Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware run32.dll and i might have others

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware run32.dll and i might have others

Unread postby jas24 » December 9th, 2009, 1:18 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:24 PM, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://twitter.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {a82f8954-7714-4f1a-a3c9-f297a5fd72a9} - begimepo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [tumujarepa] Rundll32.exe "vagivoho.dll",s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} (Invoke Solutions MILiveParticipantPadHelper Control) - http://rms2.invokesolutions.com/events/ ... MILive.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = linksys
O17 - HKLM\Software\..\Telephony: DomainName = linksys
O17 - HKLM\System\CCS\Services\Tcpip\..\{145CCE74-320A-43DF-AE18-878504DCAF8C}: NameServer = 193.104.110.38,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2B88F7-1287-446D-B936-69056593F881}: NameServer = 193.104.110.38,4.2.2.1,65.32.5.111 65.32.5.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = linksys
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = linksys
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = linksys
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: guzuyavu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: sehapojip - {f23a521e-9c3a-4a26-b3c5-2f30161c8d18} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {f23a521e-9c3a-4a26-b3c5-2f30161c8d18} - (no file)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10180 bytes


Thank you .
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm
Advertisement
Register to Remove

Re: Malware run32.dll and i might have others

Unread postby MWR 3 day Mod » December 13th, 2009, 2:33 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Malware run32.dll and i might have others

Unread postby shinybeast » December 14th, 2009, 8:28 pm

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.
  • Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
  • Perform all instructions in the order given.
  • Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
  • The instructions assume you are using an account with administrator privileges.
  • Do not run any other tools to remove malware while we are working.
  • Post all responses in a reply to this topic - Please do not start a new topic.
  • If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.
  • If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated. :)


Installed Program List

It would be helpful to see a list of programs installed on your computer.

  • Please start Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager... under System Tools

You will see a list of programs installed on your computer.
Please click the Save List... button and specify where you would like to save the list.
Once you click Save, the list will open in Notepad. Simply copy and paste the entire contents of Notepad in your next post.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 14th, 2009, 9:01 pm

Thank you so much for the reply.
Here is the uninstall list:

AC3Filter (remove only)
Acoustica Effects Pack
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.2
Adobe Shockwave Player
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 9.0
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CCleaner
Conexant AC-Link Audio
ConvertXtoDVD 4.0.3.313
Critical Update for Windows Media Player 11 (KB959772)
ffdshow [rev 1900] [2008-03-15]
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Help and Support
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HP User Guides 0012
HP Wireless Assistant 1.01 C1
ImgBurn
InterVideo WinDVD
Invoke Solutions Participant 6.2.0.1452
Malwarebytes' Anti-Malware
Media Wizard 3.0 for SGH-I617
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola Driver Installation 3.2.0
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
PC Connectivity Solution
PC Pitstop Exterminate2 2.0
PCPitstop Panda AntiVirus Scan (remove only)
PeerGuardian 2.0
PictureProject
PowerISO
Quick Launch Buttons 5.20 D2
QuickBooks Product Listing Service
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Registry Mechanic 8.0
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shop for HP Supplies
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic MyDVD Plus
Sonic Update Manager
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Uninstall Dual Mode Camera
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
Virtual DJ - Atomix Productions
Windows Defender
Windows Driver Package - Nokia (WUDFRd) WPD (11/05/2007 6.85.35.3)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 3.2)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (08/08/2007 3.3)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Mobile® Device Handbook
Windows XP Service Pack 3
WinRAR archiver
Xilisoft HD Video Converter
Yahoo! Messenger
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby shinybeast » December 15th, 2009, 2:36 pm

Hi ras24,

I notice you asked for help at BleepingComputer. Please post in your thread there and let shelflife know that you are receiving help here and can close the thread over there.

Also, from your DDS log there, I notice you had multiple infections. What did you do to get AVG and HijackThis running again?


Scan with OTL

Click here to download OTL by OldTimer and save it to your Desktop
  • Close all other open windows, then double-click OTL.exe to start OTL
  • Under Output, ensure that Minimal Output is selected
  • Under the Standard Registry box change it to All
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Click Run Scan in upper left of window.
  • When the scan is finished, two logs will open:
    OTL.Txt <-- Will be opened
    Extras.Txt <-- Will be minimized
  • Please post the contents of these two logs in your next reply.


Scan with GMER

Click here to download GMER Rootkit Scanner and save it to your desktop.
  • Double click the randomly named GMER file. If asked to allow gmer driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following boxes:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All
  • Then click the Scan button and wait for it to finish
  • Once done click on the Save.. button at lower right, and in the File name area, type in "Gmer.txt" (include the quotes) or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Please reply with the OTL logs (OTL.txt and Extras.txt) and the GMER log.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 16th, 2009, 11:44 am

I believe i ran combofix in safemode. I wasn't sure if it was going to fix anything, on regular mode combo fix did not run at all, i could only see it in Windows task Manager under processes. I believe my AVG is running but i cant get malwarebytes to run at all, Im getting missing mbam.exe error.
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 16th, 2009, 12:23 pm

Just to let you know while i was running the OLT scan AVG popped up with multiple infections and OLT just kept running.





OTL logfile created on: 12/16/2009 10:52:20 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\jas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.17 Mb Total Physical Memory | 131.00 Mb Available Physical Memory | 34.28% Memory free
916.59 Mb Paging File | 504.98 Mb Available in Paging File | 55.09% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 29.70 Gb Free Space | 39.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINKSYS
Current User Name: jas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\jas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe ()
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\jas\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\begimepo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (NMIndexingService) -- File not found
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe ()
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (hpqwmi) -- C:\Program Files\HPQ\shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies )
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (2892o0P7) -- C:\WINDOWS\system32\drivers\2892o0P7.sys ()
DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (usb_rndisx) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (JL2005C) -- C:\WINDOWS\system32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://twitter.com/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 83 01 03 57 0A CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {a82f8954-7714-4f1a-a3c9-f297a5fd72a9} - C:\WINDOWS\System32\begimepo.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [tumujarepa] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/house ... hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Extermin ... iVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokesolutions.com/events/ ... MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = linksys
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (guzuyavu.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: sehapojip - {f23a521e-9c3a-4a26-b3c5-2f30161c8d18} - CLSID or File not found.
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {f23a521e-9c3a-4a26-b3c5-2f30161c8d18} - mujuzedij - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/25 01:39:07 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/02/16 17:15:13 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/16 10:50:06 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jas\Desktop\OTL.exe
[2009/12/15 21:45:52 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/12/15 21:45:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jas\Application Data\uTorrent
[2009/12/14 19:59:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jas\Desktop\malware rmvl info
[2009/12/09 12:48:35 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/09 12:48:28 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/09 12:48:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/09 12:09:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/09 12:07:55 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\jas\Desktop\HJTInstall.exe
[2009/12/08 15:56:47 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/08 15:03:49 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/08 15:02:49 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/08 15:02:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/12/08 15:02:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/08 15:01:17 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2009/12/08 15:01:16 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/12/08 15:01:14 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/08 15:01:13 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/08 15:01:12 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/08 15:00:20 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/12/08 15:00:20 | 00,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/12/08 15:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/08 15:00:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/08 14:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/08 14:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/08 14:57:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/08 14:57:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/08 13:15:09 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/12/08 13:15:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/12/08 12:53:49 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/08 12:53:49 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/08 12:53:49 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/08 12:53:49 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/08 12:49:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/08 12:38:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/07 20:29:45 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\jas\Recent
[2009/12/07 19:15:29 | 00,016,904 | ---- | C] (Kaspersky Lab, Parshin Yury) -- C:\WINDOWS\System32\drivers\KLMD.sys
[2009/12/04 18:34:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jas\Local Settings\Application Data\Threat Expert
[2009/12/02 19:25:25 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/12/02 18:40:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/12/02 18:40:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/12/02 15:30:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/02 13:27:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/12/01 17:46:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jas\Local Settings\Application Data\opjabe
[2009/12/01 17:42:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jas\Local Settings\Application Data\esentsttools
[2009/01/29 19:06:07 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\jas\Application Data\pcouffin.sys
[2008/12/04 18:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2008/09/27 12:14:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/08/31 14:19:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/04/03 16:45:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CyberLink
[2007/05/04 17:09:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/16 10:56:25 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rogabeja
[2009/12/16 10:50:07 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jas\Desktop\OTL.exe
[2009/12/16 10:21:58 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/16 10:05:38 | 00,145,408 | ---- | M] () -- C:\Documents and Settings\jas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/16 09:55:20 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ED728D2C-3768-4706-88FD-3BF50D3B1033}.job
[2009/12/16 09:50:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/16 09:00:01 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\txvcxyfd.job
[2009/12/16 09:00:01 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\qchujcpc.job
[2009/12/16 09:00:01 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\iggzvall.job
[2009/12/16 09:00:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\cxipuost.job
[2009/12/16 09:00:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\apftdukx.job
[2009/12/16 08:15:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/16 08:15:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/16 08:15:25 | 40,080,5888 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 08:13:45 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\jas\ntuser.ini
[2009/12/16 08:13:44 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\jas\NTUSER.DAT
[2009/12/16 08:13:05 | 04,838,214 | -H-- | M] () -- C:\Documents and Settings\jas\Local Settings\Application Data\IconCache.db
[2009/12/16 06:30:40 | 46,689,334 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/16 06:30:01 | 00,126,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/16 01:23:20 | 00,000,181 | -HS- | M] () -- C:\WINDOWS\System32\miyowepa.dll
[2009/12/16 01:23:11 | 00,000,181 | -HS- | M] () -- C:\WINDOWS\System32\towusozo.dll
[2009/12/16 01:23:07 | 00,000,181 | -HS- | M] () -- C:\WINDOWS\System32\dirasawu.dll
[2009/12/16 01:23:05 | 00,000,181 | -HS- | M] () -- C:\WINDOWS\System32\bodozanu.dll
[2009/12/15 21:46:03 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/12/15 18:37:00 | 00,549,970 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2009/12/12 06:41:51 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vagazodi.dll
[2009/12/12 06:41:40 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\zovujiwu.dll
[2009/12/12 06:41:40 | 00,000,003 | ---- | M] () -- C:\WINDOWS\System32\nanemefu.dll
[2009/12/11 15:40:12 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\nuyuviju.dll
[2009/12/11 15:40:12 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kuwalobe.dll
[2009/12/11 15:34:03 | 00,005,896 | -HS- | M] () -- C:\WINDOWS\System32\yusutuno.exe
[2009/12/11 15:34:01 | 00,005,875 | -HS- | M] () -- C:\WINDOWS\System32\tijevilu.exe
[2009/12/09 12:48:40 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/09 12:09:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\jas\Desktop\HijackThis.lnk
[2009/12/09 12:07:55 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\jas\Desktop\HJTInstall.exe
[2009/12/08 23:17:41 | 00,005,902 | -HS- | M] () -- C:\WINDOWS\System32\watusero.dll
[2009/12/08 23:17:39 | 00,005,902 | -HS- | M] () -- C:\WINDOWS\System32\samisede.dll
[2009/12/08 23:17:38 | 00,005,902 | -HS- | M] () -- C:\WINDOWS\System32\barihuye.dll
[2009/12/08 23:17:24 | 00,005,902 | -HS- | M] () -- C:\WINDOWS\System32\hepoyaba.dll
[2009/12/08 23:17:24 | 00,005,896 | -HS- | M] () -- C:\WINDOWS\System32\zehakebo.exe
[2009/12/08 23:17:24 | 00,005,875 | -HS- | M] () -- C:\WINDOWS\System32\gabuwime.exe
[2009/12/08 15:02:56 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2009/12/08 15:02:49 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/08 15:02:49 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/08 15:02:23 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/08 15:02:23 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/08 15:01:17 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2009/12/08 15:01:16 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/12/08 15:01:14 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/08 15:01:13 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/08 15:01:12 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/08 15:00:20 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/12/08 15:00:20 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/12/08 13:24:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/08 13:24:09 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/07 19:21:32 | 00,080,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\2892o0P7.sys
[2009/12/07 19:15:29 | 00,016,904 | ---- | M] (Kaspersky Lab, Parshin Yury) -- C:\WINDOWS\System32\drivers\KLMD.sys
[2009/12/07 17:36:09 | 00,000,194 | ---- | M] () -- C:\WINDOWS\System32\srcr.dat
[2009/12/07 13:34:00 | 03,583,346 | R--- | M] () -- C:\Documents and Settings\jas\Desktop\ComboFix.exe
[2009/12/04 22:17:54 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\jas\cd
[2009/12/04 20:23:47 | 00,000,599 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/04 20:23:47 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/21 16:12:58 | 00,001,041 | ---- | M] () -- C:\Documents and Settings\jas\Application Data\vso_ts_preview.xml
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/16 01:23:20 | 00,000,181 | -HS- | C] () -- C:\WINDOWS\System32\miyowepa.dll
[2009/12/16 01:23:11 | 00,000,181 | -HS- | C] () -- C:\WINDOWS\System32\towusozo.dll
[2009/12/16 01:23:07 | 00,000,181 | -HS- | C] () -- C:\WINDOWS\System32\dirasawu.dll
[2009/12/16 01:23:04 | 00,000,181 | -HS- | C] () -- C:\WINDOWS\System32\bodozanu.dll
[2009/12/15 21:46:02 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/12/14 23:28:36 | 00,000,290 | ---- | C] () -- C:\WINDOWS\tasks\qchujcpc.job
[2009/12/14 11:23:47 | 00,000,290 | ---- | C] () -- C:\WINDOWS\tasks\apftdukx.job
[2009/12/13 12:50:37 | 00,000,290 | ---- | C] () -- C:\WINDOWS\tasks\txvcxyfd.job
[2009/12/12 06:41:51 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vagazodi.dll
[2009/12/12 06:41:40 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\zovujiwu.dll
[2009/12/12 06:41:40 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\nanemefu.dll
[2009/12/11 15:40:12 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\nuyuviju.dll
[2009/12/11 15:40:12 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kuwalobe.dll
[2009/12/11 15:34:03 | 00,005,896 | -HS- | C] () -- C:\WINDOWS\System32\yusutuno.exe
[2009/12/11 15:34:01 | 00,005,875 | -HS- | C] () -- C:\WINDOWS\System32\tijevilu.exe
[2009/12/10 18:09:53 | 00,000,290 | ---- | C] () -- C:\WINDOWS\tasks\cxipuost.job
[2009/12/09 12:48:40 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/09 12:09:34 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\jas\Desktop\HijackThis.lnk
[2009/12/09 11:46:34 | 00,000,290 | ---- | C] () -- C:\WINDOWS\tasks\iggzvall.job
[2009/12/08 23:17:41 | 00,005,902 | -HS- | C] () -- C:\WINDOWS\System32\watusero.dll
[2009/12/08 23:17:39 | 00,005,902 | -HS- | C] () -- C:\WINDOWS\System32\samisede.dll
[2009/12/08 23:17:38 | 00,005,902 | -HS- | C] () -- C:\WINDOWS\System32\barihuye.dll
[2009/12/08 23:17:24 | 00,005,902 | -HS- | C] () -- C:\WINDOWS\System32\hepoyaba.dll
[2009/12/08 23:17:24 | 00,005,896 | -HS- | C] () -- C:\WINDOWS\System32\zehakebo.exe
[2009/12/08 23:17:24 | 00,005,875 | -HS- | C] () -- C:\WINDOWS\System32\gabuwime.exe
[2009/12/08 15:02:56 | 00,549,970 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2009/12/08 15:02:56 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2009/12/08 15:02:49 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/08 15:02:23 | 46,689,334 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/08 15:02:23 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/08 15:02:23 | 00,126,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/08 15:02:22 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/08 13:23:10 | 40,080,5888 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/08 12:53:49 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/08 12:53:49 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/08 12:53:49 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/08 12:53:49 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/08 12:53:49 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/07 13:34:01 | 03,583,346 | R--- | C] () -- C:\Documents and Settings\jas\Desktop\ComboFix.exe
[2009/12/04 23:55:04 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\srcr.dat
[2009/12/04 22:16:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\jas\cd
[2009/12/01 17:42:18 | 00,080,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\2892o0P7.sys
[2009/09/16 01:22:18 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\jineniwi.dll
[2009/09/16 01:22:16 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\guguvevo.dll
[2009/09/16 01:22:09 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\wuviforo.dll
[2009/09/16 01:22:09 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\tateputu.dll
[2009/09/15 13:21:51 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\raganapo.dll
[2009/09/15 13:21:46 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\vojedayu.dll
[2009/09/14 23:25:25 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\takujiza.dll
[2009/09/14 23:24:27 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\loligewa.dll
[2009/09/14 11:23:22 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\jefizaya.dll
[2009/09/14 11:23:19 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hejapive.dll
[2009/09/13 12:50:18 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yadihoni.dll
[2009/09/13 12:50:11 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\kobitaka.dll
[2009/09/12 06:37:17 | 00,015,360 | -HS- | C] () -- C:\WINDOWS\System32\vizamemu.dll
[2009/09/12 06:36:52 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\milokira.dll
[2009/09/12 06:36:52 | 00,036,864 | -HS- | C] () -- C:\WINDOWS\System32\zijokomo.dll
[2009/09/10 18:04:45 | 00,021,504 | -HS- | C] () -- C:\WINDOWS\System32\yeneseje.dll
[2009/09/10 18:04:39 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\falukovo.dll
[2009/09/10 18:04:35 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\zizesabo.dll
[2009/09/02 13:10:21 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\begimepo.dll
[2009/02/16 10:19:20 | 00,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/03 19:06:11 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\cvchost.dll
[2009/01/29 19:09:04 | 00,001,041 | ---- | C] () -- C:\Documents and Settings\jas\Application Data\vso_ts_preview.xml
[2009/01/29 19:06:42 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\jas\Application Data\pcouffin.log
[2009/01/29 19:06:07 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\jas\Application Data\pcouffin.cat
[2009/01/29 19:06:07 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\jas\Application Data\pcouffin.inf
[2008/12/29 10:52:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/11/19 07:42:29 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/06/10 22:25:01 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\jas\Application Data\$_hpcst$.hpc
[2008/04/06 18:54:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2008/04/04 14:55:28 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/04 14:55:25 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/24 01:46:04 | 00,000,307 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2007/12/01 14:06:13 | 00,114,451 | ---- | C] () -- C:\Documents and Settings\jas\Application Data\NMM-MetaData.db
[2007/10/28 23:45:48 | 00,000,066 | ---- | C] () -- C:\WINDOWS\Easy RM RMVB to DVD Burner.INI
[2007/08/29 15:27:10 | 00,039,864 | ---- | C] () -- C:\Documents and Settings\jas\Local Settings\Application Data\FASTWiz.log
[2007/08/25 01:58:56 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\jas\Application Data\.zreglib
[2007/08/09 01:21:47 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/08/09 01:21:47 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9CCEB17CDB.sys
[2007/08/04 17:01:18 | 00,000,342 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2007/07/12 03:05:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Sci-Fi
[2007/07/12 03:00:10 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/07/12 02:53:14 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2007/06/24 15:27:59 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/06/07 14:42:36 | 00,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/05/30 19:43:05 | 00,000,067 | ---- | C] () -- C:\WINDOWS\Easy DVD Creator.INI
[2007/05/28 14:14:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/05/21 17:16:41 | 00,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/05/11 14:07:29 | 00,006,588 | ---- | C] () -- C:\Documents and Settings\jas\Application Data\wklnhst.dat
[2007/05/07 16:18:40 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/05/07 16:03:49 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/07 16:03:48 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/07 16:03:48 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/07 16:03:48 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/07 16:03:48 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/07 16:03:48 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/06 23:54:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/06 19:39:47 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/05/04 18:53:18 | 00,145,408 | ---- | C] () -- C:\Documents and Settings\jas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/30 01:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/03/05 15:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/05/12 07:18:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/06 13:42:56 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:24 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 18:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 18:38:40 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/03/16 19:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000011.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/08/12 09:31:07 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >









OTL Extras logfile created on: 12/16/2009 10:52:20 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\jas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.17 Mb Total Physical Memory | 131.00 Mb Available Physical Memory | 34.28% Memory free
916.59 Mb Paging File | 504.98 Mb Available in Paging File | 55.09% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 29.70 Gb Free Space | 39.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINKSYS
Current User Name: jas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10382:TCP" = 10382:TCP:*:Enabled:BitComet 10382 TCP
"10382:UDP" = 10382:UDP:*:Enabled:BitComet 10382 UDP
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\ImgBurn\ImgBurn.exe" = C:\Program Files\ImgBurn\ImgBurn.exe:*:Enabled:ImgBurn -- (LIGHTNING UK!)
"C:\WINDOWS\system32\ati2evxx.exe" = C:\WINDOWS\system32\ati2evxx.exe:*:Enabled:Ati2evxx -- (ATI Technologies Inc.)
"C:\WINDOWS\system32\taskmgr.exe" = C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr -- (Microsoft Corporation)
"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv -- (Microsoft Corporation)
"C:\WINDOWS\system32\wbem\wmiprvse.exe" = C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse -- (Microsoft Corporation)
"C:\Program Files\Spyware Doctor\pctsGui.exe" = C:\Program Files\Spyware Doctor\pctsGui.exe:*:Enabled:Spyware Doctor -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32 -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:IEXPLORE -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgtray.exe" = C:\Program Files\AVG\AVG9\avgtray.exe:*:Enabled:avgtray -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73284F36-E17E-44B0-85E2-F0336A6E749F}" = PC Connectivity Solution
"{74C5EA04-AF1E-45B2-949B-4841EE949C40}" = Nokia Connectivity Cable Driver
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193j
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{984DED38-AD2A-4143-8412-C3827A920BE5}" = HP User Guides 0012
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 D2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}}_is1" = Invoke Solutions Participant 6.2.0.1452
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FCD8DCE6-94C8-4FF6-8E3E-D3C96A5A707E}" = Nokia PC Suite
"{FD60129B-8C86-421C-B0E4-43CBBB480403}" = Media Wizard 3.0 for SGH-I617
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"24894EA20BE8E62AA4FC3DD3AA85785356B52BF5" = Windows Driver Package - Nokia Modem (08/08/2007 3.3)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"9925DD2E3ADF2DA7C8A0212FB775F1D2FB6C56E8" = Windows Driver Package - Nokia (WUDFRd) WPD (11/05/2007 6.85.35.3)
"AC3Filter" = AC3Filter (remove only)
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"F1CB0AC2D40DDCFCA6933082B115073476C155DE" = Windows Driver Package - Nokia Modem (08/03/2007 3.2)
"ffdshow_is1" = ffdshow [rev 1900] [2008-03-15]
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0
"PCPitstop Panda AntiVirus Scan" = PCPitstop Panda AntiVirus Scan (remove only)
"PeerGuardian_is1" = PeerGuardian 2.0
"PowerISO" = PowerISO
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2009 8:09:33 PM | Computer Name = LINKSYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2009 7:36:54 AM | Computer Name = LINKSYS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/12/2009 8:30:43 AM | Computer Name = LINKSYS | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: This operation returned because the timeout period expired.

Error - 12/12/2009 8:57:24 AM | Computer Name = LINKSYS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18852, fault address 0x00085dec.

Error - 12/12/2009 10:04:24 AM | Computer Name = LINKSYS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 12/12/2009 10:33:12 AM | Computer Name = LINKSYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2009 10:33:14 AM | Computer Name = LINKSYS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module , version 6.3.1106.427, fault address 0x00055494.

Error - 12/13/2009 7:56:42 PM | Computer Name = LINKSYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2009 7:56:42 PM | Computer Name = LINKSYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 4:41:50 PM | Computer Name = LINKSYS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x0002aeec.

[ System Events ]
Error - 12/12/2009 2:48:11 PM | Computer Name = LINKSYS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/12/2009 3:10:14 PM | Computer Name = LINKSYS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/13/2009 1:47:03 PM | Computer Name = LINKSYS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/14/2009 12:20:02 PM | Computer Name = LINKSYS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/14/2009 8:44:49 PM | Computer Name = LINKSYS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/14/2009 8:57:09 PM | Computer Name = LINKSYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/15/2009 12:47:45 AM | Computer Name = LINKSYS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/15/2009 12:10:31 PM | Computer Name = LINKSYS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/15/2009 6:40:33 PM | Computer Name = LINKSYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/16/2009 9:18:07 AM | Computer Name = LINKSYS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 16th, 2009, 2:18 pm

Gmer






GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-16 13:09:00
Windows 5.1.2600 Service Pack 3
Running: 5382lqiz.exe; Driver: C:\DOCUME~1\jas\LOCALS~1\Temp\kxldapow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF7917470]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF7917520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF79175C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF7917660]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTuhngfqbdwr.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTuhngfqbdwr.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTkagolwaftw.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTdvykicomen.dat
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTxnuarmilbj.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtav \\?\globalroot\systemroot\system32\H8SRTiwilnntpql.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTsiyvgvdirs.dll
Reg HKLM\SOFTWARE\Classes\MPEffects.ColorTint@ ColorTint Class
Reg HKLM\SOFTWARE\Classes\MPEffects.ColorTint\CLSID
Reg HKLM\SOFTWARE\Classes\MPEffects.ColorTint\CLSID@ {5CFE3F6C-1E27-4CC2-B0D9-F19DE9DFE5BC}
Reg HKLM\SOFTWARE\Classes\MPEffects.ColorTint\CurVer
Reg HKLM\SOFTWARE\Classes\MPEffects.ColorTint\CurVer@ MPEffects.ColorTint.1
Reg HKLM\SOFTWARE\Classes\MPEffects.ColorTint.1@ ColorTint Class
Reg HKLM\SOFTWARE\Classes\MPEffects.ColorTint.1\CLSID
Reg HKLM\SOFTWARE\Classes\MPEffects.ColorTint.1\CLSID@ {5CFE3F6C-1E27-4CC2-B0D9-F19DE9DFE5BC}
Reg HKLM\SOFTWARE\Classes\MPEffects.RapidOverlay@ RapidOverlay Class
Reg HKLM\SOFTWARE\Classes\MPEffects.RapidOverlay\CLSID
Reg HKLM\SOFTWARE\Classes\MPEffects.RapidOverlay\CLSID@ {EA065AFC-5557-448C-AFD0-B3B33ECBCD67}
Reg HKLM\SOFTWARE\Classes\MPEffects.RapidOverlay\CurVer
Reg HKLM\SOFTWARE\Classes\MPEffects.RapidOverlay\CurVer@ MPEffects.RapidOverlay.1
Reg HKLM\SOFTWARE\Classes\MPEffects.RapidOverlay.1@ RapidOverlay Class
Reg HKLM\SOFTWARE\Classes\MPEffects.RapidOverlay.1\CLSID
Reg HKLM\SOFTWARE\Classes\MPEffects.RapidOverlay.1\CLSID@ {EA065AFC-5557-448C-AFD0-B3B33ECBCD67}
Reg HKLM\SOFTWARE\Classes\MPEffects.VolumetricLight@ VolumetricLight Class
Reg HKLM\SOFTWARE\Classes\MPEffects.VolumetricLight\CLSID
Reg HKLM\SOFTWARE\Classes\MPEffects.VolumetricLight\CLSID@ {1258E35A-00B5-4E96-ADCF-661C04574BD4}
Reg HKLM\SOFTWARE\Classes\MPEffects.VolumetricLight\CurVer
Reg HKLM\SOFTWARE\Classes\MPEffects.VolumetricLight\CurVer@ MPEffects.VolumetricLight.1
Reg HKLM\SOFTWARE\Classes\MPEffects.VolumetricLight.1@ VolumetricLight Class
Reg HKLM\SOFTWARE\Classes\MPEffects.VolumetricLight.1\CLSID
Reg HKLM\SOFTWARE\Classes\MPEffects.VolumetricLight.1\CLSID@ {1258E35A-00B5-4E96-ADCF-661C04574BD4}
Reg HKLM\SOFTWARE\Classes\NkvInfinity.NkvCOMMainFrame@ NkvCOMMainFrame Class
Reg HKLM\SOFTWARE\Classes\NkvInfinity.NkvCOMMainFrame\CLSID
Reg HKLM\SOFTWARE\Classes\NkvInfinity.NkvCOMMainFrame\CLSID@ {1A5453EC-2651-4BEB-A12E-FDDE381FBD61}
Reg HKLM\SOFTWARE\Classes\NkvInfinity.NkvCOMMainFrame\CurVer
Reg HKLM\SOFTWARE\Classes\NkvInfinity.NkvCOMMainFrame\CurVer@ NkvInfinity.NkvCOMMainFrame.1
Reg HKLM\SOFTWARE\Classes\NkvInfinity.NkvCOMMainFrame.1@ NkvCOMMainFrame Class
Reg HKLM\SOFTWARE\Classes\NkvInfinity.NkvCOMMainFrame.1\CLSID
Reg HKLM\SOFTWARE\Classes\NkvInfinity.NkvCOMMainFrame.1\CLSID@ {1A5453EC-2651-4BEB-A12E-FDDE381FBD61}
Reg HKLM\SOFTWARE\Classes\PictureProject@ PictureProject Class
Reg HKLM\SOFTWARE\Classes\PictureProject\shell
Reg HKLM\SOFTWARE\Classes\PictureProject\shell@
Reg HKLM\SOFTWARE\Classes\PictureProject\shell\open
Reg HKLM\SOFTWARE\Classes\PictureProject\shell\open@
Reg HKLM\SOFTWARE\Classes\PictureProject\shell\open\command
Reg HKLM\SOFTWARE\Classes\PictureProject\shell\open\command@ C:\Program Files\Nikon\PictureProject\NkbTransfer.exe /D=%L
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3@ Slide Image Uploader Control
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3\CLSID
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3\CLSID@ {55027008-315F-4F45-BBC3-8BE119764741}
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3\CurVer
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3\CurVer@ SlideInc.ImageUploader3.1
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3.1@ Slide Image Uploader Control
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3.1\CLSID
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3.1\CLSID@ {55027008-315F-4F45-BBC3-8BE119764741}
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3.1\Insertable
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3Combo@ Slide Image Uploader Combo Control
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3Combo\CLSID
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3Combo\CLSID@ {18F31E69-A6E8-42FA-B970-6E923C9A20A6}
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3Combo\CurVer
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3Combo\CurVer@ SlideInc.ImageUploader3Combo.1
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3Combo.1@ Slide Image Uploader Combo Control
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3Combo.1\CLSID
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploader3Combo.1\CLSID@ {18F31E69-A6E8-42FA-B970-6E923C9A20A6}
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploaderThumbnail@ Slide Image Uploader Thumbnail Control
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploaderThumbnail\CLSID
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploaderThumbnail\CLSID@ {C85D2D97-8AC3-4C33-80AC-3D05D7AE0F3A}
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploaderThumbnail\CurVer
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploaderThumbnail\CurVer@ SlideInc.ImageUploaderThumbnail.1
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploaderThumbnail.1@ Slide Image Uploader Thumbnail Control
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploaderThumbnail.1\CLSID
Reg HKLM\SOFTWARE\Classes\SlideInc.ImageUploaderThumbnail.1\CLSID@ {C85D2D97-8AC3-4C33-80AC-3D05D7AE0F3A}
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItem@ Slide Image Uploader UploadItem Control
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItem\CLSID
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItem\CLSID@ {743D1578-2D90-4E61-B27B-BBF125CC1067}
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItem\CurVer
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItem\CurVer@ SlideInc.UploadItem.1
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItem.1@ Slide Image Uploader UploadItem Control
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItem.1\CLSID
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItem.1\CLSID@ {743D1578-2D90-4E61-B27B-BBF125CC1067}
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItems@ Slide Image Uploader UploadItems Control
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItems\CLSID
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItems\CLSID@ {104AD4D0-C73B-4F84-93F2-3AA08206FC51}
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItems\CurVer
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItems\CurVer@ SlideInc.UploadItems.1
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItems.1@ Slide Image Uploader UploadItems Control
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItems.1\CLSID
Reg HKLM\SOFTWARE\Classes\SlideInc.UploadItems.1\CLSID@ {104AD4D0-C73B-4F84-93F2-3AA08206FC51}

---- EOF - GMER 1.0.15 ----
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby shinybeast » December 17th, 2009, 3:32 am

Hello jas24,


P2P Software

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent

I'd like you to read P2P (Person to Person) File Sharing Programmes where this forum's policy is explained.

If you would like to continue, you must go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Warning: Any existing remnants of the program may be removed during cleaning.


ComboFix log

Please post the contents of the Combofix log which should still be at C:\ComboFix.txt. I would like to see what it did before proceeding further. :)
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 17th, 2009, 12:46 pm

I removed utorrent and heres the combofix log, thank you.

ComboFix 09-12-06.A3 - jas 12/08/2009 12:57.1.1 - x86 MINIMAL
Running from: c:\documents and settings\jas\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\Services
c:\documents and settings\jas\Application Data\inst.exe
c:\documents and settings\jas\Start Menu\Programs\AVI Codec Pack +
c:\documents and settings\jas\Start Menu\Programs\AVI Codec Pack +\Check For Updates.lnk
c:\documents and settings\jas\Start Menu\Programs\AVI Codec Pack +\Uninstall.lnk
c:\program files\AVI Codec Pack
c:\program files\AVI Codec Pack\AC3\ac3filter.ax
c:\program files\AVI Codec Pack\AC3\dialog_patch.exe
c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM
c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe
c:\program files\AVI Codec Pack\uninstall.exe
c:\program files\SGPSA
c:\windows\system32\41.exe
c:\windows\system32\AVR10.exe
c:\windows\system32\bitonuta.dll
c:\windows\system32\bupuyafo.dll
c:\windows\system32\butileve.dll
c:\windows\system32\critical_warning.html
c:\windows\system32\dewukobe.dll
c:\windows\system32\futajido.dll
c:\windows\system32\gehotimi.dll
c:\windows\system32\guzuyavu.dll
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTdvykicomen.dat
c:\windows\system32\H8SRTiwilnntpql.dll
c:\windows\system32\H8SRTkagolwaftw.dll
c:\windows\system32\H8SRTsiyvgvdirs.dll
c:\windows\system32\H8SRTxnuarmilbj.dll
c:\windows\system32\hegubagu.dll
c:\windows\system32\hinilezo.dll
c:\windows\system32\hoyuvuki.dll
c:\windows\system32\lavevumu.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\magagovi.dll
c:\windows\system32\maligoha.dll
c:\windows\system32\mekohige.dll
c:\windows\system32\meridewa.dll
c:\windows\system32\namiviko.dll
c:\windows\system32\nebiteda.dll
c:\windows\system32\pehuraba.dll
c:\windows\system32\pipidesa.dll
c:\windows\system32\pohuzowo.dll
c:\windows\system32\puvutabo.exe
c:\windows\system32\rulufutu.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\vagivoho.dll
c:\windows\system32\valalafo.dll
c:\windows\system32\vipukeyu.dll
c:\windows\system32\vojedayu.dll
c:\windows\system32\winhelper86.dll
c:\windows\system32\winlogon86.exe
c:\windows\system32\winupdate86.exe
c:\windows\system32\wokawewo.dll
c:\windows\system32\zuyahoba.dll
c:\windows\Tasks\dggsjhxm.job
c:\windows\Tasks\kpjcnwbc.job
c:\windows\Tasks\rxladbzf.job

----- BITS: Possible infected sites -----

hxxp://82.98.235.29
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-08 18:15 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-12-08 00:15 . 2009-12-08 00:15 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2009-12-05 04:55 . 2009-12-07 22:36 194 ----a-w- c:\windows\system32\srcr.dat
2009-12-04 23:32 . 2009-12-04 23:32 -------- d-----w- c:\documents and settings\jas\Application Data\PC Tools
2009-12-04 23:32 . 2009-12-04 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-03 02:48 . 2009-12-03 02:48 -------- d-----w- c:\documents and settings\benny\Application Data\Lavasoft
2009-12-02 23:40 . 2009-12-03 01:47 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-02 23:40 . 2009-12-03 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-02 23:38 . 2009-12-02 23:38 -------- d-----w- c:\documents and settings\benny\Local Settings\Application Data\Downloaded Installations
2009-12-02 22:42 . 2009-12-02 22:42 10520 ------w- c:\windows\system32\avgrsstx.dll
2009-12-02 21:06 . 2009-12-02 21:06 -------- d-----w- c:\documents and settings\benny\Application Data\Malwarebytes
2009-12-02 20:50 . 2009-12-02 21:02 -------- d-----w- c:\documents and settings\benny\Local Settings\Application Data\Adobe
2009-12-02 20:30 . 2009-12-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-02 19:33 . 2009-12-02 19:33 98440 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-02 19:32 . 2009-12-02 19:32 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-02 19:32 . 2009-12-04 20:35 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-02 19:32 . 2009-12-02 19:32 -------- d-----w- c:\documents and settings\benny\Application Data\AVGTOOLBAR
2009-12-02 19:32 . 2009-12-02 19:32 90632 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-02 19:32 . 2009-12-04 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-02 18:27 . 2009-12-04 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-12-02 18:16 . 2009-12-03 02:32 -------- d-----w- c:\documents and settings\benny\Application Data\uTorrent
2009-12-02 05:04 . 2009-12-02 05:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-12-02 02:53 . 2009-12-02 02:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-02 02:35 . 2009-12-02 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-12-02 02:33 . 2009-12-02 02:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-02 00:51 . 2009-12-02 00:51 69472 ----a-w- c:\documents and settings\benny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 22:46 . 2009-12-02 07:32 -------- d-----w- c:\documents and settings\jas\Local Settings\Application Data\opjabe
2009-12-01 22:42 . 2009-12-08 00:21 80384 ----a-w- c:\windows\system32\drivers\2892o0P7.sys
2009-12-01 22:42 . 2009-12-01 22:42 -------- d-----w- c:\documents and settings\jas\Local Settings\Application Data\esentsttools
2009-11-28 14:58 . 2009-11-28 14:58 -------- d-----w- c:\program files\uTorrent
2009-11-28 14:57 . 2009-12-06 21:02 -------- d-----w- c:\documents and settings\jas\Application Data\uTorrent
2009-11-13 00:32 . 2009-11-13 00:32 -------- d-----w- c:\program files\VSO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 18:26 . 2008-01-23 04:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-08 18:23 . 2009-12-04 23:32 -------- d-----w- c:\program files\Spyware Doctor
2009-12-08 01:27 . 2007-05-07 21:36 -------- d-----w- c:\program files\Java
2009-12-08 01:16 . 2007-05-04 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-06 22:10 . 2009-01-07 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-06 21:30 . 2008-01-26 17:56 -------- d-----w- c:\program files\PeerGuardian2
2009-12-04 23:34 . 2009-12-04 23:32 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-03 02:47 . 2007-05-17 02:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-02 18:26 . 2007-07-27 20:57 -------- d-----w- c:\program files\PCPitstop
2009-11-21 21:12 . 2009-01-30 00:06 -------- d-----w- c:\documents and settings\jas\Application Data\Vso
2009-11-13 00:33 . 2009-01-30 00:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-13 00:33 . 2009-01-30 00:06 47360 ----a-w- c:\documents and settings\jas\Application Data\pcouffin.sys
2009-11-13 00:33 . 2009-01-30 00:06 47360 ----a-w- c:\documents and settings\jas\Application Data\pcouffin.sys
2009-11-10 15:28 . 2009-12-04 23:34 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 15:28 . 2009-12-04 23:34 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 15:28 . 2009-12-04 23:34 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 15:26 . 2009-12-04 23:34 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 16:20 . 2009-12-04 23:33 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-03 18:43 . 2009-11-03 18:43 -------- d-----w- c:\program files\Invoke Solutions
2009-11-03 01:42 . 2009-10-03 11:40 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 16:11 . 2009-12-04 23:33 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-28 06:36 . 2009-12-04 23:34 1152444 ----a-w- c:\windows\UDB.zip
2009-10-20 13:04 . 2007-05-11 19:07 6588 ----a-w- c:\documents and settings\jas\Application Data\wklnhst.dat
2009-10-10 14:16 . 2007-05-04 21:40 -------- d-----w- c:\program files\Common Files\aol
2009-10-10 14:12 . 2007-05-04 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-10-10 14:01 . 2008-02-29 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-10-10 13:59 . 2007-05-07 20:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 01:01 . 2009-10-10 01:00 -------- d-----w- c:\documents and settings\jas\Application Data\ImgBurn
2009-10-10 00:31 . 2009-10-10 00:31 -------- d-----w- c:\program files\ImgBurn
2009-10-06 21:31 . 2009-12-04 23:33 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-18 22:44 . 2007-05-04 21:18 69472 -c--a-w- c:\documents and settings\jas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2004-08-04 13:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2007-08-20 20:09 . 2007-08-09 06:21 88 -csh--r- c:\windows\system32\9CCEB17CDB.sys
2009-09-02 18:10 . 2009-09-02 18:10 53760 --sha-w- c:\windows\system32\begimepo.dll
2009-09-05 15:14 . 2009-09-05 15:14 44032 --sha-w- c:\windows\system32\fugedepi.dll
2007-08-20 20:09 . 2007-08-09 06:21 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-05 16:11 . 2009-09-05 16:11 60416 --sha-w- c:\windows\system32\pojezija.dll
2009-09-08 16:18 . 2009-09-08 16:18 61440 --sha-w- c:\windows\system32\rujudagu.dll
2009-09-08 02:07 . 2009-09-08 02:07 52224 --sha-w- c:\windows\system32\tituzeki.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a82f8954-7714-4f1a-a3c9-f297a5fd72a9}]
2009-09-02 18:10 53760 --sha-w- c:\windows\system32\begimepo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-08 1294336]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\2892o0P7.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-10-11 23:17 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\esentsttools]
2009-12-01 17:43 81920 ----a-w- c:\documents and settings\jas\Local Settings\Application Data\esentsttools\esentsttools.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 20:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-05-04 17:59 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 23:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 23:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2007-11-09 21:16 688128 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-22 00:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-06-15 10:50 729178 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2005-07-28 15:32 94208 ------w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 21:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"gusvc"=2 (0x2)
"Fax"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ImgBurn\\ImgBurn.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10382:TCP"= 10382:TCP:BitComet 10382 TCP
"10382:UDP"= 10382:UDP:BitComet 10382 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/4/2009 6:33 PM 207792]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/2/2009 2:33 PM 98440]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/4/2009 6:34 PM 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/4/2009 6:32 PM 359624]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 PM 231424]
S1 2892o0P7;2892o0P7;c:\windows\system32\drivers\2892o0P7.sys [12/1/2009 5:42 PM 80384]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 wnamjovtnb;wnamjovtnb;\??\c:\windows\system32\drivers\jiccljefwd.sys --> c:\windows\system32\drivers\jiccljefwd.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/8/2009 1:26 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/8/2009 1:26 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/8/2009 1:26 PM 23680]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/2/2009 1:26 PM 77312]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://twitter.com/home
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {145CCE74-320A-43DF-AE18-878504DCAF8C} = 193.104.110.38,4.2.2.1
TCP: {9D2B88F7-1287-446D-B936-69056593F881} = 193.104.110.38,4.2.2.1,65.32.5.111 65.32.5.112
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Extermin ... iVirus.dll
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/ ... MILive.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\xdzWWx5JO.exe
HKLM-Run-yaduhihof - c:\windows\system32\gehotimi.dll
HKLM-Run-tumujarepa - vagivoho.dll
SharedTaskScheduler-{042dc51a-5957-47e5-91af-5d1bbe01f870} - c:\windows\system32\dutuhabe.dll
SharedTaskScheduler-{4dcc3337-0d3b-4f95-b487-80b14e6ef9dd} - c:\windows\system32\viriteda.dll
SharedTaskScheduler-{a1ca5fee-4c6e-4f41-bb52-4a24ae94183d} - c:\windows\system32\viriteda.dll
SharedTaskScheduler-{06a2aed1-2397-456b-9ea6-eb3b3d2c1b3e} - c:\windows\system32\gehotimi.dll
SSODL-zesivukip-{042dc51a-5957-47e5-91af-5d1bbe01f870} - c:\windows\system32\dutuhabe.dll
SSODL-fotuzatob-{4dcc3337-0d3b-4f95-b487-80b14e6ef9dd} - c:\windows\system32\viriteda.dll
SSODL-jomemowav-{a1ca5fee-4c6e-4f41-bb52-4a24ae94183d} - c:\windows\system32\viriteda.dll
SSODL-nisohulum-{06a2aed1-2397-456b-9ea6-eb3b3d2c1b3e} - c:\windows\system32\gehotimi.dll
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
MSConfigStartUp-yaduhihof - c:\windows\system32\viriteda.dll
AddRemove-AVI Codec Pack - c:\program files\AVI Codec Pack\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 13:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?3?3?8??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(752)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-12-08 13:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-08 18:34

Pre-Run: 33,010,319,360 bytes free
Post-Run: 32,712,921,088 bytes free

- - End Of File - - ABE1635A6775D4576C38EB2BF2AF5F00
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby shinybeast » December 17th, 2009, 4:56 pm

Hi ras24,

One or more of the identified infections was a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of backdoor trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I cannot guarantee that it will be secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 18th, 2009, 12:45 pm

This whole thing is very stressful, i dont understand how i got hit so hard having AVG and malwarebytes protecting my comp.

Well, i think we can try to clean it first, just because i no longer have the windows xp recovery cd that came with the laptop. And see if its possible .
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 18th, 2009, 12:48 pm

Thank you for helping 8)
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm

Re: Malware run32.dll and i might have others

Unread postby shinybeast » December 19th, 2009, 3:56 pm

Hello jas24,

OK, we will give it a go. Let's try this first.


ComboFix


Delete Combofix.exe from your Desktop.
Click here to download Combofix (KittyFix.exe) and save it to your Desktop

Please visit this webpage for a guide for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read the guide carefully and install the Recovery Console first.

NOTE: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
A guide to do this can be found here. If you still aren't sure how to disable protection software, please ask.
NOTE: To disable AVG Internet Security
  • Locate this Image icon in the system tray and double-click it to open AVG User Interface
  • Click Components in the top menu bar and select Firewall
  • Under Firewall Settings, select (tick) Firewall disabled
  • Click Save changes and confirm by clicking Yes
  • Click Components in the top menu bar and select Identity Protection
  • Under Identity Protection Settings, uncheck Identity Protection is Active
  • Click Save changes
  • Click Components in the top menu bar and select Resident Shield
  • Under Resident Shield Settings, uncheck Resident Shield Active
  • Click Save changes
  • Close AVG Internet Security Window

After tools have run and any necessary reboots have occurred, open AVG User Interface and undo changes referring to the above instructions for disabling if needed.
  • Under Firewall Settings, select (tick) Firewall enabled then click Save changes
  • Under Identity Protection Settings, check Identity Protection is Active then click Save changes
  • Under Resident Shield Settings, check Resident Shield Active then click Save changes


Please include the C:\ComboFix.txt in your next reply for further review.
**IMPORTANT !!! Save KittyFix.exe to your Desktop**

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Malware run32.dll and i might have others

Unread postby jas24 » December 21st, 2009, 5:06 pm

ComboFix 09-12-20.08 - jas 12/21/2009 14:40:58.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.169 [GMT -5:00]
Running from: c:\documents and settings\jas\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jas\Application Data\inst.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\41.exe
c:\windows\system32\AVR10.exe
c:\windows\system32\barihuye.dll
c:\windows\system32\batiweja.dll
c:\windows\system32\begimepo.dll
c:\windows\system32\bodozanu.dll
c:\windows\system32\buvujano.dll
c:\windows\system32\dadirova.dll
c:\windows\system32\dirasawu.dll
c:\windows\system32\gabuwime.exe
c:\windows\system32\gaduvoma.dll
c:\windows\system32\goradoja.dll
c:\windows\system32\guguvevo.dll
c:\windows\system32\hubozupi.dll
c:\windows\system32\jineniwi.dll
c:\windows\system32\jogopamo.dll
c:\windows\system32\kemepiga.dll
c:\windows\system32\kogekebe.dll
c:\windows\system32\kuwalobe.dll
c:\windows\system32\leheziti.dll
c:\windows\system32\lelutayo.dll
c:\windows\system32\miyowepa.dll
c:\windows\system32\mohoyodi.exe
c:\windows\system32\nanemefu.dll
c:\windows\system32\nelesoye.dll
c:\windows\system32\norozuse.dll
c:\windows\system32\nuyuviju.dll
c:\windows\system32\srcr.dat
c:\windows\system32\tateputu.dll
c:\windows\system32\tijevilu.exe
c:\windows\system32\togemobo.dll
c:\windows\system32\towusozo.dll
c:\windows\system32\tuwihavo.dll
c:\windows\system32\vagazodi.dll
c:\windows\system32\veketaha.dll
c:\windows\system32\vobuturi.dll
c:\windows\system32\vokeloso.dll
c:\windows\system32\winhelper86.dll
c:\windows\system32\winlogon86.exe
c:\windows\system32\winupdate86.exe
c:\windows\system32\wuviforo.dll
c:\windows\system32\zosusewa.dll
c:\windows\system32\zovujiwu.dll
c:\windows\Tasks\apftdukx.job
c:\windows\Tasks\cxipuost.job
c:\windows\Tasks\iggzvall.job
c:\windows\Tasks\lmlimiqp.job
c:\windows\Tasks\orpbbrei.job
c:\windows\Tasks\qchujcpc.job
c:\windows\Tasks\rjvmsyav.job
c:\windows\Tasks\txvcxyfd.job

----- BITS: Possible infected sites -----

hxxp://77.74.48.116
hxxp://82.98.231.102
.
((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-20 17:55 . 2009-12-20 17:55 -------- d-----w- c:\program files\VSO
2009-12-19 15:24 . 2009-12-19 15:24 5902 --sh--w- c:\windows\system32\torayiya.dll
2009-12-19 15:24 . 2009-12-19 15:24 5902 --sh--w- c:\windows\system32\gemewoda.dll
2009-12-12 12:46 . 2009-12-12 12:46 -------- d-----w- c:\documents and settings\benny\Application Data\Template
2009-12-11 20:34 . 2009-12-11 20:34 5896 --sh--w- c:\windows\system32\yusutuno.exe
2009-12-09 17:48 . 2009-12-20 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 17:09 . 2009-12-09 17:09 -------- d-----w- c:\program files\Trend Micro
2009-12-09 04:17 . 2009-12-09 04:17 5902 --sh--w- c:\windows\system32\watusero.dll
2009-12-09 04:17 . 2009-12-09 04:17 5902 --sh--w- c:\windows\system32\samisede.dll
2009-12-09 04:17 . 2009-12-09 04:17 5902 --sh--w- c:\windows\system32\hepoyaba.dll
2009-12-09 04:17 . 2009-12-09 04:17 5896 --sh--w- c:\windows\system32\zehakebo.exe
2009-12-08 20:03 . 2009-12-08 21:20 -------- d-----w- C:\$AVG
2009-12-08 20:02 . 2009-12-08 20:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-08 20:02 . 2009-12-21 18:48 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-08 20:02 . 2009-12-08 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-08 20:01 . 2009-12-08 20:01 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-08 20:01 . 2009-12-08 20:01 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-08 20:01 . 2009-12-08 20:01 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-08 20:01 . 2009-12-08 20:01 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-08 20:01 . 2009-12-08 20:01 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-08 20:00 . 2009-12-08 20:00 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-08 20:00 . 2009-12-08 20:00 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-08 20:00 . 2009-12-08 20:00 -------- d-----w- c:\program files\AVG
2009-12-08 20:00 . 2009-12-08 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-08 18:15 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-12-08 00:15 . 2009-12-08 00:15 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2009-12-04 23:34 . 2009-12-04 23:34 -------- d-----w- c:\documents and settings\jas\Local Settings\Application Data\Threat Expert
2009-12-03 02:48 . 2009-12-03 02:48 -------- d-----w- c:\documents and settings\benny\Application Data\Lavasoft
2009-12-02 23:40 . 2009-12-03 01:47 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-02 23:40 . 2009-12-03 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-02 23:38 . 2009-12-02 23:38 -------- d-----w- c:\documents and settings\benny\Local Settings\Application Data\Downloaded Installations
2009-12-02 21:06 . 2009-12-02 21:06 -------- d-----w- c:\documents and settings\benny\Application Data\Malwarebytes
2009-12-02 20:50 . 2009-12-02 21:02 -------- d-----w- c:\documents and settings\benny\Local Settings\Application Data\Adobe
2009-12-02 20:30 . 2009-12-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-02 18:27 . 2009-12-04 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-12-02 18:16 . 2009-12-03 02:32 -------- d-----w- c:\documents and settings\benny\Application Data\uTorrent
2009-12-02 05:04 . 2009-12-02 05:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-12-02 02:53 . 2009-12-02 02:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-02 02:35 . 2009-12-02 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-12-02 02:33 . 2009-12-02 02:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-02 00:51 . 2009-12-02 00:51 69472 ----a-w- c:\documents and settings\benny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 22:46 . 2009-12-02 07:32 -------- d-----w- c:\documents and settings\jas\Local Settings\Application Data\opjabe
2009-12-01 22:42 . 2009-12-08 00:21 80384 ----a-w- c:\windows\system32\drivers\2892o0P7.sys
2009-12-01 22:42 . 2009-12-01 22:42 -------- d-----w- c:\documents and settings\jas\Local Settings\Application Data\esentsttools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 18:36 . 2009-01-30 00:06 -------- d-----w- c:\documents and settings\jas\Application Data\Vso
2009-12-21 00:57 . 2009-01-07 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-20 17:56 . 2009-01-30 00:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-20 17:56 . 2009-01-30 00:06 47360 ----a-w- c:\documents and settings\jas\Application Data\pcouffin.sys
2009-12-20 17:56 . 2009-01-30 00:06 47360 ----a-w- c:\documents and settings\jas\Application Data\pcouffin.sys
2009-12-19 22:39 . 2008-01-26 17:56 -------- d-----w- c:\program files\PeerGuardian2
2009-12-18 15:01 . 2008-01-23 04:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-12 12:45 . 2009-12-12 12:45 0 ----a-w- c:\documents and settings\benny\Application Data\wklnhst.dat
2009-12-08 01:27 . 2007-05-07 21:36 -------- d-----w- c:\program files\Java
2009-12-08 01:16 . 2007-05-04 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-03 02:47 . 2007-05-17 02:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-02 18:26 . 2007-07-27 20:57 -------- d-----w- c:\program files\PCPitstop
2009-11-03 18:43 . 2009-11-03 18:43 -------- d-----w- c:\program files\Invoke Solutions
2009-11-03 01:42 . 2009-10-03 11:40 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 13:04 . 2007-05-11 19:07 6588 ----a-w- c:\documents and settings\jas\Application Data\wklnhst.dat
2009-10-16 17:13 . 2009-12-08 20:20 1115392 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2007-08-20 20:09 . 2007-08-09 06:21 88 -csh--r- c:\windows\system32\9CCEB17CDB.sys
2009-09-20 03:23 . 2009-09-20 03:23 39424 --sha-w- c:\windows\system32\dolivowa.dll
2009-09-20 03:22 . 2009-09-20 03:22 45568 --sha-w- c:\windows\system32\fedozuta.dll
2009-09-21 19:37 . 2009-09-21 19:37 61952 --sha-w- c:\windows\system32\golorojo.dll
2007-08-20 20:09 . 2007-08-09 06:21 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-19 03:06 . 2009-09-19 03:06 39424 --sha-w- c:\windows\system32\regizogu.dll
2009-09-21 19:37 . 2009-09-21 19:37 31232 --sha-w- c:\windows\system32\wusosogo.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-11 2033432]
"tumujarepa"="vagivoho.dll" [BU]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"yaduhihof"="c:\windows\system32\jogopamo.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-08 1294336]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-08 20:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\2892o0P7.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-10-11 23:17 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\esentsttools]
2009-12-01 17:43 81920 ----a-w- c:\documents and settings\jas\Local Settings\Application Data\esentsttools\esentsttools.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 20:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-05-04 17:59 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 23:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 23:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2007-11-09 21:16 688128 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-22 00:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-06-15 10:50 729178 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2005-07-28 15:32 94208 ------w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 21:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"gusvc"=2 (0x2)
"Fax"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgtray.exe"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10382:TCP"= 10382:TCP:BitComet 10382 TCP
"10382:UDP"= 10382:UDP:BitComet 10382 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [12/8/2009 3:01 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/8/2009 3:01 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/8/2009 3:01 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/8/2009 3:01 PM 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/8/2009 3:01 PM 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/8/2009 3:01 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/8/2009 3:01 PM 2303680]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/8/2009 3:01 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/8/2009 3:00 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [12/8/2009 3:01 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [12/8/2009 3:01 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [12/8/2009 3:01 PM 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 PM 231424]
S1 2892o0P7;2892o0P7;c:\windows\system32\drivers\2892o0P7.sys [12/1/2009 5:42 PM 80384]
S2 wnamjovtnb;wnamjovtnb;\??\c:\windows\system32\drivers\jiccljefwd.sys --> c:\windows\system32\drivers\jiccljefwd.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/8/2009 3:00 PM 30104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/8/2009 1:26 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/8/2009 1:26 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/8/2009 1:26 PM 23680]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/2/2009 1:26 PM 77312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://twitter.com/home
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {145CCE74-320A-43DF-AE18-878504DCAF8C} = 193.104.110.38,4.2.2.1
TCP: {9D2B88F7-1287-446D-B936-69056593F881} = 193.104.110.38,4.2.2.1,65.32.5.111 65.32.5.112
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Extermin ... iVirus.dll
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/ ... MILive.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
.
- - - - ORPHANS REMOVED - - - -

BHO-{a82f8954-7714-4f1a-a3c9-f297a5fd72a9} - begimepo.dll
SharedTaskScheduler-{f23a521e-9c3a-4a26-b3c5-2f30161c8d18} - (no file)
SharedTaskScheduler-{0e057f42-b55c-40e0-8bef-713e1841f663} - (no file)
SharedTaskScheduler-{88f8d6e8-8e5a-4113-898b-3df0434895f2} - c:\windows\system32\jogopamo.dll
SSODL-sehapojip-{f23a521e-9c3a-4a26-b3c5-2f30161c8d18} - (no file)
SSODL-setavupew-{88f8d6e8-8e5a-4113-898b-3df0434895f2} - c:\windows\system32\jogopamo.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 15:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?3?3?8??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2372)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2009-12-21 15:13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-21 20:13
ComboFix2.txt 2009-12-08 18:35

Pre-Run: 34,661,494,784 bytes free
Post-Run: 34,661,433,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - C16D45AB1E981229D66A63991761D08A



Im getting some rundll errors when windows starts. I also feel like AVG keeps removing the same malwares.
Thanks for your help!
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware