17 22:48:59 38912 --sha-w- c:\windows\system32\yinehuma.dll
2009-09-19 12:31:47 38912 --sha-w- c:\windows\system32\yuhisona.dll
2009-09-10 17:30:49 38912 --sha-w- c:\windows\system32\zotagope.dll
2009-09-13 02:00:04 52224 --sha-w- c:\windows\system32\zutozube.dll
2009-09-19 00:20:48 38912 --sha-w- c:\windows\system32\zuwipode.dll
2008-11-09 11:07:45 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110920081110\index.dat

============= FINISH: 8:09:45.23 ===============

Attached Files



#7 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:07:26 AM

Posted 07 January 2010 - 08:21 PM

Hi drunkluck,



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.



Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#8 drunkluck

drunkluck
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 09 January 2010 - 07:25 PM

OTL logfile created on: 1/9/2010 7:10:27 PM - Run 1
OTL by OldTimer - Version 3.1.22.0 Folder = C:\Documents and Settings\Elijah P\Desktop\anti-malware
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 410.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 16.27 Gb Free Space | 14.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK
Current User Name: Elijah P
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/09 19:09:54 | 00,543,232 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elijah P\Desktop\anti-malware\OTL.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/19 20:46:52 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/09 20:59:02 | 02,240,944 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/05/09 20:07:02 | 01,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/05/09 20:07:00 | 02,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/01 04:25:38 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 04:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/08/30 20:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2006/10/09 13:28:56 | 00,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/10/09 13:22:58 | 00,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/02/15 12:56:40 | 00,184,320 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
PRC - [2006/02/07 17:10:14 | 00,106,496 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
PRC - [2006/01/05 17:02:24 | 00,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/12/22 00:33:02 | 00,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2005/12/20 14:22:14 | 00,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/12/16 03:32:58 | 00,761,945 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/12/16 03:21:00 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/12/05 14:37:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/30 15:25:22 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/11/28 13:41:50 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 13:37:52 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 13:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 13:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 13:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/17 18:44:38 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2005/11/02 19:41:04 | 00,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/10/15 09:29:08 | 00,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\agrsmmsg.exe
PRC - [2005/07/12 20:14:42 | 00,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/06/01 00:00:12 | 00,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 23:59:58 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 19:13:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 19:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 03:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/28 03:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,092,160 | -HS- | M] () -- C:\WINDOWS\system32\nopasopa.dll
MOD - [2099/01/01 12:00:00 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\system32\netipohi.dll
MOD - [2010/01/09 19:09:54 | 00,543,232 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elijah P\Desktop\anti-malware\OTL.exe
MOD - [2008/05/09 20:08:02 | 00,357,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\sysfer.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/20 14:22:34 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/05/12 03:38:14 | 00,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/05/09 20:59:02 | 02,240,944 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/05/09 20:07:00 | 02,479,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/02/01 04:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 04:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/11 23:05:27 | 03,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/10/10 00:11:08 | 00,724,992 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/02/15 12:56:40 | 00,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2006/02/07 17:10:14 | 00,106,496 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2005/12/20 14:22:14 | 00,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/11/28 13:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 13:29:00 | 00,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 13:28:14 | 00,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 20:14:42 | 00,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/14 15:05:02 | 00,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/01/17 19:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (350653 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12022 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\agrsmmsg.exe (Agere Systems)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [degejibaf] C:\WINDOWS\System32\yiliyawu.DLL ()
O4 - HKLM..\Run: [fukisukih] C:\WINDOWS\System32\nopasopa.DLL ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\Elijah P\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\windows\system32\nopasopa.dll) - C:\WINDOWS\system32\nopasopa.dll ()
O20 - AppInit_DLLs: (netipohi.dll) - C:\WINDOWS\System32\netipohi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: domewewab - {ebf46ab2-5762-45ed-a4f2-76f95929d3d1} - C:\WINDOWS\System32\nulahovo.dll File not found
O21 - SSODL: gomagored - {99edeae8-e09c-4bd1-8d74-4db941f657c4} - C:\WINDOWS\system32\nopasopa.dll ()
O21 - SSODL: gudinekiw - {3cdbee6e-07c5-46f8-961e-1750ec2fa917} - C:\WINDOWS\System32\mehadafa.dll File not found
O21 - SSODL: porolafeb - {af82706a-9017-4521-9ec1-6fd920905ab6} - C:\WINDOWS\System32\zikeyame.dll File not found
O21 - SSODL: sadanased - {c88aa053-9552-4ae4-b30e-1d05a9896f12} - C:\WINDOWS\System32\wavafiyo.dll File not found
O21 - SSODL: wobinuneb - {a66a2480-865f-45ca-bae1-17f814ed382a} - C:\WINDOWS\System32\tunayiri.dll File not found
O22 - SharedTaskScheduler: {3cdbee6e-07c5-46f8-961e-1750ec2fa917} - kupuhivus - C:\WINDOWS\System32\mehadafa.dll File not found
O22 - SharedTaskScheduler: {99edeae8-e09c-4bd1-8d74-4db941f657c4} - jugezatag - C:\WINDOWS\system32\nopasopa.dll ()
O22 - SharedTaskScheduler: {a66a2480-865f-45ca-bae1-17f814ed382a} - jugezatag - C:\WINDOWS\System32\tunayiri.dll File not found
O22 - SharedTaskScheduler: {af82706a-9017-4521-9ec1-6fd920905ab6} - jugezatag - C:\WINDOWS\System32\zikeyame.dll File not found
O22 - SharedTaskScheduler: {c88aa053-9552-4ae4-b30e-1d05a9896f12} - tokatiluy - C:\WINDOWS\System32\wavafiyo.dll File not found
O22 - SharedTaskScheduler: {ebf46ab2-5762-45ed-a4f2-76f95929d3d1} - jugezatag - C:\WINDOWS\System32\nulahovo.dll File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/02/15 10:38:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5d84f402-1a93-11dc-af89-001302530772}\Shell\Auto\command - "" = F:\boot.exe -- File not found
O33 - MountPoints2\{5d84f402-1a93-11dc-af89-001302530772}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0bdf184-eb8b-11db-af68-001302530772}\Shell - "" = AutoRun
O33 - MountPoints2\{b0bdf184-eb8b-11db-af68-001302530772}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0bdf184-eb8b-11db-af68-001302530772}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d1dd7adf-1be4-11dc-af8b-001302530772}\Shell - "" = AutoRun
O33 - MountPoints2\{d1dd7adf-1be4-11dc-af8b-001302530772}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d1dd7adf-1be4-11dc-af8b-001302530772}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d1dd7ae0-1be4-11dc-af8b-001302530772}\Shell\Auto\command - "" = boot.exe
O33 - MountPoints2\{d1dd7ae0-1be4-11dc-af8b-001302530772}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/15 10:38:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/03 15:23:48 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Elijah P\My Documents\My Safe
[2009/08/19 19:43:10 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Elijah P\Application Data\pcouffin.sys
[2009/01/09 00:58:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2008/12/30 18:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/12/12 06:24:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
[2008/11/09 06:09:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/26 03:36:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/07/11 17:58:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2006/02/15 11:25:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/02/15 10:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/15 10:38:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\yiliyawu.dll
[2099/01/01 12:00:00 | 00,092,160 | -HS- | M] () -- C:\WINDOWS\System32\nopasopa.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\sosilega.dll
[2099/01/01 12:00:00 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\netipohi.dll
[2099/01/01 12:00:00 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\gogolaka.dll
[2099/01/01 12:00:00 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\dukugiki.dll
[2099/01/01 12:00:00 | 00,039,936 | -HS- | M] () -- C:\WINDOWS\System32\jifuharu.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\fozovinu.dll
[2010/01/09 19:08:56 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\lafidibe
[2010/01/09 08:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\urwlunxu.job
[2010/01/09 07:32:55 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Elijah P\NTUSER.DAT
[2010/01/08 22:16:00 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/08 22:12:09 | 00,140,800 | ---- | M] () -- C:\Documents and Settings\Elijah P\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 20:00:02 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\myypzelo.job
[2010/01/08 20:00:01 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ebofgzhc.job
[2010/01/08 20:00:00 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\cnisfoyr.job
[2010/01/08 19:06:56 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/08 19:00:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 19:00:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/08 19:00:05 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 08:35:37 | 00,000,372 | ---- | M] () -- C:\Documents and Settings\Elijah P\My Documents\spider.sav
[2010/01/03 07:21:07 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Elijah P\ntuser.ini
[2010/01/02 05:56:11 | 00,001,041 | ---- | M] () -- C:\Documents and Settings\Elijah P\Application Data\vso_ts_preview.xml
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\yiliyawu.dll
[2099/01/01 12:00:00 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\nopasopa.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\sosilega.dll
[2099/01/01 12:00:00 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\netipohi.dll
[2099/01/01 12:00:00 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\gogolaka.dll
[2099/01/01 12:00:00 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\dukugiki.dll
[2099/01/01 12:00:00 | 00,039,936 | -HS- | C] () -- C:\WINDOWS\System32\jifuharu.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\fozovinu.dll
[2010/01/09 07:32:15 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\urwlunxu.job
[2009/09/30 12:05:41 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\nerefone.dll
[2009/09/25 12:25:38 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\johuwepu.dll
[2009/09/24 12:30:02 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\pilerana.dll
[2009/09/24 12:30:02 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\puzuduju.dll
[2009/09/22 13:56:28 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\farolafo.dll
[2009/09/21 08:43:24 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\rahohipa.dll
[2009/09/20 19:39:20 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\fapimana.dll
[2009/09/19 19:31:28 | 00,000,001 | -HS- | C] () -- C:\WINDOWS\System32\mofesime.dll
[2009/09/19 07:31:47 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\yuhisona.dll
[2009/09/18 19:20:48 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\zuwipode.dll
[2009/09/17 17:48:59 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\yinehuma.dll
[2009/09/16 12:22:18 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\huvezopi.dll
[2009/09/14 09:42:22 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\lekobiga.dll
[2009/09/13 21:41:56 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\rugoyire.dll
[2009/09/13 09:41:32 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\tomiluvo.dll
[2009/09/13 09:41:32 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\tupejuha.dll
[2009/09/12 21:41:10 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\mapogiro.dll
[2009/09/12 21:41:10 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\suwefosa.dll
[2009/09/12 21:41:10 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\higesila.dll
[2009/09/12 21:00:04 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\zutozube.dll
[2009/09/12 09:23:55 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\sapuseba.dll
[2009/09/11 12:06:36 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\sayukemi.dll
[2009/09/10 12:30:49 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\hugiyawi.dll
[2009/09/10 12:30:49 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\zotagope.dll
[2009/09/09 12:14:15 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\yetamale.dll
[2009/09/09 12:14:15 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\nawotami.dll
[2009/09/08 20:43:44 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\vefejutu.dll
[2009/09/08 20:43:44 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\pehililu.dll
[2009/09/08 20:43:44 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wurituya.dll
[2009/09/06 13:00:12 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\pohulomo.dll
[2009/09/06 13:00:12 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\gayuhiyu.dll
[2009/08/27 21:51:20 | 00,000,001 | -HS- | C] () -- C:\WINDOWS\System32\jifopufo.dll
[2009/08/19 19:44:01 | 00,001,041 | ---- | C] () -- C:\Documents and Settings\Elijah P\Application Data\vso_ts_preview.xml
[2009/08/19 19:43:33 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Elijah P\Application Data\pcouffin.log
[2009/08/19 19:43:10 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Elijah P\Application Data\inst.exe
[2009/08/19 19:43:10 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Elijah P\Application Data\pcouffin.cat
[2009/08/19 19:43:10 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Elijah P\Application Data\pcouffin.inf
[2009/04/26 19:28:57 | 00,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/11/09 16:10:00 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/12/20 00:01:20 | 00,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/20 00:00:44 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/11/12 15:33:49 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/08/06 23:31:48 | 00,000,246 | ---- | C] () -- C:\WINDOWS\ARCADE.INI
[2007/05/24 04:15:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/04/10 12:44:12 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/04/08 02:24:58 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/08 01:38:54 | 00,000,067 | ---- | C] () -- C:\Documents and Settings\Elijah P\Application Data\setup.txt
[2007/02/18 21:34:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/18 21:34:11 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/18 21:34:11 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/18 21:34:09 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/18 21:34:09 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/08/25 19:53:10 | 00,700,416 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2006/08/25 19:53:10 | 00,249,856 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2006/08/25 19:53:10 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\mcs_vfw.dll
[2006/08/25 19:52:51 | 00,057,344 | R--- | C] () -- C:\WINDOWS\HAJEInstall.dll
[2006/07/02 14:37:37 | 00,140,800 | ---- | C] () -- C:\Documents and Settings\Elijah P\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/20 12:04:52 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/11 14:05:58 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Elijah P\Local Settings\Application Data\fusioncache.dat
[2006/03/09 22:24:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/24 23:28:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/16 10:07:58 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 04:50:52 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 04:25:21 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 04:25:21 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 04:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 04:25:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 04:25:21 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 04:25:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 11:41:53 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 11:41:53 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 11:40:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 11:28:50 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 11:28:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 11:28:50 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 11:28:50 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 11:25:00 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 11:21:53 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 10:44:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 10:34:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 09:09:00 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/28 23:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 17:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 00:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 21:46:00 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/12/30 00:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Entriq
[2008/11/09 03:00:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/04/29 21:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2006/07/19 23:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
[2007/08/24 08:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2008/11/09 02:39:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/09/03 19:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/04/26 19:39:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2006/08/25 17:33:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2006/08/25 18:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/02/16 04:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/28 14:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/11/09 02:58:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\HotSync
[2006/06/16 23:07:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\InterVideo
[2007/11/12 16:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\Leadertech
[2007/08/24 08:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\Otto
[2007/04/30 20:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\Protector Suite
[2007/04/08 01:38:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\Simple Star
[2006/06/12 13:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\Snapfish
[2006/02/16 04:18:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\toshiba
[2006/08/25 17:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\Ulead Systems
[2009/11/02 19:13:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\uTorrent
[2010/01/02 05:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elijah P\Application Data\Vso
[2010/01/08 20:00:00 | 00,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\cnisfoyr.job
[2010/01/08 20:00:01 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\ebofgzhc.job
[2010/01/08 20:00:02 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\myypzelo.job
[2010/01/09 08:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\urwlunxu.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 07:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/09 03:13:18 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 07:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/11/09 03:13:18 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/09 03:13:18 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 07:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/11/09 03:13:18 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 01:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2005/12/22 00:44:48 | 00,023,552 | ---- | M] (UPEK Inc.) MD5=8CA7B44951735F43DB15EF23F1BC9397 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: KR10N.SYS >
[2005/01/12 03:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys
[2005/01/12 03:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 01,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2008/05/09 20:07:18 | 00,048,000 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2008/05/09 20:08:00 | 00,107,904 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2008/05/09 20:08:02 | 00,357,760 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\WINDOWS:7C1B9F3392378BBE
< End of report >

#9 drunkluck

drunkluck
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 09 January 2010 - 07:26 PM

OTL Extras logfile created on: 1/9/2010 7:10:27 PM - Run 1
OTL by OldTimer - Version 3.1.22.0 Folder = C:\Documents and Settings\Elijah P\Desktop\anti-malware
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 410.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 16.27 Gb Free Space | 14.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK
Current User Name: Elijah P
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore -- (Microsoft Corporation)
"C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" = C:\Program Files\TOSHIBA\Tvs\TvsTray.exe:*:Enabled:TvsTray -- (TOSHIBA Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe:*:Enabled:SmcGui -- (Symantec Corporation)
"C:\WINDOWS\Temp\tmp1063.dll" = C:\WINDOWS\Temp\tmp1063.dll:*:Enabled:tmp1063 -- File not found
"C:\WINDOWS\system32\TPSMain.exe" = C:\WINDOWS\system32\TPSMain.exe:*:Enabled:TPSMain -- (TOSHIBA Corporation)
"C:\WINDOWS\Temp\tmp7.dll" = C:\WINDOWS\Temp\tmp7.dll:*:Enabled:tmp7 -- ()
"C:\Program Files\Common Files\Symantec Shared\COH\COH32.exe" = C:\Program Files\Common Files\Symantec Shared\COH\COH32.exe:*:Enabled:coh32 -- (Symantec Corporation)
"C:\WINDOWS\Temp\tmp6.dll" = C:\WINDOWS\Temp\tmp6.dll:*:Enabled:tmp6 -- ()
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:*:Enabled:SynTPEnh -- (Synaptics, Inc.)
"C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe" = C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe:*:Enabled:Dot1XCfg -- (Intel Corporation)
"C:\WINDOWS\Temp\tmp5C.dll" = C:\WINDOWS\Temp\tmp5C.dll:*:Enabled:tmp5C -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A
"{2B34414C-14FB-11D6-A329-0050045C24B2}" = DVD@ccess 2.0.3
"{2E2966EA-2169-4E42-8A8A-CC1749D80088}" = Symantec Endpoint Protection
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5DBD3F5B-B4DD-4C89-8436-A9391C471033}" = Nero 7 Ultra Edition
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.3.139
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A4DB0F6C-851E-44E3-82EF-40D1C215A5FD}" = Maxtor Encryption
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = Protector Suite 5.4
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EECDDEA0-DB76-4488-8E52-0EF1DF63700A}" = Microsoft IntelliPoint 5.4
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BDDecrypter_is1" = Version 6.0 (Build 20090625)
"Bejeweled 2 Deluxe 1.1.3.2523" = Bejeweled 2 Deluxe 1.1.3.2523
"CloneDVD2" = CloneDVD2
"Drug Lord 2" = Drug Lord 2
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"InstallShield_{A4DB0F6C-851E-44E3-82EF-40D1C215A5FD}" = Maxtor Encryption
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.84 Full
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero PhotoShow Express 4" = Nero PhotoShow Express 4
"Nero Sipps!UninstallKey" = Nero Sipps
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Samsung_SMP4" = Samsung Video Codec 1.1 Uninstall
"SamsungCamCorderDriver" = Samsung CamCorder Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2010 9:07:24 AM | Computer Name = NOTEBOOK | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan.Vundo!gen4 in File: C:\WINDOWS\Temp\BIT3C.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 1/7/2010 9:07:25 AM | Computer Name = NOTEBOOK | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Vundo!gen4 in File: C:\WINDOWS\Temp\BIT3C.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 1/7/2010 9:07:27 AM | Computer Name = NOTEBOOK | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan.Vundo!gen4 in File: C:\WINDOWS\Temp\BIT3E.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 1/7/2010 9:07:27 AM | Computer Name = NOTEBOOK | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Vundo!gen4 in File: C:\WINDOWS\Temp\BIT3E.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 1/7/2010 9:07:29 AM | Computer Name = NOTEBOOK | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan.Vundo!gen4 in File: C:\WINDOWS\Temp\BIT40.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 1/7/2010 9:07:29 AM | Computer Name = NOTEBOOK | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Vundo!gen4 in File: C:\WINDOWS\Temp\BIT40.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 1/8/2010 1:05:15 PM | Computer Name = NOTEBOOK | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan.Vundo!gen4 in File: C:\WINDOWS\system32\wumupara.dll
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 1/8/2010 1:05:19 PM | Computer Name = NOTEBOOK | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Vundo!gen4 in File: C:\WINDOWS\system32\wumupara.dll
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 1/8/2010 7:57:52 PM | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module bio.dll, version
5.4.0.2688, fault address 0x0001c700.

Error - 1/8/2010 8:03:04 PM | Computer Name = NOTEBOOK | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
bio.dll, version 5.4.0.2688, fault address 0x0001c700.

[ System Events ]
Error - 1/3/2010 5:37:35 PM | Computer Name = NOTEBOOK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/4/2010 1:40:30 PM | Computer Name = NOTEBOOK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/4/2010 2:02:02 PM | Computer Name = NOTEBOOK | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/5/2010 3:02:02 PM | Computer Name = NOTEBOOK | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/7/2010 9:02:06 AM | Computer Name = NOTEBOOK | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/8/2010 10:43:56 PM | Computer Name = NOTEBOOK | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
another computer on the network has the same name. The server could not start.

Error - 1/9/2010 8:43:18 AM | Computer Name = NOTEBOOK | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 1/9/2010 8:43:44 AM | Computer Name = NOTEBOOK | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 1/9/2010 8:44:12 AM | Computer Name = NOTEBOOK | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 1/9/2010 8:44:37 AM | Computer Name = NOTEBOOK | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.


< End of report >

#10 drunkluck

drunkluck
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 09 January 2010 - 08:11 PM

Every time I try to run GMER the computer reboots before the scan completes. I made sure that A/V was disabled, disconnected from the internet, no other programs were running whatsoever. I tried it 4 times, every time the same thing happened. Let me know if what you want me to do.

#11 drunkluck

drunkluck
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 12 January 2010 - 06:01 PM

Hey, do you have any advice on the GMER scan and why it won't complete without causing my computer to reboot? Or can we move forward without it?

#12 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:07:26 AM

Posted 12 January 2010 - 11:29 PM

Sorry for the delay:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    MOD - [2099/01/01 12:00:00 | 00,092,160 | -HS- | M] () -- C:\WINDOWS\system32\nopasopa.dll
    MOD - [2099/01/01 12:00:00 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\system32\netipohi.dll
    O4 - HKLM..\Run: [CFSServ.exe] File not found
    O4 - HKLM..\Run: [degejibaf] C:\WINDOWS\System32\yiliyawu.DLL ()
    O4 - HKLM..\Run: [fukisukih] C:\WINDOWS\System32\nopasopa.DLL ()
    O20 - AppInit_DLLs: (c:\windows\system32\nopasopa.dll) - C:\WINDOWS\system32\nopasopa.dll ()
    O20 - AppInit_DLLs: (netipohi.dll) - C:\WINDOWS\System32\netipohi.dll ()
    O21 - SSODL: domewewab - {ebf46ab2-5762-45ed-a4f2-76f95929d3d1} - C:\WINDOWS\System32\nulahovo.dll File not found
    O21 - SSODL: gomagored - {99edeae8-e09c-4bd1-8d74-4db941f657c4} - C:\WINDOWS\system32\nopasopa.dll ()
    O21 - SSODL: gudinekiw - {3cdbee6e-07c5-46f8-961e-1750ec2fa917} - C:\WINDOWS\System32\mehadafa.dll File not found
    O21 - SSODL: porolafeb - {af82706a-9017-4521-9ec1-6fd920905ab6} - C:\WINDOWS\System32\zikeyame.dll File not found
    O21 - SSODL: sadanased - {c88aa053-9552-4ae4-b30e-1d05a9896f12} - C:\WINDOWS\System32\wavafiyo.dll File not found
    O21 - SSODL: wobinuneb - {a66a2480-865f-45ca-bae1-17f814ed382a} - C:\WINDOWS\System32\tunayiri.dll File not found
    O22 - SharedTaskScheduler: {3cdbee6e-07c5-46f8-961e-1750ec2fa917} - kupuhivus - C:\WINDOWS\System32\mehadafa.dll File not found
    O22 - SharedTaskScheduler: {99edeae8-e09c-4bd1-8d74-4db941f657c4} - jugezatag - C:\WINDOWS\system32\nopasopa.dll ()
    O22 - SharedTaskScheduler: {a66a2480-865f-45ca-bae1-17f814ed382a} - jugezatag - C:\WINDOWS\System32\tunayiri.dll File not found
    O22 - SharedTaskScheduler: {af82706a-9017-4521-9ec1-6fd920905ab6} - jugezatag - C:\WINDOWS\System32\zikeyame.dll File not found
    O22 - SharedTaskScheduler: {c88aa053-9552-4ae4-b30e-1d05a9896f12} - tokatiluy - C:\WINDOWS\System32\wavafiyo.dll File not found
    O22 - SharedTaskScheduler: {ebf46ab2-5762-45ed-a4f2-76f95929d3d1} - jugezatag - C:\WINDOWS\System32\nulahovo.dll File not found
    O33 - MountPoints2\{5d84f402-1a93-11dc-af89-001302530772}\Shell\Auto\command - "" = F:\boot.exe -- File not found
    O33 - MountPoints2\{5d84f402-1a93-11dc-af89-001302530772}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b0bdf184-eb8b-11db-af68-001302530772}\Shell - "" = AutoRun
    O33 - MountPoints2\{b0bdf184-eb8b-11db-af68-001302530772}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b0bdf184-eb8b-11db-af68-001302530772}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{d1dd7adf-1be4-11dc-af8b-001302530772}\Shell - "" = AutoRun
    O33 - MountPoints2\{d1dd7adf-1be4-11dc-af8b-001302530772}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d1dd7adf-1be4-11dc-af8b-001302530772}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{d1dd7ae0-1be4-11dc-af8b-001302530772}\Shell\Auto\command - "" = boot.exe
    O33 - MountPoints2\{d1dd7ae0-1be4-11dc-af8b-001302530772}\Shell\AutoRun - "" = Auto&Play
    
    :Files
    C:\WINDOWS\system32\nopasopa.dll
    C:\WINDOWS\system32\netipohi.dll
    C:\WINDOWS\System32\yiliyawu.dll
    C:\WINDOWS\System32\nopasopa.dll
    C:\WINDOWS\System32\sosilega.dll
    C:\WINDOWS\System32\netipohi.dll
    C:\WINDOWS\System32\gogolaka.dll
    C:\WINDOWS\System32\dukugiki.dll
    C:\WINDOWS\System32\jifuharu.dll
    [:\WINDOWS\System32\fozovinu.dll
    C:\WINDOWS\System32\lafidibe
    C:\WINDOWS\tasks\urwlunxu.job
    C:\WINDOWS\tasks\myypzelo.job
    C:\WINDOWS\tasks\ebofgzhc.job
    C:\WINDOWS\tasks\cnisfoyr.job
    C:\WINDOWS\System32\yiliyawu.dll
    C:\WINDOWS\System32\nopasopa.dll
    C:\WINDOWS\System32\sosilega.dll
    C:\WINDOWS\System32\netipohi.dll
    C:\WINDOWS\System32\gogolaka.dll
    C:\WINDOWS\System32\dukugiki.dll
    C:\WINDOWS\System32\jifuharu.dll
    C:\WINDOWS\System32\fozovinu.dll
    C:\WINDOWS\tasks\urwlunxu.job
    C:\WINDOWS\System32\nerefone.dll
    C:\WINDOWS\System32\johuwepu.dll
    C:\WINDOWS\System32\pilerana.dll
    C:\WINDOWS\System32\puzuduju.dll
    C:\WINDOWS\System32\farolafo.dll
    C:\WINDOWS\System32\rahohipa.dll
    C:\WINDOWS\System32\fapimana.dll
    C:\WINDOWS\System32\mofesime.dll
    C:\WINDOWS\System32\yuhisona.dll
    C:\WINDOWS\System32\zuwipode.dll
    C:\WINDOWS\System32\yinehuma.dll
    C:\WINDOWS\System32\huvezopi.dll
    C:\WINDOWS\System32\lekobiga.dll
    C:\WINDOWS\System32\rugoyire.dll
    C:\WINDOWS\System32\tomiluvo.dll
    C:\WINDOWS\System32\tupejuha.dll
    C:\WINDOWS\System32\mapogiro.dll
    C:\WINDOWS\System32\suwefosa.dll
    C:\WINDOWS\System32\higesila.dll
    C:\WINDOWS\System32\zutozube.dll
    C:\WINDOWS\System32\sapuseba.dll
    C:\WINDOWS\System32\sayukemi.dll
    C:\WINDOWS\System32\hugiyawi.dll
    C:\WINDOWS\System32\zotagope.dll
    C:\WINDOWS\System32\yetamale.dll
    C:\WINDOWS\System32\nawotami.dll
    C:\WINDOWS\System32\vefejutu.dll
    C:\WINDOWS\System32\pehililu.dll
    C:\WINDOWS\System32\wurituya.dll
    C:\WINDOWS\System32\pohulomo.dll
    C:\WINDOWS\System32\gayuhiyu.dll
    C:\WINDOWS\System32\jifopufo.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#13 drunkluck

drunkluck
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 13 January 2010 - 08:30 PM

Here is the log that came up after the reboot. Should I try to run GMER again? I'm still getting popups and symantec just found a risk called packed.generic.205, I haven't seen that one before.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\degejibaf deleted successfully.
File C:\WINDOWS\System32\yiliyawu.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fukisukih deleted successfully.
C:\WINDOWS\system32\nopasopa.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\nopasopa.dll deleted successfully.
File C:\WINDOWS\system32\nopasopa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:netipohi.dll deleted successfully.
C:\WINDOWS\system32\netipohi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\domewewab deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebf46ab2-5762-45ed-a4f2-76f95929d3d1}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gomagored not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99edeae8-e09c-4bd1-8d74-4db941f657c4}\ not found.
File C:\WINDOWS\system32\nopasopa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gudinekiw deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cdbee6e-07c5-46f8-961e-1750ec2fa917}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\porolafeb deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af82706a-9017-4521-9ec1-6fd920905ab6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\sadanased deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c88aa053-9552-4ae4-b30e-1d05a9896f12}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\wobinuneb deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a66a2480-865f-45ca-bae1-17f814ed382a}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3cdbee6e-07c5-46f8-961e-1750ec2fa917} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cdbee6e-07c5-46f8-961e-1750ec2fa917}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{99edeae8-e09c-4bd1-8d74-4db941f657c4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99edeae8-e09c-4bd1-8d74-4db941f657c4}\ not found.
File C:\WINDOWS\system32\nopasopa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{a66a2480-865f-45ca-bae1-17f814ed382a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a66a2480-865f-45ca-bae1-17f814ed382a}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{af82706a-9017-4521-9ec1-6fd920905ab6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af82706a-9017-4521-9ec1-6fd920905ab6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{c88aa053-9552-4ae4-b30e-1d05a9896f12} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c88aa053-9552-4ae4-b30e-1d05a9896f12}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{ebf46ab2-5762-45ed-a4f2-76f95929d3d1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebf46ab2-5762-45ed-a4f2-76f95929d3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d84f402-1a93-11dc-af89-001302530772}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d84f402-1a93-11dc-af89-001302530772}\ not found.
File F:\boot.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d84f402-1a93-11dc-af89-001302530772}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d84f402-1a93-11dc-af89-001302530772}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0bdf184-eb8b-11db-af68-001302530772}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0bdf184-eb8b-11db-af68-001302530772}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0bdf184-eb8b-11db-af68-001302530772}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0bdf184-eb8b-11db-af68-001302530772}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0bdf184-eb8b-11db-af68-001302530772}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0bdf184-eb8b-11db-af68-001302530772}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1dd7adf-1be4-11dc-af8b-001302530772}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1dd7adf-1be4-11dc-af8b-001302530772}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1dd7adf-1be4-11dc-af8b-001302530772}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1dd7adf-1be4-11dc-af8b-001302530772}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1dd7adf-1be4-11dc-af8b-001302530772}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1dd7adf-1be4-11dc-af8b-001302530772}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1dd7ae0-1be4-11dc-af8b-001302530772}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1dd7ae0-1be4-11dc-af8b-001302530772}\ not found.
File boot.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1dd7ae0-1be4-11dc-af8b-001302530772}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1dd7ae0-1be4-11dc-af8b-001302530772}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\nopasopa.dll not found.
File\Folder C:\WINDOWS\system32\netipohi.dll not found.
File\Folder C:\WINDOWS\System32\yiliyawu.dll not found.
File\Folder C:\WINDOWS\System32\nopasopa.dll not found.
File\Folder C:\WINDOWS\System32\sosilega.dll not found.
File\Folder C:\WINDOWS\System32\netipohi.dll not found.
C:\WINDOWS\System32\gogolaka.dll moved successfully.
C:\WINDOWS\System32\dukugiki.dll moved successfully.
C:\WINDOWS\System32\jifuharu.dll moved successfully.
File\Folder [:\WINDOWS\System32\fozovinu.dll not found.
C:\WINDOWS\System32\lafidibe moved successfully.
File\Folder C:\WINDOWS\tasks\urwlunxu.job not found.
C:\WINDOWS\tasks\myypzelo.job moved successfully.
C:\WINDOWS\tasks\ebofgzhc.job moved successfully.
C:\WINDOWS\tasks\cnisfoyr.job moved successfully.
File\Folder C:\WINDOWS\System32\yiliyawu.dll not found.
File\Folder C:\WINDOWS\System32\nopasopa.dll not found.
File\Folder C:\WINDOWS\System32\sosilega.dll not found.
File\Folder C:\WINDOWS\System32\netipohi.dll not found.
File\Folder C:\WINDOWS\System32\gogolaka.dll not found.
File\Folder C:\WINDOWS\System32\dukugiki.dll not found.
File\Folder C:\WINDOWS\System32\jifuharu.dll not found.
C:\WINDOWS\System32\fozovinu.dll moved successfully.
File\Folder C:\WINDOWS\tasks\urwlunxu.job not found.
C:\WINDOWS\System32\nerefone.dll moved successfully.
C:\WINDOWS\System32\johuwepu.dll moved successfully.
C:\WINDOWS\System32\pilerana.dll moved successfully.
C:\WINDOWS\System32\puzuduju.dll moved successfully.
C:\WINDOWS\System32\farolafo.dll moved successfully.
C:\WINDOWS\System32\rahohipa.dll moved successfully.
C:\WINDOWS\System32\fapimana.dll moved successfully.
C:\WINDOWS\System32\mofesime.dll moved successfully.
C:\WINDOWS\System32\yuhisona.dll moved successfully.
C:\WINDOWS\System32\zuwipode.dll moved successfully.
C:\WINDOWS\System32\yinehuma.dll moved successfully.
C:\WINDOWS\System32\huvezopi.dll moved successfully.
C:\WINDOWS\System32\lekobiga.dll moved successfully.
C:\WINDOWS\System32\rugoyire.dll moved successfully.
C:\WINDOWS\System32\tomiluvo.dll moved successfully.
C:\WINDOWS\System32\tupejuha.dll moved successfully.
C:\WINDOWS\System32\mapogiro.dll moved successfully.
C:\WINDOWS\System32\suwefosa.dll moved successfully.
C:\WINDOWS\System32\higesila.dll moved successfully.
C:\WINDOWS\System32\zutozube.dll moved successfully.
C:\WINDOWS\System32\sapuseba.dll moved successfully.
C:\WINDOWS\System32\sayukemi.dll moved successfully.
C:\WINDOWS\System32\hugiyawi.dll moved successfully.
C:\WINDOWS\System32\zotagope.dll moved successfully.
C:\WINDOWS\System32\yetamale.dll moved successfully.
C:\WINDOWS\System32\nawotami.dll moved successfully.
C:\WINDOWS\System32\vefejutu.dll moved successfully.
C:\WINDOWS\System32\pehililu.dll moved successfully.
C:\WINDOWS\System32\wurituya.dll moved successfully.
C:\WINDOWS\System32\pohulomo.dll moved successfully.
C:\WINDOWS\System32\gayuhiyu.dll moved successfully.
C:\WINDOWS\System32\jifopufo.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Elijah P
->Temp folder emptied: 11286602 bytes
->Temporary Internet Files folder emptied: 9535017 bytes
->Java cache emptied: 61632411 bytes
->Google Chrome cache emptied: 557424 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2935332 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 191331 bytes

User: N P
->Temp folder emptied: 6298924 bytes
->Temporary Internet Files folder emptied: 409062271 bytes
->Java cache emptied: 43793802 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4015121 bytes
Windows Temp folder emptied: 138923031 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 45322 bytes
RecycleBin emptied: 4143998129 bytes

Total Files Cleaned = 4,608.00 mb


OTL by OldTimer - Version 3.1.22.0 log created on 01132010_194908

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\System32\jilehobe.dll.tmp not found!
File\Folder C:\WINDOWS\System32\lutolazu.dll.tmp not found!
File\Folder C:\WINDOWS\System32\movoyari.dll.tmp not found!
File\Folder C:\WINDOWS\System32\palufiye.dll.tmp not found!
File\Folder C:\WINDOWS\System32\rifabana.dll.tmp not found!
File\Folder C:\WINDOWS\System32\teruvobi.dll.tmp not found!
File\Folder C:\WINDOWS\System32\vawakoto.dll.tmp not found!
File\Folder C:\WINDOWS\System32\yokipeze.dll.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_624.dat not found!
File\Folder C:\WINDOWS\temp\tmp6.dll not found!
File\Folder C:\WINDOWS\temp\tmp7.dll not found!

Registry entries deleted on Reboot...

Edited by drunkluck, 13 January 2010 - 09:06 PM.


#14 drunkluck

drunkluck
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 14 January 2010 - 04:55 PM

Okay, more problems, now Windows will only start in safe mode. If I restart, it tries to open windows but a blue screen flashes then it goes to the safe mode menu. The blue screen flashes way too fast to see what it says. If I select safe mode then a bunch of commands scroll through, then at the the bottom it says "press esc to cancel loading SPTD.sys"
If I don't press anything it flashes the blue screen and goes back to the safe mode menu. If I do press esc then it loads windows in safe mode. It won't recognize an external drive when I plug it in to try and pull info off before it crashes completely.

Am I just completely screwed, or can I still salvage this? Am I better off just formatting and doing a clean install? I was thinking about upgrading to windows 7 anyway.

#15 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:07:26 AM

Posted 15 January 2010 - 01:24 PM

Hi drunkluck,

Its up to you. If you want to reformat then you can. If you want to try to get this cleaned up we can. If you are going to upgrade to windows 7, I would recommend a reformat then.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users