XP Antivirus 2010 malware

View previous topic View next topic Go down

XP Antivirus 2010 malware

Post by dgodfrey on Fri Apr 02, 2010 10:16 pm

I have been infected with the XP Antivirus 2010 malware on a laptop running XP.
I have back up of the data so I am covered and wanted to information on how best to remove it or whether it just best to reload XP.
One other piece of information is that this computer runs two accounts and both get the malware pop ups. However, one of them it appears that the desk top is partially wiped and programs cannot be strated from the desk top and some also from the start menu, but on the other one they work fine.
Any comments will be appreciated.

dgodfrey
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-02
OS OS : Windows XP
Points Points : 24493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by Net_Surfer on Fri Apr 02, 2010 11:07 pm

Hello dgodfrey and Welcome to GeekPolice Malware removal forum.

My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

I would also like to inform you that most of us here at GeekPolice offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. Gmer, DDS, ComboFix, RSIT and hijackthis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.[/b]


  1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.

  2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

  3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

  4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

  5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. Right On!

OK. dgodfrey.......If you have a Vista computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

Please carefully follow the next set of steps:


If you can not download and run the following tools, then I would like for you to try another approach:

If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
Be sure you put them on the desktop of the infected computer.


* exeHelper by Raktor.

step1. Please download: [You must be registered and logged in to see this link.] to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

step2.* After running exeHelper ("without rebooting") download and run Rkill and Malwarebyte's and run them using this instructions:

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

*If the tool does not run from any of the links, Please tell me about it.

Malwarebytes' Anti-Malware

step3.* Please download:[You must be registered and logged in to see this link.]
Note: If you already have Malwarebytes' Anti-Malware, just update first then run it.

  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform a Full system Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

step4.* We need to see some additional information about what is happening in your machine.
Please perform the following scan:



  • Download DDS by sUBs from one of the following links. Save it to your desktop.
    o [You must be registered and logged in to see this link.]
    o [You must be registered and logged in to see this link.]
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

  • Instead of attaching, please copy/paste both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
[indent]Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all anti-virus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control [You must be registered and logged in to see this link.]


Summary of the logs I will need in your next reply:

  • ExeHelper log.
  • Rkill log.
  • MBAM log.
  • The two logs of DDS.

How are things your end dgodfrey?


The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

Kind regards
Net_Surfer



Obstacles are what you see when you take you eyes off your GOALS
Net_Surfer is a Graduate of BleepingComputer: Malware Removal Training Program You too could train to help others!

Net_Surfer
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2010-03-28
Gender Gender : Male
OS OS : xp sp3, Vista, Win7
Points Points : 25195
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by dgodfrey on Fri Apr 02, 2010 11:18 pm

Hello Net_Surfer,
Thank you for your reply.
Lots tod o here and I will follow you instrucitons and let you know.
Best regards,
dgodfrey

dgodfrey
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-02
OS OS : Windows XP
Points Points : 24493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by Net_Surfer on Sun Apr 04, 2010 1:47 pm

No problem.

Post when you are ready!

Regards
Net_Surfer
(Gunsmoke)


Obstacles are what you see when you take you eyes off your GOALS
Net_Surfer is a Graduate of BleepingComputer: Malware Removal Training Program You too could train to help others!

Net_Surfer
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2010-03-28
Gender Gender : Male
OS OS : xp sp3, Vista, Win7
Points Points : 25195
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by dgodfrey on Mon Apr 05, 2010 1:35 am

Hello again Net_Surfer,
I ran everything as you requested and all functioned as you described.
After running Malwarebytes' Anti-Malware it requested a reboot which I did before running DDS.
A consolidated list of all of the reports is below.
Your comments regarding the status of my machine will be much appreciated.
dgodfrey



exeHelper by Raktor
Build 20100329
Run at 14:56:44 on 04/04/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Removing HKCR\secfile
Resetting userinit and shell values...
Resetting policies...
--Finished—
+++++++++++++++++++++++++++++++++++++++
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as dgodfrey on 04/04/2010 at 14:59:12.
Processes terminated by Rkill or while it was running:
Rkill completed on 04/04/2010 at 14:59:14.
++++++++++++++++++++++++++++++++++++++++++
Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/4/2010 3:31:13 PM
mbam-log-2010-04-04 (15-31-13).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 194445
Time elapsed: 24 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\dgodfrey\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\ATI\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
+++++++++++++++++++++++++++++++++++++++++++

DDS (Ver_10-03-17.01) - FAT32x86
Run by dgodfrey at 15:43:58.25 on Sun 04/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.428 [GMT -7:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI\MAC2-SN\TD\XYNTService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ATI\MAC2-SN\MTL\MTL Server.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI\MAC2-SN\TD\tdsn.exe
C:\Program Files\Common Files\DeLorme\DelSerial\XYNTService.exe
C:\Program Files\ATI\MAC2-SN\TD\loggingclient.exe
C:\Program Files\Common Files\DeLorme\DelSerial\SerEmulVspStartup.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\DeLorme\DelSerial\DeLSerial.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
F:\ANTI VIRUS\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [ABLKSR] c:\windows\ablksr\ABLKSR.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PowerForPhone] c:\program files\powerforphone\powerforphone\PowerForPhone.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multif~1.lnk - c:\program files\asus\asus multiframe\MultiFrame.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R2 MAC2-SN;MAC2-SN;c:\program files\ati\mac2-sn\td\XYNTService.exe [2008-3-4 57344]
R2 SerEmulVsp;SerEmulVsp;c:\windows\system32\drivers\SerEmulVsp.sys [2007-3-28 134560]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-19 1247600]
R2 VSPDELSERIAL;VSPDELSERIAL;c:\program files\common files\delorme\delserial\XYNTService.exe [2010-3-2 57344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2007-4-19 34944]
S3 Mac2 Simulator TD;Mac2 Simulator TD;c:\program files\ati\mac2 simulator\td\XYNTServiceManStart.exe [2006-11-30 57344]
S3 MAC2SN_GAP;MAC2SN_GAP;c:\program files\ati\mac2-sn\gap\XYNTService.exe [2010-1-18 57344]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2010-3-19 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2010-3-19 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2010-3-19 39936]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\ptduwflt.sys --> c:\windows\system32\drivers\PTDUWFLT.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2010-3-19 59904]

=============== Created Last 30 ================

2010-04-04 22:05:14 0 d-----w- c:\docume~1\dgodfrey\applic~1\Malwarebytes
2010-04-04 22:05:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 22:05:01 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-04 22:05:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 22:05:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-02 14:26:25 0 d-----w- c:\program files\Microsoft
2010-04-02 14:26:20 0 d-----w- c:\program files\MSN Toolbar
2010-04-02 14:24:51 0 d-----w- c:\program files\MSN Toolbar Installer
2010-04-02 14:24:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 18:36:58 56532 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-29 17:43:03 0 d-----w- c:\program files\iTunes
2010-03-29 17:43:03 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-19 21:19:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Verizon Wireless
2010-03-19 21:17:56 0 d-----w- c:\docume~1\dgodfrey\applic~1\Smith Micro
2010-03-19 21:14:45 0 d-----w- c:\program files\Verizon Wireless
2010-03-19 21:14:15 77824 ----a-w- c:\windows\system32\PTDUwmcp.dll
2010-03-19 21:14:15 59904 ----a-w- c:\windows\system32\drivers\PTDUWWAN.sys
2010-03-19 21:14:15 41344 ----a-w- c:\windows\system32\drivers\PTDUMdm.sys
2010-03-19 21:14:15 39936 ----a-w- c:\windows\system32\drivers\PTDUVsp.sys
2010-03-19 21:14:15 33024 ----a-w- c:\windows\system32\drivers\PTDUBus.sys
2010-03-19 21:14:15 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-03-19 20:55:54 0 d-----w- c:\docume~1\dgodfrey\applic~1\Verizon Wireless
2010-03-16 22:44:48 0 d-----w- c:\program files\PANTECH
2010-03-09 17:53:09 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-03-03 02:30:54 12030104 ----a-w- C:\InstallSerialEmulator.exe
2010-03-03 02:24:32 7048 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:26 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2008-09-29 20:20:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 15:44:28.71 ===============
++++++++++++++++++++++++++++++++++++++++++

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/26/2007 6:16:15 AM
System Uptime: 4/4/2010 3:37:12 PM (0 hours ago)

Motherboard: ASUSTeK Computer Inc. | | A8JS
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | CPU 1 | 1975/668mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 67 GiB total, 25.131 GiB free.
D: is FIXED (FAT32) - 43 GiB total, 42.501 GiB free.
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP434: 1/17/2010 9:37:10 AM - Software Distribution Service 3.0
RP435: 1/17/2010 9:50:35 AM - Removed hp officejet g series
RP436: 1/18/2010 1:50:07 PM - System Checkpoint
RP437: 1/19/2010 5:50:07 PM - System Checkpoint
RP438: 1/20/2010 10:02:38 PM - System Checkpoint
RP439: 2/4/2010 4:31:42 PM - System Checkpoint
RP440: 2/5/2010 3:00:15 AM - Software Distribution Service 3.0
RP441: 2/8/2010 2:13:32 PM - Software Distribution Service 3.0
RP442: 2/8/2010 2:43:44 PM - Removed Google Earth.
RP443: 2/9/2010 12:46:02 PM - Installed Remote Desktop Connection
RP444: 2/10/2010 3:00:24 AM - Software Distribution Service 3.0
RP445: 2/11/2010 4:23:42 AM - System Checkpoint
RP446: 2/15/2010 3:15:05 AM - System Checkpoint
RP447: 2/16/2010 4:48:05 AM - Removed Google Earth.
RP448: 2/16/2010 5:19:41 AM - Removed Google Earth.
RP449: 2/16/2010 5:40:37 AM - Installed Windows Installer Clean Up
RP450: 2/17/2010 7:15:00 AM - System Checkpoint
RP451: 2/18/2010 7:17:49 PM - System Checkpoint
RP452: 2/18/2010 8:58:26 PM - Installed Windows XP -- Software Updates KB952011.
RP453: 2/19/2010 9:34:34 PM - System Checkpoint
RP454: 2/22/2010 11:44:34 AM - System Checkpoint
RP455: 2/23/2010 4:13:50 PM - System Checkpoint
RP456: 2/23/2010 6:28:41 PM - Removed Google Earth.
RP457: 2/24/2010 3:00:15 AM - Software Distribution Service 3.0
RP458: 2/25/2010 5:57:06 AM - System Checkpoint
RP459: 2/26/2010 10:17:53 AM - System Checkpoint
RP460: 2/27/2010 1:58:13 PM - System Checkpoint
RP461: 2/28/2010 8:28:48 PM - System Checkpoint
RP462: 3/1/2010 8:54:52 PM - System Checkpoint
RP463: 3/2/2010 10:00:34 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP464: 3/2/2010 10:08:17 AM - Installed DeLorme Street Atlas USA 2010.
RP465: 3/2/2010 7:40:27 PM - Installed DeLorme Serial Emulator.
RP466: 3/4/2010 3:00:15 AM - Software Distribution Service 3.0
RP467: 3/5/2010 4:59:47 AM - System Checkpoint
RP468: 3/10/2010 3:00:29 AM - Software Distribution Service 3.0
RP469: 3/16/2010 5:32:06 PM - System Checkpoint
RP470: 3/17/2010 6:17:35 PM - System Checkpoint
RP471: 3/18/2010 6:21:19 PM - System Checkpoint
RP472: 3/19/2010 1:55:06 PM - Installed VZAccess Manager.
RP473: 3/19/2010 2:04:47 PM - Removed VZAccess Manager.
RP474: 3/20/2010 2:21:46 PM - System Checkpoint
RP475: 3/21/2010 3:20:41 PM - System Checkpoint
RP476: 3/29/2010 9:55:19 PM - System Checkpoint
RP477: 3/31/2010 2:48:59 PM - System Checkpoint
RP478: 4/1/2010 3:00:16 AM - Software Distribution Service 3.0
RP479: 4/2/2010 3:08:19 AM - System Checkpoint
RP480: 4/2/2010 7:23:48 AM - Installed Java(TM) 6 Update 17
RP481: 4/2/2010 7:24:20 AM - Installed MSN Toolbar Setup

==== Installed Programs ======================

2007 Microsoft Office system
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS InstantFun
ASUS Live Update
Asus MiVo Messenger
Asus MultiFrame
ASUS Splendid Video Enhancement Technology
Asus_A_Series_ScreenSaver
ASUSDVD
ATI MAC2 Client 2.10
ATI MAC2 Simulator 2.10
ATK Media
ATK0100 ACPI UTILITY
BattleScape Developer Option 3.4
Belarc Advisor 7.2
Bluetooth Stack for Windows
Boeing ACLM 2.0
Bonjour
CCleaner (remove only)
Container3D 3.1.8
Critical Update for Windows Media Player 11 (KB959772)
DeLorme Serial Emulator
DeLorme Street Atlas USA 2010
DivX Web Player
Google Chrome
Google Earth
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PROSet/Wireless Software
iPod for Windows 2005-10-12
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 7
LifeFrame2
LightScribe 1.4.89.1
MAC2-SN HQ 1.7.3
MAC2SN GAP 1.0.4
MAC2SN MTL Patch 1.7.5
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MapPoint North America 2004
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 12
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
mPfMgr
mPfWiz
mProSafe
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
Nero OEM
Net4Switch
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PANTECH UM175 Driver
Picasa 3
Power4 Gear
PowerForPhone
QuickTime
REALTEK PCIE NIC Driver
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SetPoint
Skype™ 4.0
SMSC IrCC V5.1.3600.9
SoundMAX
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VZAccess Manager
WebFldrs XP
Windows Desktop Search 3.01
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFlash
Wireless Console 2
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/4/2010 3:41:24 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
3/31/2010 6:36:14 PM, error: Dhcp [1002] - The IP address lease 172.28.101.31 for the Network Card with network address 001B770A7CE4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/31/2010 5:55:54 PM, error: Service Control Manager [7034] - The Symantec Core LC service terminated unexpectedly. It has done this 1 time(s).
3/31/2010 5:51:56 PM, error: PlugPlayManager [12] - The device 'PANTECH UM175 WWAN Driver #2' (USB\VID_106c&PID_3714&MI_03\6&1f084bdf&0&8515) disappeared from the system without first being prepared for removal.

==== End Of File ===========================
Thank You!

dgodfrey
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-02
OS OS : Windows XP
Points Points : 24493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by Net_Surfer on Mon Apr 05, 2010 2:09 pm

Hello again dgodfray, Honored

MBAM got some baddies.. but we have some more housecleaning to do.

Please follow my next set of steps:


Step 1.* JavaRa and Java update.

Your Java program is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:

Download and Run JavaRA

Please download [You must be registered and logged in to see this link.] and unzip it to your desktop.

  • Double-click on JavaRa.exe to start.
  • Use the drop down box to choose your language and click Select.
  • Select "Remove Older Versions".
  • Click Yes when asked "This will remove all older versions of the Java JRE...Are you sure you want to proceed?"
  • Click Ok when search and removal of old versions has completed.
  • A notice will appear indicating "Finished searching for all old versions...A logfile has been created...called JavaRa.log...
    JavaRa will now open its logfile.
    "
  • Click Ok and notepad will open with the log results of what was found and removed.
  • View the logfile and close notepad.
  • A copy of JavaRa.log will automatically be saved to your primary hard drive (usually C\:JavaRa.log).
  • Return to JavaRa and click the button for Additonal Tasks.
  • Select these Tasks:

    • Remove Useless JRE Files
    • Remove Startup Entry
    • Remove JavaRa Logfile (optional)

  • Click Go and then Ok when prompted "Finished searching for useless JRE files.
  • Click Ok again when prompted "Finished searching for JRE startup entries.
  • Close the Additional Tasks window, exit JavaRa and reboot your computer.

Step 2. Then download the latest version of [You must be registered and logged in to see this link.] and save it to your desktop.


  • Look for "JDK 6 Update 19 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • From your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
-- The [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
Step 3. **Note: In the event you already have old versions of Combofix, I need you to delete them, right click on the combofix icon on your desktop and delete it. This is a new version that I need you to download. It is important that it is saved directly to your desktop**


  • If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

  • For Internet Explorer:
    o Choose to save, not open the file
    o When prompted - save the file to your desktop, and rename it to commy with .exe extension on the end.


* Please download ComboFix from: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Please insert your flash drive and all usb-drives before running Combofix
    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read [You must be registered and logged in to see this link.] for an article written by dvk01 on why we disable autoruns.
  • Close any open browsers.
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
  • Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
    -----------------------------------------------------------
  • Click: Start>Run
    then copy paste the following command into the Run box & click: OK

    "%userprofile%\desktop\commy.exe" /stepdel

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

A word of advise if you are a lurker: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read the: [You must be registered and logged in to see this link.]

Step 4. * Re-scan with DDS so we can verify nothing new is back.

Summary of the logs I will need in your next reply:


  • The report log of ComboFix
  • The report log of DDS
And a description of any remaining problems in your next post.

How are things your end dgodfray???.


Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer



Obstacles are what you see when you take you eyes off your GOALS
Net_Surfer is a Graduate of BleepingComputer: Malware Removal Training Program You too could train to help others!

Net_Surfer
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2010-03-28
Gender Gender : Male
OS OS : xp sp3, Vista, Win7
Points Points : 25195
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by dgodfrey on Mon Apr 05, 2010 11:26 pm

Hello again Net_Surfer,
I have followed the instructions and the logs are posted below. However, I did run into a problem. When I run the ComboFix it does not give me a log to send. This is what happens:
commy.exe runs and goes through the scan.
But at some point it finds something, stops and reboots. After the reboot I log back into that account and there is no ComboFix text file on C:
But, on the C: drive there is a new file named Qoobox and an icon named "commy" that has sub folders that contains sub files of the C and D drives and the "Documents" files. This commy file is created every time I run commy.
However, on the account where the malware appeared I have control over the desk top again and can launch programs.
It appears that the problem may be taken care of but will appreciate you comments.
Best regards,
dgodfrey





JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Apr 05 07:24:34 2010

Found and removed: C:\Program Files\Java\jre1.6.0_03
Found and removed: C:\Program Files\Java\jre1.6.0_07
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\JavaPlugin.160_03
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}
Found and removed: Software\Classes\JavaPlugin.160_03
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\
------------------------------------
Finished reporting.

JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Apr 05 07:24:51 2010

------------------------------------
Finished reporting.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

DDS (Ver_10-03-17.01) - FAT32x86
Run by ATI at 14:54:15.73 on Mon 04/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.490 [GMT -7:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI\MAC2-SN\TD\XYNTService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ATI\MAC2-SN\MTL\MTL Server.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ATI\MAC2-SN\TD\tdsn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI\MAC2-SN\TD\loggingclient.exe
C:\Program Files\Common Files\DeLorme\DelSerial\XYNTService.exe
C:\Program Files\Common Files\DeLorme\DelSerial\SerEmulVspStartup.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\DeLorme\DelSerial\DeLSerial.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\ANTI VIRUS\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [VoipStunt] "c:\program files\voipstunt.com\voipstunt\VoipStunt.exe" -nosplash -minimized
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [ABLKSR] c:\windows\ablksr\ABLKSR.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PowerForPhone] c:\program files\powerforphone\powerforphone\PowerForPhone.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multif~1.lnk - c:\program files\asus\asus multiframe\MultiFrame.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R2 MAC2-SN;MAC2-SN;c:\program files\ati\mac2-sn\td\XYNTService.exe [2008-3-4 57344]
R2 SerEmulVsp;SerEmulVsp;c:\windows\system32\drivers\SerEmulVsp.sys [2007-3-28 134560]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-19 1247600]
R2 VSPDELSERIAL;VSPDELSERIAL;c:\program files\common files\delorme\delserial\XYNTService.exe [2010-3-2 57344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S2 PEVSystemStart;PEVSystemStart;c:\commy18517c\PEV.cfxxe [2010-4-5 261632]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2007-4-19 34944]
S3 Mac2 Simulator TD;Mac2 Simulator TD;c:\program files\ati\mac2 simulator\td\XYNTServiceManStart.exe [2006-11-30 57344]
S3 MAC2SN_GAP;MAC2SN_GAP;c:\program files\ati\mac2-sn\gap\XYNTService.exe [2010-1-18 57344]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2010-3-19 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2010-3-19 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2010-3-19 39936]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\ptduwflt.sys --> c:\windows\system32\drivers\PTDUWFLT.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2010-3-19 59904]

=============== Created Last 30 ================

2010-04-05 15:53:50 0 d-sh--w- C:\FOUND.001
2010-04-05 15:45:39 0 d-s---w- C:\commy18517c
2010-04-05 15:36:54 392 ----a-w- c:\windows\system32\winsusrm.dll
2010-04-05 15:35:42 0 d-sh--w- C:\FOUND.000
2010-04-05 15:19:12 0 d-sha-r- C:\cmdcons
2010-04-05 15:15:10 98816 ----a-w- c:\windows\sed.exe
2010-04-05 15:15:10 77312 ----a-w- c:\windows\MBR.exe
2010-04-05 15:15:10 261632 ----a-w- c:\windows\PEV.exe
2010-04-05 15:15:10 161792 ----a-w- c:\windows\SWREG.exe
2010-04-05 15:15:04 0 d-s---w- C:\commy
2010-04-05 15:02:35 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-05 14:44:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-04 22:05:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 22:05:01 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-04 22:05:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 22:05:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-02 19:17:37 0 d-----w- c:\docume~1\ati\applic~1\DeLorme
2010-04-02 14:26:25 0 d-----w- c:\program files\Microsoft
2010-04-02 14:26:20 0 d-----w- c:\program files\MSN Toolbar
2010-04-02 14:24:51 0 d-----w- c:\program files\MSN Toolbar Installer
2010-04-02 14:24:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 18:36:58 56532 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-29 17:43:03 0 d-----w- c:\program files\iTunes
2010-03-29 17:43:03 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-19 21:19:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Verizon Wireless
2010-03-19 21:14:45 0 d-----w- c:\program files\Verizon Wireless
2010-03-19 21:14:15 77824 ----a-w- c:\windows\system32\PTDUwmcp.dll
2010-03-19 21:14:15 59904 ----a-w- c:\windows\system32\drivers\PTDUWWAN.sys
2010-03-19 21:14:15 41344 ----a-w- c:\windows\system32\drivers\PTDUMdm.sys
2010-03-19 21:14:15 39936 ----a-w- c:\windows\system32\drivers\PTDUVsp.sys
2010-03-19 21:14:15 33024 ----a-w- c:\windows\system32\drivers\PTDUBus.sys
2010-03-19 21:14:15 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-03-16 22:44:48 0 d-----w- c:\program files\PANTECH
2010-03-09 17:53:09 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-03-03 02:30:54 12030104 ----a-w- C:\InstallSerialEmulator.exe
2010-03-03 02:24:32 7048 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:26 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2008-09-29 20:20:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 14:54:39.25 ===============

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/26/2007 6:16:15 AM
System Uptime: 4/5/2010 12:07:23 PM (2 hours ago)

Motherboard: ASUSTeK Computer Inc. | | A8JS
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | CPU 1 | 1655/668mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 67 GiB total, 25.905 GiB free.
D: is FIXED (FAT32) - 43 GiB total, 42.501 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP434: 1/17/2010 9:37:10 AM - Software Distribution Service 3.0
RP435: 1/17/2010 9:50:35 AM - Removed hp officejet g series
RP436: 1/18/2010 1:50:07 PM - System Checkpoint
RP437: 1/19/2010 5:50:07 PM - System Checkpoint
RP438: 1/20/2010 10:02:38 PM - System Checkpoint
RP439: 2/4/2010 4:31:42 PM - System Checkpoint
RP440: 2/5/2010 3:00:15 AM - Software Distribution Service 3.0
RP441: 2/8/2010 2:13:32 PM - Software Distribution Service 3.0
RP442: 2/8/2010 2:43:44 PM - Removed Google Earth.
RP443: 2/9/2010 12:46:02 PM - Installed Remote Desktop Connection
RP444: 2/10/2010 3:00:24 AM - Software Distribution Service 3.0
RP445: 2/11/2010 4:23:42 AM - System Checkpoint
RP446: 2/15/2010 3:15:05 AM - System Checkpoint
RP447: 2/16/2010 4:48:05 AM - Removed Google Earth.
RP448: 2/16/2010 5:19:41 AM - Removed Google Earth.
RP449: 2/16/2010 5:40:37 AM - Installed Windows Installer Clean Up
RP450: 2/17/2010 7:15:00 AM - System Checkpoint
RP451: 2/18/2010 7:17:49 PM - System Checkpoint
RP452: 2/18/2010 8:58:26 PM - Installed Windows XP -- Software Updates KB952011.
RP453: 2/19/2010 9:34:34 PM - System Checkpoint
RP454: 2/22/2010 11:44:34 AM - System Checkpoint
RP455: 2/23/2010 4:13:50 PM - System Checkpoint
RP456: 2/23/2010 6:28:41 PM - Removed Google Earth.
RP457: 2/24/2010 3:00:15 AM - Software Distribution Service 3.0
RP458: 2/25/2010 5:57:06 AM - System Checkpoint
RP459: 2/26/2010 10:17:53 AM - System Checkpoint
RP460: 2/27/2010 1:58:13 PM - System Checkpoint
RP461: 2/28/2010 8:28:48 PM - System Checkpoint
RP462: 3/1/2010 8:54:52 PM - System Checkpoint
RP463: 3/2/2010 10:00:34 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP464: 3/2/2010 10:08:17 AM - Installed DeLorme Street Atlas USA 2010.
RP465: 3/2/2010 7:40:27 PM - Installed DeLorme Serial Emulator.
RP466: 3/4/2010 3:00:15 AM - Software Distribution Service 3.0
RP467: 3/5/2010 4:59:47 AM - System Checkpoint
RP468: 3/10/2010 3:00:29 AM - Software Distribution Service 3.0
RP469: 3/16/2010 5:32:06 PM - System Checkpoint
RP470: 3/17/2010 6:17:35 PM - System Checkpoint
RP471: 3/18/2010 6:21:19 PM - System Checkpoint
RP472: 3/19/2010 1:55:06 PM - Installed VZAccess Manager.
RP473: 3/19/2010 2:04:47 PM - Removed VZAccess Manager.
RP474: 3/20/2010 2:21:46 PM - System Checkpoint
RP475: 3/21/2010 3:20:41 PM - System Checkpoint
RP476: 3/29/2010 9:55:19 PM - System Checkpoint
RP477: 3/31/2010 2:48:59 PM - System Checkpoint
RP478: 4/1/2010 3:00:16 AM - Software Distribution Service 3.0
RP479: 4/2/2010 3:08:19 AM - System Checkpoint
RP480: 4/2/2010 7:23:48 AM - Installed Java(TM) 6 Update 17
RP481: 4/2/2010 7:24:20 AM - Installed MSN Toolbar Setup
RP482: 4/4/2010 5:18:51 PM - System Checkpoint
RP483: 4/5/2010 7:43:48 AM - Removed Java(TM) 6 Update 17
RP484: 4/5/2010 7:44:09 AM - Installed Java(TM) 6 Update 19
RP485: 4/5/2010 8:02:17 AM - Restore Operation

==== Installed Programs ======================

2007 Microsoft Office system
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS InstantFun
ASUS Live Update
Asus MiVo Messenger
Asus MultiFrame
ASUS Splendid Video Enhancement Technology
Asus_A_Series_ScreenSaver
ASUSDVD
ATI MAC2 Client 2.10
ATI MAC2 Simulator 2.10
ATK Media
ATK0100 ACPI UTILITY
BattleScape Developer Option 3.4
Belarc Advisor 7.2
Bluetooth Stack for Windows
Boeing ACLM 2.0
Bonjour
CCleaner (remove only)
Container3D 3.1.8
Critical Update for Windows Media Player 11 (KB959772)
DeLorme Serial Emulator
DeLorme Street Atlas USA 2010
DivX Web Player
Google Chrome
Google Earth
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PROSet/Wireless Software
iPod for Windows 2005-10-12
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 7
LifeFrame2
LightScribe 1.4.89.1
MAC2-SN HQ 1.7.3
MAC2SN GAP 1.0.4
MAC2SN MTL Patch 1.7.5
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MapPoint North America 2004
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
Nero OEM
Net4Switch
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PANTECH UM175 Driver
Picasa 3
Power4 Gear
PowerForPhone
QuickTime
REALTEK PCIE NIC Driver
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SetPoint
Skype™ 4.0
SMSC IrCC V5.1.3600.9
SoundMAX
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VZAccess Manager
WebFldrs XP
Windows Desktop Search 3.01
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFlash
Wireless Console 2
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/5/2010 8:38:58 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f738db26, parameter3 ba3ffba8, parameter4 00000000.
4/5/2010 8:24:05 AM, error: Service Control Manager [7034] - The VSPDELSERIAL service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 8:24:05 AM, error: Service Control Manager [7034] - The MAC2-SN service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 2:50:37 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f7369b26, parameter3 b9f03ba8, parameter4 00000000.
4/4/2010 3:41:24 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
3/31/2010 6:36:14 PM, error: Dhcp [1002] - The IP address lease 172.28.101.31 for the Network Card with network address 001B770A7CE4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/31/2010 5:55:54 PM, error: Service Control Manager [7034] - The Symantec Core LC service terminated unexpectedly. It has done this 1 time(s).
3/31/2010 5:51:56 PM, error: PlugPlayManager [12] - The device 'PANTECH UM175 WWAN Driver #2' (USB\VID_106c&PID_3714&MI_03\6&1f084bdf&0&8515) disappeared from the system without first being prepared for removal.

==== End Of File ===========================

dgodfrey
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-02
OS OS : Windows XP
Points Points : 24493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by Net_Surfer on Tue Apr 06, 2010 12:20 am

Hi again.

I will like to see if combofix found some baddies, do this:

Click Start>Run and copy/paste the following bolded text into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A report should pop open for you. Please post the contents in your next reply.


Obstacles are what you see when you take you eyes off your GOALS
Net_Surfer is a Graduate of BleepingComputer: Malware Removal Training Program You too could train to help others!

Net_Surfer
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2010-03-28
Gender Gender : Male
OS OS : xp sp3, Vista, Win7
Points Points : 25195
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by dgodfrey on Tue Apr 06, 2010 1:17 am

Unfortuneately, no txt file comes up. So I looked in the Qoobox file and there are no txt files there in the Quarantined file. So I searched ComboFix but did not come up with anything.
dgodfrey

dgodfrey
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-02
OS OS : Windows XP
Points Points : 24493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by Net_Surfer on Tue Apr 06, 2010 6:53 am

can you do the steps of Rkill and ComboFix again. and post the logs.

Net_Surfer


Obstacles are what you see when you take you eyes off your GOALS
Net_Surfer is a Graduate of BleepingComputer: Malware Removal Training Program You too could train to help others!

Net_Surfer
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2010-03-28
Gender Gender : Male
OS OS : xp sp3, Vista, Win7
Points Points : 25195
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by dgodfrey on Tue Apr 06, 2010 8:49 pm

Hello again,

I ran Rkill and the log is posted below.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as dgodfrey on 04/06/2010 at 12:55:14.
Processes terminated by Rkill or while it was running:
C:\Documents and Settings\dgodfrey\Desktop\rkill.com
Rkill completed on 04/06/2010 at 12:55


This is the sequence when I run ComboFix.
Initially it asks for and gets the latest version from the Internet. It then goes through the “Create System Restore” function and starts the check.
After it reached “Completed Stage 50” it says,
Deleting C:\WINDOWS\system32|winusrm.dll
After a few seconds the computer shuts down and reboots, but goes through a disc check.
During the check it says:
Volume ser B043-DF50
\combofix\index.dat
First allocation unit is not valid.
The entry will be truncated.
It then all moves fast but there is a reference to \localseetings\temp\WPDNSE
After this on the C: drive there is no txt file just the ComboFix folder I mentioned yesterday.

At the moment all esle appears to be working normally and I have not seen any malware pop ups.
Thank you,
dagodfrey

dgodfrey
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-02
OS OS : Windows XP
Points Points : 24493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by Net_Surfer on Fri Apr 09, 2010 4:00 am

Hello again dagodfrey, Honored

Sorry for the delay.

I need another scan of your computer since you stated that combofix keeps deleting files. Let me think

Please carefully follow my next set of instructions:


Step 1.

  • Download: [You must be registered and logged in to see this link.] to your desktop.
    if you have problems, try this download link:
    [You must be registered and logged in to see this link.]
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.


    Now copy the lines below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT



  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    .
  • Click the Run Scan button.



  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.



Summary of the logs I will need in your next reply:


  • the report logs of OTL:

    OTL.Txt and Extras.Txt

Since we renamed combofix for commy.exe, then look for the logs at:
C:\commy.txt
It should be two logs there now, since we had ran it twice.

Please post both here for my review along with the OTL logs.

How are things your end dagodfrey?


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Kind regards
Net_Surfer

(Gunsmoke)


Obstacles are what you see when you take you eyes off your GOALS
Net_Surfer is a Graduate of BleepingComputer: Malware Removal Training Program You too could train to help others!

Net_Surfer
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2010-03-28
Gender Gender : Male
OS OS : xp sp3, Vista, Win7
Points Points : 25195
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by dgodfrey on Fri Apr 09, 2010 5:11 pm

Hello,

I have run the OTL and the log is below from both files.
However, the commy file does not appear on the C: drive, only the commy folders. Attached is a picture of the screen with those folders opened. Also ran it as ComboFix with the same result.
Thank yoiu.
dgodfrey



OTL logfile created on: 4/9/2010 9:34:26 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\dgodfrey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 665.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.05 Gb Total Space | 25.59 Gb Free Space | 38.16% Space Free | Partition Type: FAT32
Drive D: | 42.84 Gb Total Space | 42.50 Gb Free Space | 99.21% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ATI-MAC2
Current User Name: dgodfrey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\dgodfrey\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ATI\MAC2-SN\MTL\MTL Server.exe (Australian Technology Information)
PRC - C:\Program Files\ATI\MAC2-SN\TD\tdsn.exe ()
PRC - C:\Program Files\ATI\MAC2-SN\TD\LoggingClient.exe (Australian Technology Information)
PRC - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\DeLorme\DelSerial\XYNTService.exe ()
PRC - C:\Program Files\ATI\MAC2-SN\TD\XYNTService.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\DeLorme\DelSerial\DeLSerial.exe (DeLorme Publishing Co., Inc.)
PRC - C:\Program Files\Common Files\DeLorme\DelSerial\SerEmulVspStartup.exe ()
PRC - C:\WINDOWS\ATK0100\HControl.exe ()
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe ()
PRC - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\WINDOWS\system32\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\dgodfrey\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll ()
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\Program Files\SetPoint\lgscroll.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (MAC2SN_GAP) -- C:\Program Files\ATI\MAC2-SN\GAP\XYNTService.exe ()
SRV - (VSPDELSERIAL) -- C:\Program Files\Common Files\DeLorme\DelSerial\XYNTService.exe ()
SRV - (MAC2-SN) -- C:\Program Files\ATI\MAC2-SN\TD\XYNTService.exe ()
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Mac2 Simulator TD) -- C:\Program Files\ATI\MAC2 Simulator\TD\XYNTServiceManStart.exe ()
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (PTDUWWAN) -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys (DEVGURU Co,LTD.)
DRV - (PTDUVsp) -- C:\WINDOWS\system32\drivers\PTDUVsp.sys (DEVGURU Co,LTD.)
DRV - (PTDUMdm) -- C:\WINDOWS\system32\drivers\PTDUMdm.sys (DEVGURU Co,LTD.)
DRV - (PTDUBus) -- C:\WINDOWS\system32\drivers\PTDUBus.sys (DEVGURU Co,LTD.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SerEmulVsp) -- C:\WINDOWS\system32\drivers\SerEmulVsp.sys ()
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (ipswuio) -- C:\WINDOWS\system32\drivers\ipswuio.sys (Windows (R) 2000 DDK provider)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMOUKE.sys (Logitech, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (usbvm321) Vimicro USB PC Camera (VC0321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.EXE (ASYSTeK Computer INC.)
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiFrame.lnk = C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\dgodfrey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dgodfrey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/19 06:56:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/04/19 06:45:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 09:30:47 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dgodfrey\Desktop\OTL.exe
[2010/04/06 13:22:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/06 13:17:18 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2010/04/06 09:13:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2010/04/05 15:23:02 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2010/04/05 11:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/04/05 08:53:50 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2010/04/05 08:45:39 | 000,000,000 | --SD | C] -- C:\commy18517c
[2010/04/05 08:36:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/05 08:35:42 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2010/04/05 08:19:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/05 08:15:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/05 08:15:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/05 08:15:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/05 08:15:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/05 08:15:04 | 000,000,000 | --SD | C] -- C:\commy
[2010/04/05 08:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/05 08:13:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/05 07:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/05 07:44:24 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 07:44:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 07:44:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 07:44:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/05 07:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/05 07:42:14 | 016,291,616 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\dgodfrey\Desktop\jre-6u19-windows-i586.exe
[2010/04/04 15:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dgodfrey\Application Data\Malwarebytes
[2010/04/04 15:05:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/04 15:05:01 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/04 15:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/04 15:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/02 07:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/02 07:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/04/02 07:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/04/02 07:24:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/31 21:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dgodfrey\Application Data\Sun
[2010/03/31 11:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dgodfrey\My Documents\DCI DOCS
[2010/03/29 10:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/29 10:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/29 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/29 10:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dgodfrey\Local Settings\Application Data\Apple
[2010/03/24 17:01:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dgodfrey\My Documents\My Videos
[2010/03/19 14:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2010/03/19 14:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dgodfrey\Application Data\Smith Micro
[2010/03/19 14:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
[2010/03/19 14:14:15 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2010/03/19 14:14:15 | 000,077,824 | ---- | C] (DEVGURU) -- C:\WINDOWS\System32\PTDUwmcp.dll
[2010/03/19 14:14:15 | 000,059,904 | ---- | C] (DEVGURU Co,LTD.) -- C:\WINDOWS\System32\drivers\PTDUWWAN.sys
[2010/03/19 14:14:15 | 000,041,344 | ---- | C] (DEVGURU Co,LTD.) -- C:\WINDOWS\System32\drivers\PTDUMdm.sys
[2010/03/19 14:14:15 | 000,039,936 | ---- | C] (DEVGURU Co,LTD.) -- C:\WINDOWS\System32\drivers\PTDUVsp.sys
[2010/03/19 14:14:15 | 000,033,024 | ---- | C] (DEVGURU Co,LTD.) -- C:\WINDOWS\System32\drivers\PTDUBus.sys
[2010/03/19 13:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dgodfrey\Application Data\Verizon Wireless
[2010/03/19 13:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dgodfrey\Application Data\InstallShield
[2010/03/16 15:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\PANTECH
[2010/02/04 15:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/05 11:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/11/20 07:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/10 11:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/04/19 07:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/04/19 07:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/04/19 07:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/04/19 07:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/04/19 06:49:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/04/19 06:49:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/09 09:35:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\System32\winsusrm.dll
[2010/04/09 09:30:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dgodfrey\Desktop\OTL.exe
[2010/04/09 09:30:24 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/09 08:41:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/08 22:41:02 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/06 19:51:00 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Street Atlas USA 2010.lnk
[2010/04/06 13:30:34 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/06 13:30:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/06 13:30:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/06 13:29:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/06 13:29:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/06 13:29:00 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/06 12:50:04 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\dgodfrey\Desktop\rkill.com
[2010/04/06 11:17:58 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\dgodfrey\Desktop\Shortcut to ComboFix.exe.lnk
[2010/04/06 09:41:22 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/04/06 00:07:42 | 002,621,440 | ---- | M] () -- C:\Documents and Settings\dgodfrey\ntuser.dat
[2010/04/05 08:19:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/05 07:51:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\dgodfrey\ntuser.ini
[2010/04/05 07:46:20 | 003,907,460 | ---- | M] () -- C:\Documents and Settings\dgodfrey\Desktop\commy.exe
[2010/04/05 07:44:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 07:44:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 07:44:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 07:44:18 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/05 07:44:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/05 07:42:16 | 016,291,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\dgodfrey\Desktop\jre-6u19-windows-i586.exe
[2010/04/04 15:05:06 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/02 12:36:08 | 000,003,438 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8Cq4r
[2010/04/02 12:02:40 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/02 07:15:26 | 000,009,272 | -HS- | M] () -- C:\Documents and Settings\dgodfrey\Local Settings\Application Data\8Cq4r
[2010/04/02 07:15:18 | 004,315,982 | -H-- | M] () -- C:\Documents and Settings\dgodfrey\Local Settings\Application Data\IconCache.db
[2010/03/30 08:48:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 11:37:00 | 000,056,532 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/24 16:45:04 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\dgodfrey\Desktop\Windows Media Player.lnk
[2010/03/19 14:15:28 | 000,001,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/03/16 16:18:48 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/12 18:02:40 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/06 12:52:53 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\dgodfrey\Desktop\rkill.com
[2010/04/06 11:17:56 | 000,000,378 | ---- | C] () -- C:\Documents and Settings\dgodfrey\Desktop\Shortcut to ComboFix.exe.lnk
[2010/04/05 08:36:54 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2010/04/05 08:19:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/05 08:19:16 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/05 08:15:10 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/05 08:15:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/05 08:15:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/05 08:15:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/05 08:15:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/05 07:46:19 | 003,907,460 | ---- | C] () -- C:\Documents and Settings\dgodfrey\Desktop\commy.exe
[2010/04/04 15:05:05 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 13:54:29 | 000,009,272 | -HS- | C] () -- C:\Documents and Settings\dgodfrey\Local Settings\Application Data\8Cq4r
[2010/04/01 13:54:29 | 000,003,438 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8Cq4r
[2010/03/29 21:55:16 | 002,621,440 | ---- | C] () -- C:\Documents and Settings\dgodfrey\ntuser.dat
[2010/03/29 11:36:58 | 000,056,532 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/29 10:43:48 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/19 14:15:26 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/03/02 20:44:24 | 000,000,140 | ---- | C] () -- C:\WINDOWS\DeLGPS.ini
[2010/03/02 20:21:48 | 000,000,191 | ---- | C] () -- C:\WINDOWS\DeLSerial.ini
[2010/02/16 02:14:57 | 004,692,756 | ---- | C] () -- C:\Documents and Settings\dgodfrey\Local Settings\Application Data\Install.exe
[2010/02/16 02:14:54 | 000,770,048 | -H-- | C] () -- C:\Documents and Settings\dgodfrey\ntuser.dat.LOG
[2010/02/16 02:14:54 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\dgodfrey\ntuser.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/18 15:37:30 | 000,002,722 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2008/08/08 10:28:39 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2008/03/09 20:13:22 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/08/17 21:09:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/16 21:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\top_svr.INI
[2007/05/30 15:42:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/05/26 06:16:12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2007/05/26 06:16:12 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2007/05/03 11:06:00 | 000,214,263 | ---- | C] () -- C:\WINDOWS\System32\drivers\TCPRASS3.SYS
[2007/04/19 07:35:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/04/19 07:00:15 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/04/18 16:51:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/03/28 11:59:02 | 000,134,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\SerEmulVsp.sys
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/07/20 08:58:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 08:58:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 08:58:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 08:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/20 08:58:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/01/02 21:16:32 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/05/06 06:06:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2005/04/14 17:05:34 | 004,091,904 | R--- | C] () -- C:\WINDOWS\System32\Inventor.dll
[2005/02/17 10:07:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2004/08/20 15:18:51 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2004/08/20 15:18:51 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2000/09/07 22:51:30 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2000/07/26 09:25:00 | 001,716,303 | R--- | C] () -- C:\WINDOWS\System32\tls707dai.dll
[2000/06/20 13:11:08 | 000,417,792 | R--- | C] () -- C:\WINDOWS\System32\tls704dai.dll
[1999/11/17 13:09:52 | 000,139,323 | ---- | C] () -- C:\WINDOWS\System32\spptclasses2d.dll
[1999/11/17 13:09:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SpptClasses2.dll
[1999/11/17 12:44:02 | 000,143,427 | ---- | C] () -- C:\WINDOWS\System32\ClockController2D.dll
[1999/11/17 12:43:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ClockController2.dll
[1999/02/16 16:20:58 | 000,143,431 | ---- | C] () -- C:\WINDOWS\System32\ClockControllerD.dll
[1999/02/16 16:20:40 | 000,139,327 | ---- | C] () -- C:\WINDOWS\System32\spptclassesd.dll
[1999/02/16 16:02:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ClockController.dll
[1999/02/16 16:01:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SpptClasses.dll
[1998/07/10 19:05:22 | 004,064,256 | ---- | C] () -- C:\WINDOWS\System32\Inv250.dll
[1998/07/10 18:13:32 | 005,852,672 | ---- | C] () -- C:\WINDOWS\System32\Inv250d.dll
[1998/02/25 20:32:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\tls704d.dll
[1998/02/25 20:30:32 | 000,632,832 | ---- | C] () -- C:\WINDOWS\System32\tls707d.dll

========== LOP Check ==========

[2009/03/15 09:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/02 10:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Imagery Concepts, LLC
[2009/05/20 21:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/02 10:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2010/03/29 10:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/16 02:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dgodfrey\Application Data\Windows Desktop Search
[2010/03/02 10:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dgodfrey\Application Data\DeLorme
[2010/03/19 14:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dgodfrey\Application Data\Smith Micro
[2010/04/06 13:30:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/03/02 19:30:54 | 012,030,104 | ---- | M] (DeLorme ) -- C:\InstallSerialEmulator.exe


< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/17 08:51:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/17 08:51:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/17 08:51:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/17 08:51:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
< End of report >

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OTL Extras logfile created on: 4/9/2010 9:34:26 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\dgodfrey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 665.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.05 Gb Total Space | 25.59 Gb Free Space | 38.16% Space Free | Partition Type: FAT32
Drive D: | 42.84 Gb Total Space | 42.50 Gb Free Space | 99.21% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ATI-MAC2
Current User Name: dgodfrey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" = C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt -- File not found
"C:\Program Files\ATI\MAC2-SN\GAP\GAP.exe" = C:\Program Files\ATI\MAC2-SN\GAP\GAP.exe:*:Enabled:GAP -- ()
"C:\Program Files\ATI\MAC2-SN\MTL\MTL Server.exe" = C:\Program Files\ATI\MAC2-SN\MTL\MTL Server.exe:*:Enabled:MTL Server -- (Australian Technology Information)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{2CCE60EA-534A-4A87-854C-CE0FE8D072B9}" = BattleScape Developer Option 3.4
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{570792A3-B8AF-44E1-83FE-D508503D5BE8}" = Boeing ACLM 2.0
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8704D51E-25B7-4F23-81E7-AA4F54790230}" = Microsoft MapPoint North America 2004
"{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone
"{89EE0ED7-DCE1-4D3A-9F10-2BDCCD97E9AA}" = DeLorme Serial Emulator
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A52415E5-CA1E-44DE-9EDC-D412F31D271C}" = Google Photos Screensaver
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.9
"{F3561AD8-BDB2-467F-BB03-69B3890BEC36}" = DeLorme Street Atlas USA 2010
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Asus_A_Series_ScreenSaver" = Asus_A_Series_ScreenSaver
"ATI MAC2 Client" = ATI MAC2 Client 2.10
"ATI MAC2 Simulator" = ATI MAC2 Simulator 2.10
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CCleaner" = CCleaner (remove only)
"Container3D" = Container3D 3.1.8
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2CCE60EA-534A-4A87-854C-CE0FE8D072B9}" = BattleScape Developer Option 3.4
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"M3" = Asus MiVo Messenger
"MAC2SN GAP" = MAC2SN GAP 1.0.4
"MAC2-SN HQ" = MAC2-SN HQ 1.7.3
"MAC2SN MTL Patch" = MAC2SN MTL Patch 1.7.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel(R) PROSet/Wireless Software
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VZAccess Manager" = VZAccess Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2010 5:46:06 PM | Computer Name = ATI-MAC2 | Source = Application Error | ID = 1000
Description = Faulting application OGAEXEC.exe, version 2.0.48.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0002cede.

Error - 4/5/2010 5:50:00 PM | Computer Name = ATI-MAC2 | Source = Application Error | ID = 1001
Description = Fault bucket 1431305578.

Error - 4/5/2010 6:24:49 PM | Computer Name = ATI-MAC2 | Source = Application Error | ID = 1000
Description = Faulting application OGAEXEC.exe, version 2.0.48.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0002cede.

Error - 4/5/2010 6:24:58 PM | Computer Name = ATI-MAC2 | Source = Application Error | ID = 1001
Description = Fault bucket 1431305578.

Error - 4/6/2010 12:14:30 PM | Computer Name = ATI-MAC2 | Source = Application Error | ID = 1000
Description = Faulting application OGAEXEC.exe, version 2.0.48.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0002cede.

Error - 4/6/2010 4:18:57 PM | Computer Name = ATI-MAC2 | Source = Application Error | ID = 1000
Description = Faulting application OGAEXEC.exe, version 2.0.48.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0002cede.

Error - 4/6/2010 4:30:26 PM | Computer Name = ATI-MAC2 | Source = Application Error | ID = 1000
Description = Faulting application OGAEXEC.exe, version 2.0.48.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0002cede.

Error - 4/8/2010 7:13:36 PM | Computer Name = ATI-MAC2 | Source = Google Update | ID = 20
Description =

Error - 4/8/2010 8:13:27 PM | Computer Name = ATI-MAC2 | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.1.1255, faulting module
symlcnet.dll, version 1.9.1.1255, fault address 0x00010d44.

Error - 4/8/2010 9:50:56 PM | Computer Name = ATI-MAC2 | Source = Application Hang | ID = 1002
Description = Hanging application iFrmewrk.exe, version 10.5.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 8/18/2008 6:30:43 PM | Computer Name = ATI-MAC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1089
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/6/2010 4:19:50 PM | Computer Name = ATI-MAC2 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 f7369b26, parameter3
bac09ba8, parameter4 00000000.

Error - 4/6/2010 4:23:30 PM | Computer Name = ATI-MAC2 | Source = Service Control Manager | ID = 7034
Description = The MAC2-SN service terminated unexpectedly. It has done this 1 time(s).

Error - 4/6/2010 4:23:30 PM | Computer Name = ATI-MAC2 | Source = Service Control Manager | ID = 7034
Description = The VSPDELSERIAL service terminated unexpectedly. It has done this
1 time(s).

Error - 4/6/2010 4:31:10 PM | Computer Name = ATI-MAC2 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 f7369b26, parameter3
b9f13ba8, parameter4 00000000.

Error - 4/7/2010 1:21:22 AM | Computer Name = ATI-MAC2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.144 on
the Network Card with network address 001B770A7CE4.

Error - 4/7/2010 6:20:08 PM | Computer Name = ATI-MAC2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.144 on
the Network Card with network address 001B770A7CE4.

Error - 4/7/2010 6:50:45 PM | Computer Name = ATI-MAC2 | Source = PlugPlayManager | ID = 12
Description = The device 'PANTECH UM175 WWAN Driver #3' (USB\VID_106c&PID_3714&MI_03\6&61e445d&1&8515)
disappeared from the system without first being prepared for removal.

Error - 4/7/2010 7:54:09 PM | Computer Name = ATI-MAC2 | Source = PlugPlayManager | ID = 12
Description = The device 'PANTECH UM175 WWAN Driver #4' (USB\VID_106c&PID_3714&MI_03\6&887219e&1&8515)
disappeared from the system without first being prepared for removal.

Error - 4/8/2010 8:18:29 PM | Computer Name = ATI-MAC2 | Source = Service Control Manager | ID = 7034
Description = The Symantec Core LC service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/8/2010 9:40:33 PM | Computer Name = ATI-MAC2 | Source = PlugPlayManager | ID = 12
Description = The device 'PANTECH UM175 WWAN Driver #3' (USB\VID_106c&PID_3714&MI_03\6&61e445d&1&8515)
disappeared from the system without first being prepared for removal.


< End of report >
[u]

dgodfrey
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-04-02
OS OS : Windows XP
Points Points : 24493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Antivirus 2010 malware

Post by Net_Surfer on Fri Apr 09, 2010 11:55 pm

Hello again dgodfrey, Honored

OTL log findings:



Code:
[2010/04/06 11:17:56 | 000,000,378 | ---- | C] () -- C:\Documents and Settings\dgodfrey\Desktop\Shortcut to ComboFix.exe.lnk
This tells me that you created a shortcut on the desktop of combofix.....

You supposed to save combofix on the desktop. Please see step 2 .


Code:
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
Please uninstall this old versions of Java.

---
OK... Please follow the steps and ensure that after you delete old versions of combofix and save the new version on your desktop!

Let's fix some issues with OTL by doing the following:

Double click on the Icon at your desktop to run it.
(Vista users right click and run as an Admin.)
Copy the lines in the codebox below. (make sure that :Otl is on the first line ) just highlight everything in the code box (starting with :Otl ) and copy and paste it into the 'Custom scan/fix' box on OTL.
Code:
:OTL
SRV - (PEVSystemStart) -- File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab  (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/19 06:56:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

:Files
C:\WINDOWS\System32\winsusrm.dll
C:\Documents and Settings\dgodfrey\Local Settings\Application Data\8Cq4r
C:\Documents and Settings\All Users\Application Data\8Cq4r

:Commands
[PURITY]
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[REBOOT]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.



  • Click the red Run Fix button.


  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.


Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

Step 2.Please delete any copies of combofix and download a new version and run it after that please post the log back here for my review.

Step 3. Run ESET Online Scan

Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
.

You can use either Internet Explorer or Mozilla FireFox for this scan.

    Vista Users be sure to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "[You must be registered and logged in to see this link.]" from the context menu.

  1. Please go [You must be registered and logged in to see this link.] then click on: button.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. the logfile will be located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Include the contents of this report in your next reply.
    Note: If Eset finds not bad files it will NOT produce a log. This is normal.
  • Push the button.
  • Push
  • Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "[You must be registered and logged in to see this link.]" from the context menu.)

    You can refer to this animation.
    **Note**
    To optimize scanning time and produce a more sensible report for review:

    • Close any open programs

    • Turn off the real time scanner of any existing anti-virus program while performing the online scan.

    Please reply back with the OTL log along with the combofix log and Eset report log.

    Kind regards
    Net_Surfer

    (Gunsmoke)


    Obstacles are what you see when you take you eyes off your GOALS
    Net_Surfer is a Graduate of BleepingComputer: Malware Removal Training Program You too could train to help others!

    Net_Surfer
    Intermediate
    Intermediate

    Posts Posts : 57
    Joined Joined : 2010-03-28
    Gender Gender : Male
    OS OS : xp sp3, Vista, Win7
    Points Points : 25195
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum