Security Tool 2010 - Infected on Windows XP Home Edition SP3

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Security Tool 2010 - Infected on Windows XP Home Edition SP3

Post by MBanks on Wed 15 Sep 2010, 3:29 pm

First topic message reminder :

Hi,
I've been trying for a couple of days to sort this out before I found this forum. Prior to finding this forum and running OTL I have tried:

- Running the RKill to stop the main program pop up....that's didn't work.

- Ran MBAM in normal mode which found some infected files and removed. This was early days with the problem so I thought it had worked....booted back up and low and behold it was still there.

- Loaded up in normal mode, opened task manager straight away, noted down the random string of numbers which was the program running, stopped the program running. Found the folder containing the program, deleted and emptied the recycle bin.

- Booted up in Safe mode and ran Combofix....which found loads of infected files and did its thing which I believe was delete the infected files and restore them.

- After Combofix booted up in normal mode...the main program doesn't load up anymore, however I still can't run any programs or do a system restore to prior to having the infection.


So, now I've found this forum, downloaded and run OTL off a USB key in the infected computer, and here is the log file and the Extras file...

LOG:

OTL logfile created on: 15/09/2010 05:03:44 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 794.00 Mb Available Physical Memory | 78.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 1.76 Gb Free Space | 4.40% Space Free | Partition Type: NTFS
Drive D: | 34.49 Gb Total Space | 0.79 Gb Free Space | 2.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 14.92 Gb Total Space | 1.05 Gb Free Space | 7.07% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTLIN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/15 11:54:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- F:\OTL.com
PRC - [2009/03/25 17:25:20 | 000,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/03/25 17:25:20 | 000,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/03/19 11:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/15 11:54:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- F:\OTL.com
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\pleasework329596p\PEV.cfx -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/01 14:21:30 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/03/25 17:25:20 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/03/25 11:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/03/24 00:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/03/19 11:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/01/09 13:05:26 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/01/09 11:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/09 09:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\easdrv.sys -- (easdrv)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/05/23 00:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/03/25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/02/17 18:11:30 | 000,024,232 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/10/23 13:08:54 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/12 10:30:54 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/07/16 11:52:00 | 004,747,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/14 07:12:06 | 000,025,088 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (Ktp)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/12 03:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/07/27 04:00:38 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007/05/03 12:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/10/10 23:24:00 | 001,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2001/08/17 15:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/03 01:28:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0FED6A9D-2712-4322-8209-E040FCB5E084}: C:\Documents and Settings\Web\Local Settings\Application Data\{0FED6A9D-2712-4322-8209-E040FCB5E084}
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/12 16:25:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/10 06:03:36 | 000,000,000 | ---D | M]

[2010/09/12 02:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/11/10 19:21:00 | 001,499,136 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/08/22 05:00:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/22 05:00:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/22 05:00:30 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/22 05:00:30 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/14 09:15:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (IEButton Class) - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: )
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe File not found
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ocernwasxm.tmp] C:\DOCUME~1\Web\LOCALS~1\Temp\ocernwasxm.tmp File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe File not found
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Wmimefameteq] C:\WINDOWS\onuyohuy.DLL File not found
O4 - HKLM..\Run: [wupdate] C:\WINDOWS\System32\wupdate.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\lspnuj.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/05 02:52:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AlcWzrd - hkey= - key= - C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - C:\pleasework329596p\PEV.cfx File not found
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - C:\pleasework329596p\PEV.cfx File not found
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/09/14 09:08:41 | 000,000,000 | ---D | C] -- C:\pleasework329596p
[2010/09/14 08:37:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/14 08:36:25 | 000,000,000 | ---D | C] -- C:\pleasework3
[2010/09/14 08:35:59 | 004,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2010/09/14 08:25:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/14 08:25:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/14 08:25:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/14 08:25:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/14 08:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/14 08:25:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/14 07:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/14 07:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/14 07:33:41 | 006,084,416 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Administrator\Desktop\HitmanPro35.exe
[2010/09/14 05:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/14 03:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/09/14 03:02:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/14 03:02:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/14 03:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/14 03:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/14 03:01:46 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/09/14 03:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/09/14 03:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2010/09/14 03:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/09/14 03:00:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Desktop\StarOffice 8
[2010/09/14 03:00:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/09/14 03:00:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/09/14 03:00:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/09/14 03:00:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/09/14 03:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/09/14 03:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/09/14 03:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/09/14 03:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/09/14 03:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/09/14 03:00:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/09/14 03:00:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/09/14 03:00:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/09/14 03:00:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/09/14 03:00:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/09/14 03:00:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/09/14 03:00:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/09/14 03:00:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/09/14 03:00:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/09/14 03:00:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/09/14 02:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/13 01:39:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/09/11 12:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2008/07/05 03:55:03 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\U1 Setup.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/15 05:06:30 | 000,841,216 | ---- | M] () -- C:\WINDOWS\System32\drivers\lggtctm.sys
[2010/09/15 04:30:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/15 04:29:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/15 04:29:16 | 000,020,589 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/09/15 04:29:16 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/09/15 04:25:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/15 04:12:57 | 000,002,838 | ---- | M] () -- C:\WINDOWS\uyevuladiwoxewof.dll
[2010/09/15 04:10:46 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/14 15:35:26 | 004,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2010/09/14 14:49:56 | 003,844,155 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\pleasework3.exe
[2010/09/14 14:26:38 | 006,084,416 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Administrator\Desktop\HitmanPro35.exe
[2010/09/14 09:19:31 | 004,959,888 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/14 09:15:54 | 000,000,284 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/14 09:15:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/14 08:37:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/14 08:12:43 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/09/14 08:12:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/14 04:47:48 | 000,002,838 | ---- | M] () -- C:\WINDOWS\Ojefuyag.dat
[2010/09/14 03:59:51 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fix.inf
[2010/09/14 03:45:05 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fix.reg
[2010/09/14 03:02:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/14 03:01:40 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/09/14 02:48:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qtuweqetalaj.bin
[2010/09/13 11:27:42 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/09/13 11:26:24 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/09/08 12:50:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/15 04:29:16 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/09/15 04:12:57 | 000,002,838 | ---- | C] () -- C:\WINDOWS\uyevuladiwoxewof.dll
[2010/09/14 08:37:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/14 08:37:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/14 08:34:25 | 003,844,155 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\pleasework3.exe
[2010/09/14 08:25:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/14 08:25:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/14 08:25:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/14 08:25:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/14 08:25:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/14 03:59:51 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fix.inf
[2010/09/14 03:53:58 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/09/14 03:45:05 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fix.reg
[2010/09/14 03:02:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/14 03:00:48 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2010/09/14 03:00:48 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/14 03:00:48 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/14 03:00:47 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/09/14 03:00:42 | 000,303,104 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/09/14 03:00:42 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/14 03:00:41 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/09/13 01:43:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qtuweqetalaj.bin
[2010/09/13 01:43:48 | 000,002,838 | ---- | C] () -- C:\WINDOWS\Ojefuyag.dat
[2010/09/13 01:42:14 | 000,841,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\lggtctm.sys
[2009/05/15 13:17:11 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2009/05/15 13:17:09 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2009/02/17 18:11:30 | 000,024,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2009/01/04 22:25:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/07/05 04:34:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/05 03:37:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/07/05 03:37:44 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/07/05 03:37:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/07/05 03:37:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/07/05 03:37:44 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/07/05 03:37:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/07/05 02:59:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/07/03 05:32:06 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/03 05:31:59 | 000,078,336 | ---- | C] () -- C:\WINDOWS\wimgxft.dll
[2008/03/17 23:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/09/15 05:07:30 | 000,841,216 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\lggtctm.sys

< %systemroot%\System32\config\*.sav >
[2008/07/04 19:43:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/04 19:43:57 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/04 19:43:57 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/14 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/04/14 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2008/04/14 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/14 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/14 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/14 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/14 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/14 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/14 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/14 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/14 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/14 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/14 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/14 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/14 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 13:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/04/17 13:26:40 | 001,847,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2008/07/05 03:02:43 | 000,000,157 | ---- | M] () -- C:\AsusUpdate.log
[2008/07/05 02:52:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/26 03:00:19 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/14 08:37:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/14 09:17:53 | 000,010,888 | ---- | M] () -- C:\ComboFix.txt
[2008/07/05 02:52:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/05 02:52:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/05 02:52:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/15 04:30:09 | 1595,932,672 | -HS- | M] () -- C:\pagefile.sys
[2008/07/05 02:59:24 | 000,000,522 | ---- | M] () -- C:\RHDSetup.log
[2010/09/14 03:55:32 | 000,000,408 | ---- | M] () -- C:\rkill.log

< %PROGRAMFILES%\*. >
[2010/03/05 04:45:02 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/08/02 08:30:14 | 000,000,000 | ---D | M] -- C:\Program Files\Ableton
[2009/11/10 16:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\Acoustic Labs Multitrack Recorder (Demo)
[2010/04/08 04:51:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/25 17:00:22 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/05/02 05:59:13 | 000,000,000 | ---D | M] -- C:\Program Files\Aptana
[2008/07/05 03:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\Asus
[2010/07/10 05:55:44 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/05/15 13:13:07 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/09/14 09:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/07/05 02:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/09/11 12:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\Convar
[2008/12/25 12:28:41 | 000,000,000 | ---D | M] -- C:\Program Files\ECAP
[2008/12/25 12:30:24 | 000,000,000 | ---D | M] -- C:\Program Files\Eee Storage
[2008/07/05 03:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\EeePC
[2009/07/27 14:46:05 | 000,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes
[2008/12/25 12:28:11 | 000,000,000 | ---D | M] -- C:\Program Files\Elantech
[2008/12/25 12:29:52 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/01/11 11:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\Flash Movie Player
[2009/12/27 05:33:41 | 000,000,000 | ---D | M] -- C:\Program Files\FLV Player
[2010/08/02 05:46:48 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/05/15 13:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/09/14 07:34:09 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2009/10/17 01:36:48 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/07/05 02:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/11/08 05:53:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/07/05 03:37:38 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/07/10 06:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/07/10 06:09:04 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/02/08 10:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/09/26 04:59:22 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/11/29 10:24:01 | 000,000,000 | ---D | M] -- C:\Program Files\Kreatives.org
[2009/04/22 21:14:33 | 000,000,000 | ---D | M] -- C:\Program Files\LizardTech
[2010/09/15 04:36:23 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/15 09:19:26 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/04/12 22:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/08/02 01:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mediafour
[2009/11/10 10:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/08 05:44:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/07/05 02:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/07/05 03:10:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/10 10:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/07/05 03:07:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/08 05:50:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/11/10 10:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/05 02:50:26 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/13 02:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/07/05 02:49:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/25 15:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Music Rescue
[2008/07/05 02:50:31 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/07/05 02:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/09/26 04:59:19 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2009/11/09 08:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/03/07 16:55:05 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
[2010/07/10 06:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/27 15:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\RarZilla Free Unrar
[2009/03/06 22:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/12/25 12:26:03 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/01/11 11:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\Save Flash
[2009/11/14 06:43:58 | 000,000,000 | ---D | M] -- C:\Program Files\ScummVM
[2009/04/12 22:33:17 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor
[2008/07/05 03:55:00 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2009/07/19 18:26:48 | 000,000,000 | ---D | M] -- C:\Program Files\Spotify
[2010/07/30 13:54:30 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/07/05 03:39:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010/09/13 01:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\Telstra Turbo Connection Manager
[2009/07/27 15:26:53 | 000,000,000 | ---D | M] -- C:\Program Files\The Rosetta Stone
[2010/01/30 04:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\UnH Solutions
[2008/07/05 02:55:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/27 15:09:59 | 000,000,000 | ---D | M] -- C:\Program Files\UnRar for Windows
[2008/12/25 14:07:09 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/11/08 05:58:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/11/08 05:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/07/05 02:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/07/05 02:48:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/07/05 02:50:49 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/25 15:35:44 | 000,000,000 | ---D | M] -- C:\Program Files\WindSolutions
[2010/02/01 11:14:58 | 000,000,000 | ---D | M] -- C:\Program Files\WinHTTrack
[2008/07/05 02:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/11/14 10:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2008/07/04 19:44:51 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:disk.sys
[2008/04/14 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:usbstor.sys
[2008/04/14 13:00:00 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-10 09:04:18

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

So that's the log file and it looks like the Extras file will have to be posted separately....








MBanks

Rookie Surfer
Rookie Surfer

Posts : 92
Joined : 2010-09-15
Operating System : Windows XP Home Edition SP3

View user profile

Back to top Go down


Re: Security Tool 2010 - Infected on Windows XP Home Edition SP3

Post by MBanks on Sat 25 Sep 2010, 10:15 am

I thought as much.

Did the HijackThis log help on how I could fix the RunDDL files?

MBanks

Rookie Surfer
Rookie Surfer

Posts : 92
Joined : 2010-09-15
Operating System : Windows XP Home Edition SP3

View user profile

Back to top Go down

Re: Security Tool 2010 - Infected on Windows XP Home Edition SP3

Post by Belahzur on Sun 26 Sep 2010, 10:54 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [ocernwasxm.tmp] "C:\DOCUME~1\Web\LOCALS~1\Temp\ocernwasxm.tmp"
    O4 - HKLM\..\Run: [wupdate] %SystemRoot%\system32\wupdate.exe
    O4 - HKLM\..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe
    O4 - HKLM\..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe
    O4 - HKLM\..\Run: [Wmimefameteq] rundll32.exe "C:\WINDOWS\onuyohuy.dll",Startup
    O4 - HKCU\..\Run: [Wcoluj] rundll32.exe "C:\WINDOWS\wimgxft.dll",Startup
    O4 - HKCU\..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe
    O4 - HKCU\..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe
    O4 - HKCU\..\Run: [sdsetup_aff] C:\Documents and Settings\Web\Desktop\sdsetup_aff.exe -min


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally.
That should stop the error on startup.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Security Tool 2010 - Infected on Windows XP Home Edition SP3

Post by MBanks on Sun 03 Oct 2010, 12:28 pm

Hey,

OK, so I made it up to Darwin in the Northern Territory, the closest city where I thought
I might be able to get windows reinstalled. Managed to get it reinstalled yesterday and
then went to an internet cafe to get MBAM installed. Downloaded it but have not yet
purchased it, is it an effective malware, virus and spyware protector that will stop me getting
attacked?

I ran a scan just to check and here is the log:


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4733

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/3/2010 10:49:54 AM
mbam-log-2010-10-03 (10-49-54).txt

Scan type: Quick scan
Objects scanned: 124835
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



As you can see it found 3 infected registry data items were infected.

I clicked on the remove/fix infected items button and it said it had completed it successfully.

What steps can I now take. Do I need to do an OTL or Combo-fix run?

Which anti virus software would you recommend I purchase in order to stop getting attacked?
It's pretty frustrating! Thanks for all your help, once I'm fixed up and protected I'll
make a donation to the site for all your help.

Martin.

MBanks

Rookie Surfer
Rookie Surfer

Posts : 92
Joined : 2010-09-15
Operating System : Windows XP Home Edition SP3

View user profile

Back to top Go down

Re: Security Tool 2010 - Infected on Windows XP Home Edition SP3

Post by Belahzur on Mon 04 Oct 2010, 10:08 am

Please run Combofix and then post the Combofix log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Security Tool 2010 - Infected on Windows XP Home Edition SP3

Post by Sponsored content Today at 6:09 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum