Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/search redirect malware (Vundo?)


  • This topic is locked This topic is locked
11 replies to this topic

#1 Andrew Vostro

Andrew Vostro

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 21 May 2010 - 01:58 PM

My computer is infected with malware, and I don't know how to remove it. The problem began from my desktop, when I started to receive pop-ups for sites like "porn.com" and others. Then, several "error messages" came up, and I was prompted to purchase a fake antispyware tool online. I installed and ran Malwarebytes' Anti-Malware tool. This stopped the pop-ups from my desktop, the "error messages," and the prompts to buy antispyware software.

However, now when I click on a link from a search (Google) I am often redirected to another random advertising site. Apparently I did not remove all of the malware on my computer. Can someone please help me finish the job?

Below is my DDS report:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Nina Versnel at 20:41:58.42 on Thu 05/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1600 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\lxdkcoms.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 5300 Series\lxdkmon.exe
C:\Program Files\Lexmark 5300 Series\lxdkamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nina Versnel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080513
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080513
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AOL Fast Start] "c:\program files\aol 9.0\AOL.EXE" -b
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [FaxCenterServer] "c:\program files\\lexmark fax solutions\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [lxdkmon.exe] "c:\program files\lexmark 5300 series\lxdkmon.exe"
mRun: [lxdkamon] "c:\program files\lexmark 5300 series\lxdkamon.exe"
mRun: [Lexmark 5300 Series Fax Server] "c:\program files\lexmark 5300 series\fm3032.exe" /s
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.163.17,93.188.166.234
TCP: {7669DCB0-0438-4007-9870-AC9AE9EE6ED8} = 93.188.163.17,93.188.166.234
TCP: {D34E69EF-0C72-4C4D-B9DD-2971FFE057D5} = 93.188.163.17,93.188.166.234
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R?2 MSIU-f5d44025;MSIU-f5d44025;c:\windows\system32\-f5d44025.exe [2010-5-18 86528]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe -service --> c:\windows\system32\lxdkcoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-20 24652]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2008-9-21 99248]
S2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdkserv.exe [2009-10-11 99248]
S2 MSIU-f36decbb;MSIU-f36decbb;c:\windows\system32\-f36decbb.exe [2010-5-18 86528]

=============== Created Last 30 ================

2010-05-21 01:01:02 0 ----a-w- c:\documents and settings\nina versnel\defogger_reenable
2010-05-18 22:59:03 86528 ----a-w- c:\windows\system32\-f36decbb.exe
2010-05-18 21:24:58 0 d-----w- c:\docume~1\ninave~1\applic~1\Malwarebytes
2010-05-18 20:44:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 20:44:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-18 20:44:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-18 20:44:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 20:35:59 0 d-----w- C:\spoolerlogs
2010-05-18 20:35:52 86528 ----a-w- c:\windows\system32\-f5d44025.exe
2010-05-18 19:53:48 0 d-----w- c:\windows\system32\scripting
2010-05-18 19:53:48 0 d-----w- c:\windows\system32\en
2010-05-18 19:53:48 0 d-----w- c:\windows\system32\bits
2010-05-18 19:53:48 0 d-----w- c:\windows\l2schemas
2010-05-18 19:49:57 0 d-----w- c:\windows\network diagnostic
2010-05-18 19:45:36 0 d-----w- c:\windows\EHome
2010-05-18 17:52:37 0 d-sh--w- c:\documents and settings\nina versnel\PrivacIE
2010-05-18 17:42:01 0 d-----w- c:\windows\system32\LogFiles
2010-05-18 17:41:33 0 d-sh--w- c:\documents and settings\nina versnel\IETldCache
2010-05-18 17:35:13 0 dc-h--w- c:\windows\ie8

==================== Find3M ====================


============= FINISH: 20:42:28.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 21 May 2010 - 04:40 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Andrew Vostro

Andrew Vostro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 22 May 2010 - 10:38 PM

Hi Gringo,

I carefully followed the Combofix guide, and I downloaded and installed Combofix. However, I cannot run Combofix. I have tried double-clicking the desktop icon and running as an administrator. On the first attempt, a small grey progress bar pops up, loads to completion, then disappears and nothing happens. If I try to double-click again to run Combofix, an error message pops up reading "Some files could not be created. Please close all applications, reboot Windows and restart this installation." I have attempted this, but I get the same results.

Any thoughts?



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 22 May 2010 - 11:05 PM

greetings

please delete the combofix you have now and do the following and let me know what happens

Rename combofix:

Please download Combofix from one of these locations:
    Link 1
    Link 2
    Link 3

    You must rename it before saving it... Rename it: Gringo . See images below. Save it to your desktop.




    Please disable any Antivirus and Firewall you have active, as shown in this topic. Please close all open application windows.

    Double click on Gringo & follow the prompts.
      Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
      Do Not touch your computer when ComboFix is running!
    When finished,Notepad will open and ComboxFix will produce a log file.
    Please copy/paste the contents of this log in your next reply.


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Andrew Vostro

Andrew Vostro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 23 May 2010 - 05:19 PM

I tried reinstalling and saving as "Gringo" on my desktop, but I got the exact same results as I described in my last post.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 23 May 2010 - 05:35 PM

Greetings

Ok lets try to go into a diferent direction

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please post the two logs created

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Andrew Vostro

Andrew Vostro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 25 May 2010 - 10:57 AM

OTL logfile created on: 5/24/2010 10:18:54 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Nina Versnel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 78.17 Gb Free Space | 71.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 213.55 Gb Free Space | 91.70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NINA
Current User Name: Nina Versnel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Nina Versnel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files\Lexmark 5300 Series\lxdkmon.exe ()
PRC - C:\WINDOWS\system32\lxdkcoms.exe ( )
PRC - C:\WINDOWS\system32\lxdicoms.exe ( )
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Lexmark 5300 Series\lxdkamon.exe ()
PRC - C:\Program Files\Dell Network Assistant\ezi_hnm2.exe (SingleClick Systems)
PRC - C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Nina Versnel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)


========== Win32 Services (SafeList) ==========

SRV - (MSIU-f5d44025) -- C:\WINDOWS\system32\-f5d44025.exe ()
SRV - (MSIU-f36decbb) -- C:\WINDOWS\system32\-f36decbb.exe ()
SRV - (GoogleDesktopManager-010708-104812) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (lxdk_device) -- C:\WINDOWS\System32\lxdkcoms.exe ( )
SRV - (lxdkCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe ()
SRV - (lxdi_device) -- C:\WINDOWS\System32\lxdicoms.exe ( )
SRV - (lxdiCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe ()
SRV - (hnmsvc) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (CamDrL) Logitech QuickCam Pro 3000(CamDrl) -- C:\WINDOWS\system32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (DXEC02) -- C:\WINDOWS\system32\drivers\dxec02.sys (Knowles Acoustics)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080513
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080513


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080513
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080513
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080513
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080513
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1461426070-1359223037-3625637383-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080513
IE - HKU\S-1-5-21-1461426070-1359223037-3625637383-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKU\S-1-5-21-1461426070-1359223037-3625637383-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1461426070-1359223037-3625637383-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1461426070-1359223037-3625637383-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-1461426070-1359223037-3625637383-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1461426070-1359223037-3625637383-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1461426070-1359223037-3625637383-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Lexmark 5300 Series Fax Server] C:\Program Files\Lexmark 5300 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [lxdkamon] C:\Program Files\Lexmark 5300 Series\lxdkamon.exe ()
O4 - HKLM..\Run: [lxdkmon.exe] C:\Program Files\Lexmark 5300 Series\lxdkmon.exe ()
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1461426070-1359223037-3625637383-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1461426070-1359223037-3625637383-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.166.105 93.188.161.105 1.2.3.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.17,93.188.166.234
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Nina Versnel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nina Versnel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:15:50 | 000,000,118 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{686614d2-5147-11dd-a0d9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{686614d2-5147-11dd-a0d9-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/24 10:17:59 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nina Versnel\Desktop\OTL.exe
[2010/05/24 10:17:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/24 10:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/24 10:16:18 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Nina Versnel\Desktop\erunt-setup.exe
[2010/05/23 17:13:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/23 17:08:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nina Versnel\IECompatCache
[2010/05/22 14:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nina Versnel\Desktop\iPod Photo Cache
[2010/05/21 10:49:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/20 20:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nina Versnel\Desktop\gmer
[2010/05/18 17:58:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/18 16:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nina Versnel\Application Data\Malwarebytes
[2010/05/18 15:44:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/18 15:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/18 15:44:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/18 15:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/18 15:35:59 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/05/18 14:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/05/18 14:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/05/18 14:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/05/18 14:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/05/18 14:49:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/05/18 14:45:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/05/18 14:45:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/05/18 12:52:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nina Versnel\PrivacIE
[2010/05/18 12:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/05/18 12:41:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nina Versnel\IETldCache
[2010/05/18 12:35:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/17 20:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nina Versnel\Local Settings\Application Data\wwmfvuhxm
[2010/04/29 17:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nina Versnel\My Documents\May-JuneCalendar'10
[2009/10/11 22:15:00 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkserv.dll
[2009/10/11 22:15:00 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkusb1.dll
[2009/10/11 22:15:00 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkhcp.dll
[2009/10/11 22:15:00 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkinpa.dll
[2009/10/11 22:15:00 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkiesc.dll
[2009/10/11 22:14:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkpmui.dll
[2009/10/11 22:14:59 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdklmpm.dll
[2009/10/11 22:14:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkprox.dll
[2009/10/11 22:14:57 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkhbn3.dll
[2009/10/11 22:14:56 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkcomc.dll
[2009/10/11 22:14:56 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkcomm.dll
[2008/09/21 17:20:48 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2008/09/21 17:20:48 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2008/09/21 17:20:48 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2008/09/21 17:20:48 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2008/09/21 17:20:47 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2008/09/21 17:20:47 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2008/09/21 17:20:47 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2008/09/21 17:20:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2008/09/21 17:20:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/09/21 17:20:45 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2008/09/21 17:20:44 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2008/09/21 17:20:44 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/24 10:18:03 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nina Versnel\Desktop\OTL.exe
[2010/05/24 10:16:59 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\Desktop\NTREGOPT.lnk
[2010/05/24 10:16:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\Desktop\ERUNT.lnk
[2010/05/24 10:16:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Nina Versnel\Desktop\erunt-setup.exe
[2010/05/24 09:55:24 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2010/05/24 09:55:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/24 09:55:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/24 09:55:15 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 17:20:43 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Nina Versnel\NTUSER.DAT
[2010/05/23 17:20:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nina Versnel\ntuser.ini
[2010/05/23 17:12:50 | 003,695,864 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\Desktop\Gringo.exe
[2010/05/23 17:04:35 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/22 22:27:17 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/22 22:27:17 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/22 22:27:17 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/22 12:50:39 | 000,574,836 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\Desktop\combofix instructions.xps
[2010/05/20 20:51:59 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\Desktop\gmer.zip
[2010/05/20 20:02:17 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\Desktop\dds.scr
[2010/05/20 20:01:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\defogger_reenable
[2010/05/20 20:00:25 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\Desktop\Defogger.exe
[2010/05/18 18:01:43 | 000,038,888 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/18 18:01:04 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/18 17:59:19 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\Desktop\Windows Media Player.lnk
[2010/05/18 17:59:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 17:58:26 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/18 15:35:52 | 000,086,528 | ---- | M] () -- C:\WINDOWS\System32\-f5d44025.exe
[2010/05/18 15:35:52 | 000,086,528 | ---- | M] () -- C:\WINDOWS\System32\-f36decbb.exe
[2010/05/18 14:49:37 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/17 20:28:49 | 000,059,648 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\Local Settings\Application Data\syssvc.exe
[2010/04/29 17:42:27 | 000,172,042 | ---- | M] () -- C:\Documents and Settings\Nina Versnel\My Documents\May-JuneCalendar'10.zip
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 10:16:59 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\Desktop\NTREGOPT.lnk
[2010/05/24 10:16:59 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\Desktop\ERUNT.lnk
[2010/05/23 17:12:50 | 003,695,864 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\Desktop\Gringo.exe
[2010/05/22 22:21:26 | 000,202,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/22 12:50:36 | 000,574,836 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\Desktop\combofix instructions.xps
[2010/05/20 20:30:49 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\Desktop\gmer.zip
[2010/05/20 20:02:14 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\Desktop\dds.scr
[2010/05/20 20:01:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\defogger_reenable
[2010/05/20 20:00:29 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\Desktop\Defogger.exe
[2010/05/18 17:59:19 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\Desktop\Windows Media Player.lnk
[2010/05/18 17:59:03 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\-f36decbb.exe
[2010/05/18 15:35:52 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\-f5d44025.exe
[2010/05/17 20:28:34 | 000,059,648 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\Local Settings\Application Data\syssvc.exe
[2010/04/29 17:42:25 | 000,172,042 | ---- | C] () -- C:\Documents and Settings\Nina Versnel\My Documents\May-JuneCalendar'10.zip
[2009/10/11 22:18:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdkvs.dll
[2009/10/11 22:18:53 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdkcoin.dll
[2009/10/11 22:18:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdkcaps.dll
[2009/10/11 22:18:25 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdkdrs.dll
[2009/10/11 22:18:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdkcnv4.dll
[2009/10/11 22:17:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDKPMON.DLL
[2009/10/11 22:17:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDKFXPU.DLL
[2009/10/11 22:17:33 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdkoem.dll
[2009/10/11 22:15:14 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdkrwrd.ini
[2009/10/11 22:15:01 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdkinst.dll
[2009/10/11 22:14:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdkgrd.dll
[2008/09/21 17:26:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2008/09/21 17:26:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2008/09/21 17:23:46 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2008/09/21 17:23:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2008/09/21 17:23:45 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2008/09/21 17:23:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2008/09/21 17:23:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2008/09/21 17:23:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2008/09/21 17:23:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2008/09/21 17:21:03 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2008/09/21 17:20:49 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2008/09/21 17:20:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2008/06/27 19:25:19 | 000,955,203 | ---- | C] () -- C:\WINDOWS\I2E.ini
[2008/05/13 11:03:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/13 10:58:54 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/05/13 10:57:09 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/05/13 10:55:35 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/05/13 10:55:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/13 10:50:53 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/13 10:50:52 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/13 10:26:21 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/13 10:26:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/05/13 10:26:19 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/05/13 10:24:54 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/05/17 14:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/05/17 14:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 12:51:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 12:51:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 12:51:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 12:51:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
< End of report >



OTL Extras logfile created on: 5/24/2010 10:18:54 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Nina Versnel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 78.17 Gb Free Space | 71.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 213.55 Gb Free Space | 91.70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NINA
Current User Name: Nina Versnel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1211171831\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1211171831\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 3500-4500 Series\App4R.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe" = C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software -- ()
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\lxdkcoms.exe" = C:\WINDOWS\system32\lxdkcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 5300 Series\lxdkamon.exe" = C:\Program Files\Lexmark 5300 Series\lxdkamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 5300 Series\frun.exe" = C:\Program Files\Lexmark 5300 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Lexmark 5300 Series\LXDKFax.exe" = C:\Program Files\Lexmark 5300 Series\LXDKFax.exe:*:Enabled:Fax software -- ()
"C:\Program Files\Lexmark 5300 Series\lxdkmon.exe" = C:\Program Files\Lexmark 5300 Series\lxdkmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdkpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdkpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdktime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdktime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdkjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdkjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Lexmark 5300 Series" = Lexmark 5300 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photo Finale_is1" = Photo Finale 4
"SearchAssist" = SearchAssist
"SynTPDeinstKey" = Dell Touchpad
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2010 4:36:03 PM | Computer Name = NINA | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.2696, faulting
module unknown, version 0.0.0.0, fault address 0x017219fe.

Error - 5/22/2010 1:54:19 PM | Computer Name = NINA | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x0001066c.

Error - 5/22/2010 1:54:27 PM | Computer Name = NINA | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x0001066c.

Error - 5/22/2010 11:13:29 PM | Computer Name = NINA | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x0001066c.

Error - 5/22/2010 11:13:44 PM | Computer Name = NINA | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x0001066c.

Error - 5/22/2010 11:24:39 PM | Computer Name = NINA | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x0001066c.

Error - 5/22/2010 11:25:05 PM | Computer Name = NINA | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x0001066c.

[ System Events ]
Error - 5/24/2010 10:55:55 AM | Computer Name = NINA | Source = Service Control Manager | ID = 7000
Description = The lxdiCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 5/24/2010 10:55:55 AM | Computer Name = NINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdkCATSCustConnectService
service to connect.

Error - 5/24/2010 10:55:55 AM | Computer Name = NINA | Source = Service Control Manager | ID = 7000
Description = The lxdkCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 5/24/2010 10:55:55 AM | Computer Name = NINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MSIU-f36decbb service
to connect.

Error - 5/24/2010 10:57:21 AM | Computer Name = NINA | Source = Service Control Manager | ID = 7034
Description = The MSIU-f5d44025 service terminated unexpectedly. It has done this
1 time(s).

Error - 5/24/2010 11:00:31 AM | Computer Name = NINA | Source = NetBT | ID = 4321
Description = The name "SCHARF :0" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.102 did
not allow the name to be claimed by this machine.

Error - 5/24/2010 11:00:50 AM | Computer Name = NINA | Source = NetBT | ID = 4321
Description = The name "ASCHARF :0" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.123 did
not allow the name to be claimed by this machine.

Error - 5/24/2010 11:02:26 AM | Computer Name = NINA | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/24/2010 11:15:21 AM | Computer Name = NINA | Source = NetBT | ID = 4321
Description = The name "SCHARF :0" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.102 did
not allow the name to be claimed by this machine.

Error - 5/24/2010 11:15:40 AM | Computer Name = NINA | Source = NetBT | ID = 4321
Description = The name "ASCHARF :0" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.123 did
not allow the name to be claimed by this machine.


< End of report >


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 25 May 2010 - 06:05 PM

Greetings

Please run the following

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Andrew Vostro

Andrew Vostro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 26 May 2010 - 12:22 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4145

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/26/2010 12:21:42 PM
mbam-log-2010-05-26 (12-21-42).txt

Scan type: Quick scan
Objects scanned: 123458
Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiu-f36decbb (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiu-f5d44025 (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7669dcb0-0438-4007-9870-ac9ae9ee6ed8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7669dcb0-0438-4007-9870-ac9ae9ee6ed8}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.17,93.188.166.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d34e69ef-0c72-4c4d-b9dd-2971ffe057d5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.163.17,93.188.166.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d34e69ef-0c72-4c4d-b9dd-2971ffe057d5}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.17,93.188.166.234 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.17,93.188.166.234 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Nina Versnel\Local Settings\Application Data\syssvc.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\C9317g.tmp (Malware.Packer.Gen) -> Delete on reboot.
C:\WINDOWS\Temp\Q5w5u5.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\S3e79k.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\S9e179.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\UO1o93.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\Y79o1o.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\YWSKU3.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\a93e7a3k.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\aA3kUOCE.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oC5sK55g.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uOCE5aA5.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\w317g3i7.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\-f36decbb.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\-f5d44025.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\C31uO317i.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ5w5.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\KUO3oC.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\M17w3uO9.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\M7931o.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\MYW1793.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\QGMY793.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\UOC17u3.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\YW317gM.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\gMY93o7o.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\k79gM7.dll (Trojan.Dropper.Gen) -> Delete on reboot.
C:\WINDOWS\system32\spool\prtprocs\w32x86\kUOCEIQ.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\m317931iQ.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 26 May 2010 - 04:05 PM

ok now see if you can run conbofix



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 29 May 2010 - 02:32 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 01 June 2010 - 04:23 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users