Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The application or DLL C:\WINDOWS\system32\kbdit14232.dll is not a valid windows image.


  • Please log in to reply
16 replies to this topic

#1 monsterbob

monsterbob

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:06:50 PM

Posted 24 July 2010 - 10:14 PM

Am I Infected? What Do I Do? link


OTL logfile created on: 7/25/2010 10:55:51 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 1 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 147.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37.26 Gb Total Space | 27.94 Gb Free Space | 74.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPLABATHLON
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/25 10:21:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/06/29 10:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


========== Modules (SafeList) ==========

MOD - [2010/07/25 10:21:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2005/03/25 20:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2005/03/25 20:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx
MOD - [2005/03/25 02:29:42 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_0213CDC8\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\xmlprov.dll -- (xmlprov)
SRV:64bit: - File not found [Auto | Running] -- C:\WINDOWS\SysNative\wzcsvc.dll -- (WZCSVC)
SRV:64bit: - File not found [Auto | Stopped] -- C:\WINDOWS\SysNative\wuauserv.dll -- (wuauserv)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\advapi32.dll -- (Wmi)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ups.exe -- (UPS)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\wdfmgr.exe -- (UMWdf)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - File not found [Auto | Stopped] -- C:\WINDOWS\SysNative\smlogsvc.exe -- (SysmonLog)
SRV:64bit: - File not found [Auto | Running] -- C:\WINDOWS\SysNative\srsvc.dll -- (srservice)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\SCardSvr.exe -- (SCardSvr)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\sessmgr.exe -- (RDSessMgr)
SRV:64bit: - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (PlugPlay)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDEdsdm)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDE)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\mnmsrvc.exe -- (mnmsrvc)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\msgsvc.dll -- (Messenger)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\imapi.exe -- (ImapiService)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\w3ssl.dll -- (HTTPFilter)
SRV:64bit: - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (Eventlog)
SRV:64bit: - File not found [Auto | Stopped] -- C:\WINDOWS\SysNative\ersvc.dll -- (ERSvc)
SRV:64bit: - File not found [Auto | Running] -- C:\WINDOWS\SysNative\dmserver.dll -- (dmserver)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\dmadmin.exe -- (dmadmin)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\clipsrv.exe -- (ClipSrv)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\cisvc.exe -- (CiSvc)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\alrsvc.dll -- (Alerter)
SRV - [2010/07/15 05:44:50 | 000,057,608 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns111.exe -- (ResultDns Service)
SRV - [2007/06/29 01:31:00 | 000,429,056 | ---- | M] (Faronics Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DF5Serv.exe -- (DF5Serv)
SRV - [2005/03/25 20:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)
SRV - [2005/03/25 20:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2005/03/25 20:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wdmaud.sys -- (wdmaud)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ac97via.sys -- (VIAudio)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\update.sys -- (Update)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sysaudio.sys -- (sysaudio)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\swmidi.sys -- (swmidi)
DRV:64bit: - File not found [File_System | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\sr.sys -- (sr)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\splitter.sys -- (splitter)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\redbook.sys -- (redbook)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\raspti.sys -- (Raspti)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\ptilink.sys -- (Ptilink)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\psched.sys -- (PSched)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\kmixer.sys -- (kmixer)
DRV:64bit: - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ipsec.sys -- (IPSec)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys -- (Ip6Fw)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\imapi.sys -- (imapi)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\msgpc.sys -- (Gpc)
DRV:64bit: - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\fet5a64.sys -- (FETNDISB)
DRV:64bit: - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmload.sys -- (dmload)
DRV:64bit: - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmio.sys -- (dmio)
DRV:64bit: - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\dmboot.sys -- (dmboot)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys -- (CdaD10BA)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys -- (CdaC15BA)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\audstub.sys -- (audstub)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\atmarpc.sys -- (Atmarpc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\aec.sys -- (aec)
DRV - [2009/05/26 10:05:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/05/26 10:05:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/26 10:05:52 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2005/03/25 20:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.ph
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 98 83 E2 0A 66 24 C7 40 8B 27 90 55 90 8E 38 9A [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com [2010/07/01 19:54:19 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingA6856] File not found
O4 - HKLM..\RunOnce: [SpybotDeletingC6695] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [SpybotDeletingB6821] File not found
O4 - HKCU..\RunOnce: [SpybotDeletingD2301] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdit14232.dll) - C:\WINDOWS\SysWOW64\kbdit14232.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdit32.dll) - C:\WINDOWS\SysWOW64\kbdit32.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdit3232.dll) - C:\WINDOWS\SysWOW64\kbdit3232.dll ()
O20 - AppInit_DLLs: (p507kndb32.dll) - File not found
O20 - AppInit_DLLs: (p507kndb32.dll9es8np7rxg32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dll) - C:\WINDOWS\SysWOW64\kbdla32.dll ()
O20 - AppInit_DLLs: (p507kndb32.dll9es8np7rxg32.dll8el03oc32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dll ()
O20 - AppInit_DLLs: (p507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\DfLogon: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\DfLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/01 00:37:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found
NetSvcs:64bit: DMServer - C:\WINDOWS\SysNative\dmserver.dll File not found
NetSvcs:64bit: Messenger - C:\WINDOWS\SysNative\msgsvc.dll File not found
NetSvcs:64bit: Ntmssvc - C:\WINDOWS\SysNative\ntmssvc.dll File not found
NetSvcs:64bit: SRService - C:\WINDOWS\SysNative\srsvc.dll File not found
NetSvcs:64bit: WZCSVC - C:\WINDOWS\SysNative\wzcsvc.dll File not found
NetSvcs:64bit: Wmi - C:\WINDOWS\SysNative\advapi32.dll File not found
NetSvcs:64bit: xmlprov - C:\WINDOWS\SysNative\xmlprov.dll File not found
NetSvcs:64bit: wuauserv - C:\WINDOWS\SysNative\wuauserv.dll File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/25 10:48:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/20 11:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/07/19 09:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2010/07/16 18:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb
[2010/07/16 17:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/07/16 17:19:53 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/16 17:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/07/16 17:08:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2010/07/16 17:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/16 17:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/16 15:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/16 10:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/16 10:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/07/16 10:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/07/16 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/07/15 13:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResultDns
[2010/07/15 13:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ResultDns
[2010/07/15 12:42:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/07/12 08:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LimeWire
[2010/07/12 08:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2010/07/12 08:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[2010/07/06 19:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/07/06 19:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/07/02 18:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Doc Converter
[2010/07/02 14:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010/07/02 13:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010/07/02 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/07/02 13:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/02 13:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/02 13:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/07/02 13:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/07/02 13:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect
[2010/07/02 13:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PDF reDirect
[2010/07/02 13:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF reDirect
[2010/07/02 13:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Meeting Timer
[2010/07/02 13:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Meeting Timer
[2010/07/02 12:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2010/07/02 12:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Smart PDF Creator
[2010/07/02 12:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Smart PDF Creator
[2010/07/01 19:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutocompletePro
[2010/07/01 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Falco GIF Animator
[2010/06/29 17:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/06/29 16:06:32 | 000,000,000 | ---D | C] -- C:\3
[2010/06/29 13:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Nero and DVD
[2010/06/29 13:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\OFFICE2003
[2010/06/29 12:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2010/06/29 12:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Disk Security
[2010/06/29 12:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Philipp Winterberg
[2010/06/29 12:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free RAR Extract Frog
[2010/06/28 18:30:31 | 000,000,000 | ---D | C] -- C:\logs
[2010/06/28 18:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\ChikkaDefault
[2010/06/28 18:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chikka Messenger
[2010/06/27 14:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2010/06/27 13:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/06/27 12:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/27 12:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/27 10:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ICTED
[2010/06/25 16:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cool Flash Maker
[2010/06/21 12:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\2
[2010/06/21 12:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioShell
[2010/06/21 12:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\1
[2010/06/21 12:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Gain
[2010/06/12 09:18:33 | 000,000,000 | ---D | C] -- C:\C 3033
[2010/06/10 13:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2010/06/10 12:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VeryPDF PDF Editor v2.6
[2010/06/10 12:05:48 | 000,011,264 | ---- | C] (verypdf.com Inc Software) -- C:\WINDOWS\SysWow64\pdf2k.dll
[2010/06/10 12:01:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/06/10 12:01:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2010/06/10 11:54:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/06 14:18:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/25 10:23:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/07/25 10:21:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/21 19:40:26 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/21 19:40:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/21 19:40:18 | 004,768,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/21 12:06:39 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/07/21 12:05:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/07/21 10:15:06 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GMER will open to the Rootkit.doc
[2010/07/21 10:02:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tzidex2o.exe
[2010/07/20 11:10:26 | 000,001,183 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Launch QuickScan.lnk
[2010/07/19 08:25:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/16 18:08:38 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/07/16 18:08:38 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/16 17:08:21 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 16:43:15 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/16 16:42:02 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2010/07/16 16:38:21 | 000,000,136 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/16 16:12:02 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/16 16:12:02 | 000,000,982 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/07/16 15:47:44 | 000,000,150 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/16 14:37:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-223246042-2034547969-2128330247-500UA.job
[2010/07/16 14:03:02 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/16 10:22:17 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.doc
[2010/07/16 08:48:59 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll
[2010/07/16 08:48:29 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll
[2010/07/16 08:47:59 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dll
[2010/07/16 08:47:57 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll
[2010/07/16 08:47:28 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dll
[2010/07/16 08:47:27 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll
[2010/07/16 08:46:58 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dll
[2010/07/16 08:46:56 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll
[2010/07/16 08:46:26 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll
[2010/07/16 08:45:57 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdit3232.dll
[2010/07/16 08:45:56 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdit32.dll
[2010/07/16 08:44:57 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdit14232.dll
[2010/07/15 16:37:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-223246042-2034547969-2128330247-500Core.job
[2010/07/15 12:08:07 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Saved.lnk
[2010/07/13 15:31:13 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Power Supply Fundamentals.doc
[2010/07/02 16:35:22 | 000,069,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/02 12:09:54 | 000,000,531 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/01 17:49:00 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\Administrator\OPTIONS.FIL
[2010/06/29 17:29:43 | 000,000,694 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/06/29 09:01:28 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Emergency Light w sensor.doc
[2010/06/22 12:15:02 | 000,000,395 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Music.lnk
[2010/06/19 14:40:06 | 000,008,589 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/19 14:39:55 | 000,001,769 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2010/06/14 10:51:35 | 000,000,371 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\3033.lnk
[2010/06/10 12:00:59 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/21 12:07:44 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/07/21 12:05:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/07/21 10:15:23 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tzidex2o.exe
[2010/07/21 10:15:05 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GMER will open to the Rootkit.doc
[2010/07/20 11:10:26 | 000,001,183 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Launch QuickScan.lnk
[2010/07/16 17:08:21 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 16:38:21 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/16 16:12:02 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/16 16:12:02 | 000,000,982 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/07/16 10:22:16 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.doc
[2010/07/16 08:48:59 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll
[2010/07/16 08:48:29 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll
[2010/07/16 08:47:59 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dll
[2010/07/16 08:47:57 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll
[2010/07/16 08:47:28 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dll
[2010/07/16 08:47:26 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll
[2010/07/16 08:46:58 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdla32.dll
[2010/07/16 08:46:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll
[2010/07/16 08:46:26 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll
[2010/07/16 08:45:57 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdit3232.dll
[2010/07/16 08:45:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdit32.dll
[2010/07/16 08:44:57 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdit14232.dll
[2010/07/15 12:08:07 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Saved.lnk
[2010/07/13 15:31:12 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Power Supply Fundamentals.doc
[2010/07/01 17:49:00 | 000,002,105 | ---- | C] () -- C:\Documents and Settings\Administrator\OPTIONS.FIL
[2010/06/29 09:01:28 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Emergency Light w sensor.doc
[2010/06/27 13:58:30 | 000,000,912 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/27 13:58:28 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/22 12:15:02 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Music.lnk
[2010/06/19 14:39:55 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/06/19 14:39:53 | 000,008,589 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/19 14:39:52 | 000,010,296 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2010/06/14 08:38:43 | 000,000,371 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\3033.lnk
[2010/06/10 15:49:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/06/10 12:05:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\pdfxp.dll
[2010/06/10 12:05:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SysWow64\unpdf.exe
[2010/06/10 12:02:02 | 000,000,694 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/06/10 12:00:59 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2007/02/14 08:50:16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\SysWow64\MPMapTrace.dll
[2006/12/13 16:03:14 | 000,074,240 | ---- | C] () -- C:\WINDOWS\SysWow64\zlibwapi.dll
[2006/11/14 09:51:18 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\mpPathan.dll
[2006/01/01 08:33:55 | 000,366,976 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2006/01/01 02:34:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/01 00:11:40 | 000,000,043 | ---- | C] () -- C:\WINDOWS\twin.dll
[2005/03/25 20:00:00 | 001,290,240 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2005/03/25 20:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 20:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2005/03/25 20:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 20:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2005/03/25 20:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2005/03/25 20:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2005/03/25 20:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2005/03/25 20:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 20:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2005/03/25 20:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 20:00:00 | 000,082,432 | ---- | C] () -- C:\WINDOWS\SysWow64\ieencode.dll
[2005/03/25 20:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2005/03/25 20:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2005/03/25 20:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2005/03/25 20:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 20:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 20:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/07/16 12:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2010/07/02 13:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Meeting Timer
[2010/07/02 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010/07/02 13:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDF reDirect
[2010/06/29 12:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Philipp Winterberg
[2010/07/21 09:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/07/02 12:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smart PDF Creator
[2010/07/19 08:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/02 13:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect
[2010/07/15 13:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultDns
[2010/07/16 16:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/29 18:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2010/07/16 17:55:55 | 000,031,994 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: NETLOGON.DLL >
[2005/03/25 20:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\SysWOW64\netlogon.dll
[2005/03/25 20:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\SysWOW64\netlogon.dll

< MD5 for: SCECLI.DLL >
[2005/03/25 20:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\SysWOW64\scecli.dll
[2005/03/25 20:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\SysWOW64\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



OTL Extras logfile created on: 7/25/2010 10:51:24 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 1 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 192.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37.26 Gb Total Space | 27.95 Gb Free Space | 75.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPLABATHLON
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l File not found
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files (x86)\Remote Desktop Control\apc_host.exe" = C:\Program Files (x86)\Remote Desktop Control\apc_host.exe:*:Enabled:Remote Desktop Control, RDC -- (AQUATRA, Inc.)
"C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe" = C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- File not found
"C:\Program Files (x86)\LimeWire\LimeWire.exe" = C:\Program Files (x86)\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files (x86)\Remote Desktop Control\apc_host.exe" = C:\Program Files (x86)\Remote Desktop Control\apc_host.exe:*:Enabled:Remote Desktop Control, RDC -- (AQUATRA, Inc.)
"C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe" = C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- File not found
"C:\Program Files (x86)\LimeWire\LimeWire.exe" = C:\Program Files (x86)\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00171E17-38DC-4FC0-AC68-4AD8965D609D}" = MPLAB Tools v7.52
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51FF0A13-A703-4B5E-8927-A3146EE525FE}" = Remote Desktop Control 1.9
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F770DC-9DE6-41A7-A121-4BE7E29AFF31}" = Tango
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutocompletePro2_is1" = AutocompletePro
"Chikka Messenger V4" = Chikka Messenger V4
"Cool Flash Maker_is1" = Cool Flash Maker v14.06 Trial (Feb-11-2010)
"Falco GIF Animator_is1" = Falco GIF Animator 2.3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free RAR Extract Frog" = Free RAR Extract Frog
"InstallShield_{00171E17-38DC-4FC0-AC68-4AD8965D609D}" = MPLAB Tools v7.52
"Kiran's Typing Tutor_is1" = Kiran's Typing Tutor 1.0
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Meeting Timer" = Meeting Timer (remove only)
"OpenStat_is1" = OpenStat Version 30.7.08
"PDF reDirect" = PDF reDirect (remove only)
"ResultDns" = ResultDns 1.0 build 111
"USB Disk Security_is1" = USB Disk Security

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2010 8:26:18 PM | Computer Name = COMPLABATHLON | Source = VSS | ID = 8211
Description =

Error - 7/19/2010 7:46:52 PM | Computer Name = COMPLABATHLON | Source = VSS | ID = 8211
Description =

Error - 7/19/2010 11:10:57 PM | Computer Name = COMPLABATHLON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/19/2010 11:10:57 PM | Computer Name = COMPLABATHLON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/19/2010 11:10:57 PM | Computer Name = COMPLABATHLON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/19/2010 11:10:57 PM | Computer Name = COMPLABATHLON | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/20/2010 7:53:20 PM | Computer Name = COMPLABATHLON | Source = VSS | ID = 8211
Description =

Error - 7/20/2010 10:04:55 PM | Computer Name = COMPLABATHLON | Source = VSS | ID = 8211
Description =

Error - 7/20/2010 10:05:39 PM | Computer Name = COMPLABATHLON | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 5.0.375.99, fault address 0x0039cd07.

Error - 7/20/2010 10:09:01 PM | Computer Name = COMPLABATHLON | Source = VSS | ID = 8211
Description =

[ System Events ]
Error - 7/20/2010 10:06:20 PM | Computer Name = COMPLABATHLON | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the AFD service which failed to
start because of the following error: %%31

Error - 7/20/2010 10:06:20 PM | Computer Name = COMPLABATHLON | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 7/20/2010 10:06:20 PM | Computer Name = COMPLABATHLON | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 7/20/2010 10:06:20 PM | Computer Name = COMPLABATHLON | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 7/20/2010 10:06:20 PM | Computer Name = COMPLABATHLON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

Error - 7/20/2010 10:09:25 PM | Computer Name = COMPLABATHLON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/20/2010 10:10:38 PM | Computer Name = COMPLABATHLON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips SASDIFSV SASKUTIL

Error - 7/21/2010 5:41:05 AM | Computer Name = COMPLABATHLON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 7/24/2010 10:18:04 PM | Computer Name = COMPLABATHLON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/24/2010 10:18:33 PM | Computer Name = COMPLABATHLON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips SASDIFSV SASKUTIL


< End of report >


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 02 August 2010 - 06:48 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:06:50 PM

Posted 05 August 2010 - 11:27 PM

Hello m0le! thanx for replying. Unfortunately changes had already been made since I posted the log above. I'm using this PC for educational purposes so I need to try applications.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 06 August 2010 - 04:08 AM

Okay, not a big problem. Please run a new OTL scan and post the log. smile.gif
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 08 August 2010 - 06:53 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:06:50 PM

Posted 08 August 2010 - 07:54 PM

new OTL Scan log


OTL logfile created on: 8/9/2010 8:42:44 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
64bit-Windows Server 2003 Service Pack 1 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 130.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37.26 Gb Total Space | 24.14 Gb Free Space | 64.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPLABATHLON
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/09 08:36:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL (1).exe
PRC - [2010/06/29 10:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 08:36:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL (1).exe
MOD - [2005/03/25 20:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2005/03/25 20:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx
MOD - [2005/03/25 02:29:42 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_0213CDC8\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\xmlprov.dll -- (xmlprov)
SRV:64bit: - File not found [Auto | Running] -- C:\WINDOWS\SysNative\wzcsvc.dll -- (WZCSVC)
SRV:64bit: - File not found [Auto | Stopped] -- C:\WINDOWS\SysNative\wuauserv.dll -- (wuauserv)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\advapi32.dll -- (Wmi)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ups.exe -- (UPS)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\wdfmgr.exe -- (UMWdf)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - File not found [Auto | Stopped] -- C:\WINDOWS\SysNative\smlogsvc.exe -- (SysmonLog)
SRV:64bit: - File not found [Auto | Running] -- C:\WINDOWS\SysNative\srsvc.dll -- (srservice)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\SCardSvr.exe -- (SCardSvr)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\sessmgr.exe -- (RDSessMgr)
SRV:64bit: - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (PlugPlay)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDEdsdm)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDE)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\mnmsrvc.exe -- (mnmsrvc)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\msgsvc.dll -- (Messenger)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\imapi.exe -- (ImapiService)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\w3ssl.dll -- (HTTPFilter)
SRV:64bit: - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (Eventlog)
SRV:64bit: - File not found [Auto | Stopped] -- C:\WINDOWS\SysNative\ersvc.dll -- (ERSvc)
SRV:64bit: - File not found [Auto | Running] -- C:\WINDOWS\SysNative\dmserver.dll -- (dmserver)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\dmadmin.exe -- (dmadmin)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\clipsrv.exe -- (ClipSrv)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\cisvc.exe -- (CiSvc)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\alrsvc.dll -- (Alerter)
SRV:64bit: - [2010/04/15 00:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/04/15 00:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/04/15 00:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/04/15 00:46:53 | 000,119,200 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2007/06/29 01:31:00 | 000,429,056 | ---- | M] (Faronics Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DF5Serv.exe -- (DF5Serv)
SRV - [2005/03/25 20:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)
SRV - [2005/03/25 20:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2005/03/25 20:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wdmaud.sys -- (wdmaud)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ac97via.sys -- (VIAudio)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\update.sys -- (Update)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sysaudio.sys -- (sysaudio)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\swmidi.sys -- (swmidi)
DRV:64bit: - File not found [File_System | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\sr.sys -- (sr)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\splitter.sys -- (splitter)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\redbook.sys -- (redbook)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\raspti.sys -- (Raspti)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\ptilink.sys -- (Ptilink)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\psched.sys -- (PSched)
DRV:64bit: - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\kmixer.sys -- (kmixer)
DRV:64bit: - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ipsec.sys -- (IPSec)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys -- (Ip6Fw)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\imapi.sys -- (imapi)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\msgpc.sys -- (Gpc)
DRV:64bit: - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\fet5a64.sys -- (FETNDISB)
DRV:64bit: - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmload.sys -- (dmload)
DRV:64bit: - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmio.sys -- (dmio)
DRV:64bit: - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\dmboot.sys -- (dmboot)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys -- (CdaD10BA)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys -- (CdaC15BA)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\audstub.sys -- (audstub)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\atmarpc.sys -- (Atmarpc)
DRV:64bit: - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - File not found [File_System | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\aec.sys -- (aec)
DRV - [2009/05/26 10:05:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/05/26 10:05:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/26 10:05:52 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2005/03/25 20:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.ph
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 98 83 E2 0A 66 24 C7 40 8B 27 90 55 90 8E 38 9A [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com [2010/07/01 19:54:19 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [iSafeCW] C:\Program Files (x86)\iSafe AllInOne Keylogger\winsrv.exe (iSafesoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Yahoo Messengger] C:\WINDOWS\SysWOW64\RVHOST.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 124.104.135.68 58.69.254.143
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdit14232.dll) - C:\WINDOWS\SysWOW64\kbdit14232.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdit32.dll) - C:\WINDOWS\SysWOW64\kbdit32.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdit3232.dll) - C:\WINDOWS\SysWOW64\kbdit3232.dll ()
O20 - AppInit_DLLs: (p507kndb32.dll) - File not found
O20 - AppInit_DLLs: (p507kndb32.dll9es8np7rxg32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dll) - C:\WINDOWS\SysWOW64\kbdla32.dll ()
O20 - AppInit_DLLs: (p507kndb32.dll9es8np7rxg32.dll8el03oc32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dll ()
O20 - AppInit_DLLs: (p507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (RVHOST.exe) - C:\WINDOWS\SysWow64\RVHOST.exe ()
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\DfLogon: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\DfLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O24 - Desktop Components:0 (ihs) - C:\WINDOWS\system32\gaadi001.gif
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/01 00:37:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found
NetSvcs:64bit: DMServer - C:\WINDOWS\SysNative\dmserver.dll File not found
NetSvcs:64bit: Messenger - C:\WINDOWS\SysNative\msgsvc.dll File not found
NetSvcs:64bit: Ntmssvc - C:\WINDOWS\SysNative\ntmssvc.dll File not found
NetSvcs:64bit: SRService - C:\WINDOWS\SysNative\srsvc.dll File not found
NetSvcs:64bit: WZCSVC - C:\WINDOWS\SysNative\wzcsvc.dll File not found
NetSvcs:64bit: Wmi - C:\WINDOWS\SysNative\advapi32.dll File not found
NetSvcs:64bit: xmlprov - C:\WINDOWS\SysNative\xmlprov.dll File not found
NetSvcs:64bit: wuauserv - C:\WINDOWS\SysNative\wuauserv.dll File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/01 18:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010/08/01 14:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/01 14:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PhotoshopPortable
[2010/08/01 13:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/08/01 13:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/08/01 13:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/08/01 13:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2010/08/01 12:11:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\iSafe AllInOne Keylogger
[2010/07/30 15:35:45 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\SysWow64\aswBoot.exe
[2010/07/30 15:35:45 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\SysWow64\avastSS.scr
[2010/07/30 09:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/07/30 09:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/07/29 18:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/07/29 18:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/07/29 18:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo!
[2010/07/20 11:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/07/19 09:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2010/07/16 18:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb
[2010/07/16 17:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/07/16 17:19:53 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/16 17:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/07/16 17:08:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2010/07/16 17:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/16 17:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/16 15:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/16 10:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/16 10:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/07/16 10:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/07/16 10:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/07/15 12:42:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/07/12 08:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LimeWire
[2010/07/12 08:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2010/07/12 08:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/09 08:29:29 | 000,044,922 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\28203_124746824232622_100000919162216_125182_2459651_n.jpg
[2010/08/06 19:33:36 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/08/06 19:33:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/06 19:33:22 | 004,768,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/06 19:32:50 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Med Elect Midterm.doc
[2010/08/06 19:24:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/08/06 18:41:40 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Management Midterm.doc
[2010/08/06 14:58:23 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NEW LOGO.doc
[2010/08/06 13:51:54 | 000,009,369 | RHS- | M] () -- C:\WINDOWS\SysWow64\setting.ini
[2010/08/06 13:48:50 | 000,000,424 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010/08/06 13:44:39 | 000,415,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ihs1.uga
[2010/08/06 13:44:16 | 000,188,239 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ihs2.gif
[2010/08/06 12:40:20 | 000,091,333 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ihs.gif
[2010/08/06 12:40:20 | 000,091,333 | ---- | M] () -- C:\WINDOWS\SysWow64\gaadi001.gif
[2010/08/06 12:33:06 | 000,003,176 | ---- | M] () -- C:\WINDOWS\SysWow64\gafilter.sti
[2010/08/06 12:29:04 | 000,001,236 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ulead GIF Animator 5.lnk
[2010/08/06 12:10:41 | 000,023,007 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RB1.GIF
[2010/08/06 10:17:14 | 000,004,808 | ---- | M] () -- C:\WINDOWS\SysWow64\gaeffect.sti
[2010/08/03 19:58:23 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tax.ppt
[2010/08/02 17:09:21 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\AAMI.doc
[2010/08/02 10:05:12 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BMET 1 MIDTERM.xls
[2010/08/02 08:03:46 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BMET 1.xls
[2010/08/01 15:24:40 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BMET 2.xls
[2010/08/01 13:15:35 | 000,000,116 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\msadoex.dll
[2010/07/30 16:47:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/30 16:46:18 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/30 15:36:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2010/07/30 09:38:43 | 410,280,484 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\OFFICE2003.rar
[2010/07/28 17:52:30 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Acquaintance Waiver.doc
[2010/07/27 14:54:47 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Problem Solving Worksheet.doc
[2010/07/27 12:02:22 | 000,352,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Emergency_Contingency_Factsheet.doc
[2010/07/26 08:44:49 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\khq
[2010/07/25 18:33:11 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Medical Gas Cylinders.ppt
[2010/07/25 12:31:21 | 000,069,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/21 12:05:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/07/21 10:15:06 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GMER will open to the Rootkit.doc
[2010/07/21 10:02:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tzidex2o.exe
[2010/07/20 11:10:26 | 000,001,183 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Launch QuickScan.lnk
[2010/07/16 18:08:38 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/07/16 18:08:38 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/16 16:42:02 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2010/07/16 16:38:21 | 000,000,136 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/16 16:12:02 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/16 15:47:44 | 000,000,150 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/16 14:37:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-223246042-2034547969-2128330247-500UA.job
[2010/07/16 14:03:02 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/16 10:22:17 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.doc
[2010/07/16 08:48:59 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll
[2010/07/16 08:48:29 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll
[2010/07/16 08:47:59 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dll
[2010/07/16 08:47:57 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll
[2010/07/16 08:47:28 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dll
[2010/07/16 08:47:27 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll
[2010/07/16 08:46:58 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dll
[2010/07/16 08:46:56 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll
[2010/07/16 08:46:26 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll
[2010/07/16 08:45:57 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdit3232.dll
[2010/07/16 08:45:56 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdit32.dll
[2010/07/16 08:44:57 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdit14232.dll
[2010/07/15 16:37:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-223246042-2034547969-2128330247-500Core.job
[2010/07/15 12:08:07 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Saved.lnk
[2010/07/13 15:31:13 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Power Supply Fundamentals.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/09 08:29:29 | 000,044,922 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\28203_124746824232622_100000919162216_125182_2459651_n.jpg
[2010/08/06 19:09:22 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Med Elect Midterm.doc
[2010/08/06 15:06:34 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Management Midterm.doc
[2010/08/06 14:58:23 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NEW LOGO.doc
[2010/08/06 13:51:54 | 000,529,920 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\New Folder.exe
[2010/08/06 13:51:38 | 000,009,369 | RHS- | C] () -- C:\WINDOWS\SysWow64\setting.ini
[2010/08/06 13:51:30 | 000,529,920 | RHS- | C] () -- C:\WINDOWS\SysWow64\RVHOST.exe
[2010/08/06 13:51:30 | 000,529,920 | ---- | C] () -- C:\WINDOWS\RVHOST.exe
[2010/08/06 13:45:45 | 000,188,239 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ihs2.gif
[2010/08/06 12:45:10 | 000,415,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ihs1.uga
[2010/08/06 12:41:49 | 000,091,333 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ihs.gif
[2010/08/06 12:40:20 | 000,091,333 | ---- | C] () -- C:\WINDOWS\SysWow64\gaadi001.gif
[2010/08/06 12:29:10 | 000,001,236 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ulead GIF Animator 5.lnk
[2010/08/06 12:10:37 | 000,023,007 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RB1.GIF
[2010/08/06 10:17:14 | 000,004,808 | ---- | C] () -- C:\WINDOWS\SysWow64\gaeffect.sti
[2010/08/06 10:17:14 | 000,003,176 | ---- | C] () -- C:\WINDOWS\SysWow64\gafilter.sti
[2010/08/06 10:17:09 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2010/08/03 19:58:23 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tax.ppt
[2010/08/02 17:09:20 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\AAMI.doc
[2010/08/02 09:32:45 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BMET 1 MIDTERM.xls
[2010/08/01 15:25:46 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BMET 1.xls
[2010/08/01 14:16:48 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BMET 2.xls
[2010/08/01 12:11:33 | 000,000,116 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\msadoex.dll
[2010/07/30 09:34:06 | 410,280,484 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\OFFICE2003.rar
[2010/07/28 17:52:30 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Acquaintance Waiver.doc
[2010/07/27 14:54:47 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Problem Solving Worksheet.doc
[2010/07/27 12:02:21 | 000,352,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Emergency_Contingency_Factsheet.doc
[2010/07/26 08:44:49 | 000,897,706 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\siasxi.exe
[2010/07/26 08:44:49 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\khq
[2010/07/25 18:33:11 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Medical Gas Cylinders.ppt
[2010/07/21 12:05:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/07/21 10:15:23 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tzidex2o.exe
[2010/07/21 10:15:05 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GMER will open to the Rootkit.doc
[2010/07/20 11:10:26 | 000,001,183 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Launch QuickScan.lnk
[2010/07/16 16:38:21 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/16 16:12:02 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/16 10:22:16 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.doc
[2010/07/16 08:48:59 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll
[2010/07/16 08:48:29 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll
[2010/07/16 08:47:59 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dll
[2010/07/16 08:47:57 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll
[2010/07/16 08:47:28 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dll
[2010/07/16 08:47:26 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll
[2010/07/16 08:46:58 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdla32.dll
[2010/07/16 08:46:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll
[2010/07/16 08:46:26 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll
[2010/07/16 08:45:57 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdit3232.dll
[2010/07/16 08:45:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdit32.dll
[2010/07/16 08:44:57 | 000,217,088 | ---- | C] () -- C:\WINDOWS\SysWow64\kbdit14232.dll
[2010/07/15 12:08:07 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Saved.lnk
[2010/07/13 15:31:12 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Power Supply Fundamentals.doc
[2010/06/19 14:39:55 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/06/19 14:39:53 | 000,008,589 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/19 14:39:52 | 000,010,296 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2010/06/10 12:05:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\pdfxp.dll
[2007/02/14 08:50:16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\SysWow64\MPMapTrace.dll
[2006/12/13 16:03:14 | 000,074,240 | ---- | C] () -- C:\WINDOWS\SysWow64\zlibwapi.dll
[2006/11/14 09:51:18 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\mpPathan.dll
[2006/01/01 08:33:55 | 000,366,976 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2006/01/01 02:34:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/01 00:11:40 | 000,000,043 | ---- | C] () -- C:\WINDOWS\twin.dll
[2005/03/25 20:00:00 | 001,290,240 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2005/03/25 20:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 20:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2005/03/25 20:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 20:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2005/03/25 20:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2005/03/25 20:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2005/03/25 20:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2005/03/25 20:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 20:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2005/03/25 20:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 20:00:00 | 000,082,432 | ---- | C] () -- C:\WINDOWS\SysWow64\ieencode.dll
[2005/03/25 20:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2005/03/25 20:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2005/03/25 20:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2005/03/25 20:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 20:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 20:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\SysWow64\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: NETLOGON.DLL >
[2005/03/25 20:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\SysWOW64\netlogon.dll
[2005/03/25 20:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\SysWOW64\netlogon.dll

< MD5 for: SCECLI.DLL >
[2005/03/25 20:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\SysWOW64\scecli.dll
[2005/03/25 20:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\SysWOW64\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 09 August 2010 - 04:55 PM

Some nasty and unidentified malware here. Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdit14232.dll) - C:\WINDOWS\SysWOW64\kbdit14232.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdit32.dll) - C:\WINDOWS\SysWOW64\kbdit32.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdit3232.dll) - C:\WINDOWS\SysWOW64\kbdit3232.dll ()
O20 - AppInit_DLLs: (p507kndb32.dll) - File not found
O20 - AppInit_DLLs: (p507kndb32.dll9es8np7rxg32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dll) - C:\WINDOWS\SysWOW64\kbdla32.dll ()
O20 - AppInit_DLLs: (p507kndb32.dll9es8np7rxg32.dll8el03oc32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dll ()
O20 - AppInit_DLLs: (p507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll) - C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll ()
[2010/07/16 08:48:59 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll
[2010/07/16 08:48:29 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll
[2010/07/16 08:47:59 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dll
[2010/07/16 08:47:57 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll
[2010/07/16 08:47:28 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dllex30032.dll
[2010/07/16 08:47:27 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll
[2010/07/16 08:46:58 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdla32.dll
[2010/07/16 08:46:56 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll
[2010/07/16 08:46:26 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\iepeers32.dllp507kndb32.dll
[2010/07/16 08:45:57 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdit3232.dll
[2010/07/16 08:45:56 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdit32.dll
[2010/07/16 08:44:57 | 000,217,088 | ---- | M] () -- C:\WINDOWS\SysWow64\kbdit14232.dll
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:files
C:\Documents and Settings\All Users\Documents\khq
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please also post a new scan log from OTL.
Posted Image
m0le is a proud member of UNITE

#8 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:06:50 PM

Posted 09 August 2010 - 07:20 PM

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\kbdit14232.dll deleted successfully.
C:\WINDOWS\SysWOW64\kbdit14232.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\kbdit32.dll deleted successfully.
C:\WINDOWS\SysWOW64\kbdit32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\kbdit3232.dll deleted successfully.
C:\WINDOWS\SysWOW64\kbdit3232.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:p507kndb32.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:p507kndb32.dll9es8np7rxg32.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\kbdla32.dll deleted successfully.
C:\WINDOWS\SysWOW64\kbdla32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:p507kndb32.dll9es8np7rxg32.dll8el03oc32.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\kbdla32.dllex30032.dll deleted successfully.
C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:p507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dll deleted successfully.
C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll deleted successfully.
C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll deleted successfully.
C:\WINDOWS\SysWOW64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll moved successfully.
File C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll4wj3k932.dll not found.
File C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dllbq3io5xao32.dll not found.
File C:\WINDOWS\SysWow64\kbdla32.dllex30032.dllzp0seh832.dll not found.
C:\WINDOWS\SysWOW64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll74taiacrxic32.dll moved successfully.
File C:\WINDOWS\SysWow64\kbdla32.dllex30032.dll not found.
C:\WINDOWS\SysWOW64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll8el03oc32.dll moved successfully.
File C:\WINDOWS\SysWow64\kbdla32.dll not found.
C:\WINDOWS\SysWOW64\iepeers32.dllp507kndb32.dll9es8np7rxg32.dll moved successfully.
C:\WINDOWS\SysWOW64\iepeers32.dllp507kndb32.dll moved successfully.
File C:\WINDOWS\SysWow64\kbdit3232.dll not found.

#9 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:06:50 PM

Posted 09 August 2010 - 10:43 PM

After the OTL scan, I restarted the computer into normal mode. The "The application or DLL C:\WINDOWS\system32\kbdit14232.dll is not a valid windows image" is already gone but the computer is very unresponsive. I restarted it again into safe mode and run malwarebyte. There were 11 infections. It was removed successfully then the computer hang after restarting. I'm using again this computer in safe mode.

Thank you for your time! clapping.gif

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 10 August 2010 - 10:58 AM

I did not ask you to run MBAM. Has that stopped you being able to boot into normal mode? It sounds like you're saying you have to be in safe mode because the PC hangs. Is that right?


Posted Image
m0le is a proud member of UNITE

#11 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:06:50 PM

Posted 10 August 2010 - 07:10 PM

sorry about mbam, yes i was in safe mode ever since I posted my problem. i was thinking my pc is already alright after otl scan and restarting but it was useless because it hanged.

#12 monsterbob

monsterbob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Albay, Philippines
  • Local time:06:50 PM

Posted 10 August 2010 - 07:17 PM

the mbam scan was also done in safe mode.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 11 August 2010 - 04:25 PM

We have to go in a different way and fix this now.

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

1. Download and Run Ultimate Boot CD for Windows
  • Save it to your Desktop.
  • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
    NOTES:
    • Do not install to a folder with spaces in it's name.
    • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  • Click "I agree" to the Builders License.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)
        • Enter the path to the drive where your XP CD is located.
        • You can click on the "..." button on the right to navigate to the path as well.
      • Custom: (include files and folders from this directory)
        • No information is necessary, leave blank.
      • Output: (C:\ubcd4win\BartPE)
        • Keep the default BartPE
    • Media output
      • Choose Create ISO image
      • Do not choose Burn to CD/DVD


        Please note: If your XP install disc is SP1 then please .....
        1. Disable- DComLaunch Service
        2. Enable- LargeIDE Fix

          This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

      Also note: If you have a Dell XP install disc you will need to follow the instructions here
      http://www.ubcd4win.com/faq.htm#dell

    3. Click on the "Build" button
    • You will see the Windows EULA message. Click on I Agree
    • You will now see the Build Screen. Let it run it's course
    • When the Build is finished you can click close, then exit


    4. Burn your ISO file to CD
    • Please see HERE on how to burn an ISO to CD.

    ==========

    Next........

    From your clean computer..

    Please download OTLPE.zip and save it to a flash drive.
    http://oldtimer.geekstogo.com/OTLPE.zip
    http://www.itxassociates.com/OT-Tools/OTLPE.zip

    Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

    ==========

    Plug your flash drive into your sick computer now and do as instructed below..

    ==========

    1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
    • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
    • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
      • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
      • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
    • You should now have a desktop that looks like this:

    ==========

    Single click My computer from your UBCD4W desktop to navigate to the OTLPE folder that you saved to your flash drive.

    Open the OTLPE folder and double click Start.bat.
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTLPE should now start

      Change the following settings
      • Change Services, Drivers, Standard and Extra Registry to All

    • Copy and Paste the following code into the textbox. Do not include the word "Code"

      CODE
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      /md5start
      userinit.exe
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT

    • Push
    • A report will open. Save that log to your flash drive. Copy and Paste that report in your next reply.

    =========

    With your next post please provide:

    * OTLPE.txt
    Posted Image
    m0le is a proud member of UNITE

    #14 monsterbob

    monsterbob
    • Topic Starter

    • Members
    • 38 posts
    • OFFLINE
    •  
    • Location:Albay, Philippines
    • Local time:06:50 PM

    Posted 12 August 2010 - 05:26 AM

    Please give me more to time to finish everything you ask me to do. I will post the log as soon as I finish it. Thank you very much!!

    #15 m0le

    m0le

      Can U Dig It?


    • Malware Response Team
    • 34,527 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:London, UK
    • Local time:10:50 AM

    Posted 12 August 2010 - 03:56 PM

    Not a problem, monsterbob, it is one of the most difficult tasks I ask users to do. thumbup2.gif
    Posted Image
    m0le is a proud member of UNITE




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users