multiple issues- nugel-e, etc...

multiple issues- nugel-e, etc...4th March 2010, 5:42 pm

ALright, I just realized it was bad ju-ju to piggy back through a thread with the exact issues I was having... and in trying to figure out how to fix CPU1, I think I just discovered fledgling issues with CPU2 (on the same network, but CPU im on now)

So problem 1 which is what I had been desprately trying to resolve for the last 24+ hours was as has been described by a bunch of other memebers here...

the issue is banker/nugel-e....

as described in other threads, CPU1 is locked out of the internet tons of pop-ups trying to sell some virus product, error pop ups everytime you try to open any applications saying they are infected, pop ups taking you to sites like porno.com, etc... real mess...!! can't get to the net from that CPU so followed instructions in thread and put these apps on the network so I could access & install them on CPU1... got logs from those apps (except CHeetah app, can't download that, its unavailable though link provided)....

while doing this, I got an email from my own e-mail address (on CPU2) for some russian dating crap... so I decided to run ADaware SE pro (on CPU2) (which I have had for awhile and generally works well) WOn't load anymore !! freezes, locks, wont respond. So, decided to DL another app (spybot S&D) downloaded fine, tried to run it.... also freezes wont respond. SO I cant run and diagnostics on CPU2 either... BUt as of now CPU2 has full web access and hasn't experinced any of the same pop-up symtems as CPU1.... NOW I get a email on CPU3!! from email address used on CPU3, for some other viargra or dating site of some sort!! SCARED SOMETHING IS SPREADING OUT OF CONTROL!!!!!

PLEASE HELP!!!

Re: multiple issues- nugel-e, etc...4th March 2010, 9:22 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: multiple issues- nugel-e, etc...4th March 2010, 9:37 pm

OTL logfile created on: 3/4/2010 4:31:01 PM - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Documents and Settings\ken.P43GKEN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 267.00 Mb Available Physical Memory | 56.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 65.49 Gb Free Space | 87.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive F: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive G: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive N: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive P: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive R: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive S: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive U: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS

Computer Name: P43GKEN
Current User Name: ken
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/04 16:29:41 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ken.P43GKEN\Desktop\OTL.exe
PRC - [2008/09/21 13:53:10 | 009,842,688 | ---- | M] (FrontRange Solutions Inc.) -- E:\program files\GoldMine\gmw6.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/02/06 14:42:56 | 002,674,688 | ---- | M] () -- L:\Hospital Blue Book\020211_0954 (D)\Hospital Blue Book.exe

========== Modules (SafeList) ==========

MOD - [2010/03/04 16:29:41 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ken.P43GKEN\Desktop\OTL.exe
MOD - [2008/04/13 19:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 19:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 19:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 19:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 19:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 19:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/08/03 09:50:25 | 000,077,176 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\185\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2006/03/17 05:35:00 | 001,823,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/03/17 05:34:24 | 000,115,952 | ---- | M] (symantec) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/03/17 05:34:12 | 000,030,448 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/03/07 12:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/07 12:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/06 11:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/01/24 19:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

========== Driver Services (SafeList) ==========

DRV - [2007/11/15 15:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2007/07/06 08:11:11 | 000,852,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070705.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/07/06 08:11:11 | 000,077,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070705.017\NAVENG.SYS -- (NAVENG)
DRV - [2007/07/06 08:11:10 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/03/28 19:29:54 | 000,106,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2006/02/06 11:50:22 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/31 12:29:20 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/01/24 19:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 19:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 19:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 19:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/05 02:58:14 | 000,220,672 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/05 02:57:56 | 000,012,416 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/02 08:09:18 | 000,635,281 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/23 22:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/08 23:46:00 | 000,044,544 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -- (SiSRaid)
DRV - [2003/07/17 20:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 04:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 02:14:46 | 000,049,024 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 04:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 10:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\extensions\\{10EE71B7-C7C1-439A-8678-0733BFC8AB0B}: C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\{10EE71B7-C7C1-439A-8678-0733BFC8AB0B} [2009/10/06 10:37:16 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/06/08 07:58:15 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - No CLSID value found.
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - No CLSID value found.
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - No CLSID value found.
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ltsvwimr] C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv\sgmpsftav.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Rtuvuz] C:\WINDOWS\uqivinuy.DLL (VMware, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [ltsvwimr] C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv\sgmpsftav.exe ()
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\ken.P43GKEN\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237401793821&h=9ffeeadd93f6e0194cde1efd75ab12e5/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.0.214.14 207.230.75.50
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - C:\Program Files\Citrix\GoToAssist Express Customer\185\g2ax_winlogon.dll - C:\Program Files\Citrix\GoToAssist Express Customer\185\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/31 11:08:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/03/05 08:55:30 | 000,034,304 | ---- | M] () - R:\Auton Geraldine.doc -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/04 16:30:54 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ken.P43GKEN\Desktop\OTL.exe
[2010/03/04 10:28:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/04 10:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ken.P43GKEN\Desktop\KEN VIRUS FIX
[2010/03/04 10:17:26 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/03/02 17:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv
[2009/06/30 08:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/03/04 15:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/11/30 11:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/10/30 08:45:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/31 18:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/03/27 09:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/03/27 09:29:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/31 11:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/04 16:29:41 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ken.P43GKEN\Desktop\OTL.exe
[2010/03/04 11:10:36 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\ken.P43GKEN\NTUSER.DAT
[2010/03/04 10:06:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/04 10:06:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/04 10:04:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/04 10:04:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ken.P43GKEN\ntuser.ini
[2010/03/04 10:04:40 | 003,761,198 | -H-- | M] () -- C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\IconCache.db
[2010/03/04 09:47:54 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/04 09:31:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/04 09:25:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/03 11:12:52 | 000,002,939 | ---- | M] () -- C:\WINDOWS\Nmisikovuviyak.dat
[2010/03/03 09:08:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bjepig.bin
[2010/03/02 19:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/12 10:33:24 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/10 17:21:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 17:21:11 | 000,000,193 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/12 10:33:24 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/10/15 15:40:20 | 000,000,193 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/06 10:40:50 | 000,016,330 | ---- | C] () -- C:\WINDOWS\kyby.sys
[2009/10/06 10:40:49 | 000,017,566 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hocyrucyho.exe
[2009/10/06 10:40:49 | 000,015,831 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wujym.dll
[2009/10/06 10:40:49 | 000,013,926 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\ukod.dat
[2009/10/06 10:40:49 | 000,013,579 | ---- | C] () -- C:\Program Files\Common Files\mina.bin
[2009/10/06 10:40:49 | 000,013,076 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Application Data\apyficis.bin
[2009/10/06 10:40:48 | 000,014,580 | ---- | C] () -- C:\Program Files\Common Files\zedy.db
[2009/10/06 10:40:48 | 000,012,950 | ---- | C] () -- C:\Program Files\Common Files\ygoqulygy.lib
[2009/10/06 10:40:48 | 000,012,365 | ---- | C] () -- C:\WINDOWS\System32\bacozocur.dll
[2009/10/06 10:40:48 | 000,010,133 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Application Data\maryfuraq.com
[2009/10/06 10:40:47 | 000,012,834 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Application Data\jubudyma.lib
[2008/09/02 09:03:51 | 000,094,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\agp440.sys
[2007/08/03 14:05:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/02/09 14:07:52 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/08 08:00:26 | 000,000,347 | ---- | C] () -- C:\WINDOWS\System32\winflash.dll
[2006/04/22 18:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/03/22 10:31:38 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\zlbw.dll
[2005/09/10 13:12:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/31 11:20:48 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/08/31 11:20:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/31 11:19:01 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/08/31 11:16:54 | 000,106,346 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/08/31 11:16:41 | 000,102,538 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/08/31 11:15:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

Re: multiple issues- nugel-e, etc...4th March 2010, 9:39 pm

OTL logfile created on: 3/4/2010 4:31:01 PM - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Documents and Settings\ken.P43GKEN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 267.00 Mb Available Physical Memory | 56.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 65.49 Gb Free Space | 87.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive F: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive G: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive N: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive P: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive R: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive S: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive U: | 67.83 Gb Total Space | 29.54 Gb Free Space | 43.56% Space Free | Partition Type: NTFS

Computer Name: P43GKEN
Current User Name: ken
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/04 16:29:41 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ken.P43GKEN\Desktop\OTL.exe
PRC - [2008/09/21 13:53:10 | 009,842,688 | ---- | M] (FrontRange Solutions Inc.) -- E:\program files\GoldMine\gmw6.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/02/06 14:42:56 | 002,674,688 | ---- | M] () -- L:\Hospital Blue Book\020211_0954 (D)\Hospital Blue Book.exe

========== Modules (SafeList) ==========

MOD - [2010/03/04 16:29:41 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ken.P43GKEN\Desktop\OTL.exe
MOD - [2008/04/13 19:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 19:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 19:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 19:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 19:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 19:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/08/03 09:50:25 | 000,077,176 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\185\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2006/03/17 05:35:00 | 001,823,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/03/17 05:34:24 | 000,115,952 | ---- | M] (symantec) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/03/17 05:34:12 | 000,030,448 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/03/07 12:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/07 12:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/06 11:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/01/24 19:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

========== Driver Services (SafeList) ==========

DRV - [2007/11/15 15:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2007/07/06 08:11:11 | 000,852,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070705.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/07/06 08:11:11 | 000,077,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070705.017\NAVENG.SYS -- (NAVENG)
DRV - [2007/07/06 08:11:10 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/03/28 19:29:54 | 000,106,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2006/02/06 11:50:22 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/31 12:29:20 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/01/24 19:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 19:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 19:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 19:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/05 02:58:14 | 000,220,672 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/05 02:57:56 | 000,012,416 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/02 08:09:18 | 000,635,281 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/23 22:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/08 23:46:00 | 000,044,544 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -- (SiSRaid)
DRV - [2003/07/17 20:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 04:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 02:14:46 | 000,049,024 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 04:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 10:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\extensions\\{10EE71B7-C7C1-439A-8678-0733BFC8AB0B}: C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\{10EE71B7-C7C1-439A-8678-0733BFC8AB0B} [2009/10/06 10:37:16 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/06/08 07:58:15 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - No CLSID value found.
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - No CLSID value found.
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - No CLSID value found.
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ltsvwimr] C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv\sgmpsftav.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Rtuvuz] C:\WINDOWS\uqivinuy.DLL (VMware, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [ltsvwimr] C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv\sgmpsftav.exe ()
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\ken.P43GKEN\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237401793821&h=9ffeeadd93f6e0194cde1efd75ab12e5/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.0.214.14 207.230.75.50
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - C:\Program Files\Citrix\GoToAssist Express Customer\185\g2ax_winlogon.dll - C:\Program Files\Citrix\GoToAssist Express Customer\185\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/31 11:08:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/03/05 08:55:30 | 000,034,304 | ---- | M] () - R:\Auton Geraldine.doc -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/04 16:30:54 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ken.P43GKEN\Desktop\OTL.exe
[2010/03/04 10:28:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/04 10:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ken.P43GKEN\Desktop\KEN VIRUS FIX
[2010/03/04 10:17:26 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/03/02 17:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv
[2009/06/30 08:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/03/04 15:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/11/30 11:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/10/30 08:45:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/31 18:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/03/27 09:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/03/27 09:29:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/31 11:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/04 16:29:41 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ken.P43GKEN\Desktop\OTL.exe
[2010/03/04 11:10:36 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\ken.P43GKEN\NTUSER.DAT
[2010/03/04 10:06:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/04 10:06:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/04 10:04:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/04 10:04:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ken.P43GKEN\ntuser.ini
[2010/03/04 10:04:40 | 003,761,198 | -H-- | M] () -- C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\IconCache.db
[2010/03/04 09:47:54 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/04 09:31:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/04 09:25:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/03 11:12:52 | 000,002,939 | ---- | M] () -- C:\WINDOWS\Nmisikovuviyak.dat
[2010/03/03 09:08:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bjepig.bin
[2010/03/02 19:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/12 10:33:24 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/10 17:21:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 17:21:11 | 000,000,193 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/12 10:33:24 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/10/15 15:40:20 | 000,000,193 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/06 10:40:50 | 000,016,330 | ---- | C] () -- C:\WINDOWS\kyby.sys
[2009/10/06 10:40:49 | 000,017,566 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hocyrucyho.exe
[2009/10/06 10:40:49 | 000,015,831 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wujym.dll
[2009/10/06 10:40:49 | 000,013,926 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\ukod.dat
[2009/10/06 10:40:49 | 000,013,579 | ---- | C] () -- C:\Program Files\Common Files\mina.bin
[2009/10/06 10:40:49 | 000,013,076 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Application Data\apyficis.bin
[2009/10/06 10:40:48 | 000,014,580 | ---- | C] () -- C:\Program Files\Common Files\zedy.db
[2009/10/06 10:40:48 | 000,012,950 | ---- | C] () -- C:\Program Files\Common Files\ygoqulygy.lib
[2009/10/06 10:40:48 | 000,012,365 | ---- | C] () -- C:\WINDOWS\System32\bacozocur.dll
[2009/10/06 10:40:48 | 000,010,133 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Application Data\maryfuraq.com
[2009/10/06 10:40:47 | 000,012,834 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Application Data\jubudyma.lib
[2008/09/02 09:03:51 | 000,094,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\agp440.sys
[2007/08/03 14:05:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/02/09 14:07:52 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/08 08:00:26 | 000,000,347 | ---- | C] () -- C:\WINDOWS\System32\winflash.dll
[2006/04/22 18:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/03/22 10:31:38 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\zlbw.dll
[2005/09/10 13:12:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/31 11:20:48 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/08/31 11:20:45 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/31 11:19:01 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/08/31 11:16:54 | 000,106,346 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/08/31 11:16:41 | 000,102,538 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/08/31 11:15:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

Re: multiple issues- nugel-e, etc...4th March 2010, 11:21 pm

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - No CLSID value found.
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - No CLSID value found.
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - No CLSID value found.O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - No CLSID value found.
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - No CLSID value found.
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - No CLSID value found.
O4 - HKLM..\Run: [ltsvwimr] C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv\sgmpsftav.exe ()
O4 - HKCU..\Run: [ltsvwimr] C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv\sgmpsftav.exe ()
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
[2010/03/02 17:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv
[2010/03/03 11:12:52 | 000,002,939 | ---- | M] () -- C:\WINDOWS\Nmisikovuviyak.dat
[2010/03/03 09:08:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bjepig.bin
[2009/10/06 10:40:50 | 000,016,330 | ---- | C] () -- C:\WINDOWS\kyby.sys
[2009/10/06 10:40:49 | 000,015,831 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wujym.dll
[2009/10/06 10:40:49 | 000,013,926 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\ukod.dat
[2009/10/06 10:40:49 | 000,013,579 | ---- | C] () -- C:\Program Files\Common Files\mina.bin
[2009/10/06 10:40:49 | 000,013,076 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Application Data\apyficis.bin
[2009/10/06 10:40:48 | 000,014,580 | ---- | C] () -- C:\Program Files\Common Files\zedy.db
[2009/10/06 10:40:48 | 000,012,950 | ---- | C] () -- C:\Program Files\Common Files\ygoqulygy.lib
[2009/10/06 10:40:48 | 000,012,365 | ---- | C] () -- C:\WINDOWS\System32\bacozocur.dll
[2009/10/06 10:40:48 | 000,010,133 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Application Data\maryfuraq.com
[2009/10/06 10:40:47 | 000,012,834 | ---- | C] () -- C:\Documents and Settings\ken.P43GKEN\Application Data\jubudyma.lib
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: multiple issues- nugel-e, etc...5th March 2010, 2:29 pm

Thank you. I will run this fix on CPU1 asap and let you know how it goes...

ANy clue on CPU2 ? I got in this morning, Im using CPU2 to post so I can fix CPU1, yesterday I mentioned that I couldn't get adaware, or spybot to run on CPU2 suddenly and other symtoms of a buggy of sorts were appearing on this CPU... now I get in this morning, CPU2 is loading super slow and I cant open my contact management software... also, noticed that symantec auto protect was shut off on this one.... Doesn't look like the same issue, at least not the same symtoms as CPU1, WHich I hope to resolve with the help you gave today...

What to do for CPU2 now?

Last edited by Beware_of_Dawg on 5th March 2010, 2:59 pm; edited 1 time in total

Re: multiple issues- nugel-e, etc...5th March 2010, 2:58 pm

Here is the log after the fix you recommended:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-59D4-4008-9058-080011001200}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-C1EC-0345-6EC2-4D0300000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-C1EC-0345-6EC2-4D0300000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-F09C-02B4-6EC2-AD0300000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-F09C-02B4-6EC2-AD0300000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8333c319-0669-4893-a418-f56d9249fca6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8333c319-0669-4893-a418-f56d9249fca6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffd2825e-0785-40c5-9a41-518f53a8261f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ltsvwimr deleted successfully.
C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv\sgmpsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ltsvwimr deleted successfully.
File C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv\sgmpsftav.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digiwet.dll deleted successfully.
C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\pqiqlv folder moved successfully.
C:\WINDOWS\Nmisikovuviyak.dat moved successfully.
C:\WINDOWS\Bjepig.bin moved successfully.
C:\WINDOWS\kyby.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\wujym.dll moved successfully.
C:\Documents and Settings\ken.P43GKEN\Local Settings\Application Data\ukod.dat moved successfully.
C:\Program Files\Common Files\mina.bin moved successfully.
C:\Documents and Settings\ken.P43GKEN\Application Data\apyficis.bin moved successfully.
C:\Program Files\Common Files\zedy.db moved successfully.
C:\Program Files\Common Files\ygoqulygy.lib moved successfully.
C:\WINDOWS\system32\bacozocur.dll moved successfully.
C:\Documents and Settings\ken.P43GKEN\Application Data\maryfuraq.com moved successfully.
C:\Documents and Settings\ken.P43GKEN\Application Data\jubudyma.lib moved successfully.

OTL by OldTimer - Version 3.1.33.0 log created on 03052010_094731

______________________

I don't see any sign of the problem on that CPU anymore, Thank you!

Only issue remaining with that CPU1 is that it still will not load internet explorer ? Says website unavailable anytime you try to get to the web? no pop-ups, no isssue, just no access to the web through IE ? ANy idea what may have happened or what I can do to fix ?

Re: multiple issues- nugel-e, etc...5th March 2010, 8:02 pm

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Re: multiple issues- nugel-e, etc...5th March 2010, 8:21 pm

Im assuming you talking about doing this addition log file work on the first CPU which works now but has no IE.... and not the 2nd which I have been using but is bugged now too...

Here is the file you requested from the CPU we have been working on

15:16:48:199 2652 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
15:16:48:199 2652 ================================================================================
15:16:48:199 2652 SystemInfo:

15:16:48:199 2652 OS Version: 5.1.2600 ServicePack: 3.0
15:16:48:199 2652 Product type: Workstation
15:16:48:199 2652 ComputerName: P43GKEN
15:16:48:215 2652 UserName: ken
15:16:48:215 2652 Windows directory: C:\WINDOWS
15:16:48:215 2652 Processor architecture: Intel x86
15:16:48:215 2652 Number of processors: 2
15:16:48:215 2652 Page size: 0x1000
15:16:48:215 2652 Boot type: Normal boot
15:16:48:215 2652 ================================================================================
15:16:48:215 2652 UnloadDriverW: NtUnloadDriver error 2
15:16:48:215 2652 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:16:48:230 2652 Initialize success
15:16:48:230 2652
15:16:48:230 2652 Scanning Services ...
15:16:48:230 2652 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:16:48:230 2652 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:16:48:230 2652 wfopen_ex: Trying to KLMD file open
15:16:48:230 2652 wfopen_ex: File opened ok (Flags 2)
15:16:48:230 2652 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:16:48:230 2652 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:16:48:230 2652 wfopen_ex: Trying to KLMD file open
15:16:48:230 2652 wfopen_ex: File opened ok (Flags 2)
15:16:48:308 2652 GetAdvancedServicesInfo: Raw services enum returned 314 services
15:16:48:308 2652 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:16:48:308 2652 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:16:48:308 2652
15:16:48:308 2652 Scanning Kernel memory ...
15:16:48:308 2652 Devices to scan: 2
15:16:48:308 2652
15:16:48:308 2652 Driver Name: Disk
15:16:48:308 2652 IRP_MJ_CREATE : F7577BB0
15:16:48:308 2652 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:16:48:308 2652 IRP_MJ_CLOSE : F7577BB0
15:16:48:308 2652 IRP_MJ_READ : F7571D1F
15:16:48:308 2652 IRP_MJ_WRITE : F7571D1F
15:16:48:308 2652 IRP_MJ_QUERY_INFORMATION : 804F4562
15:16:48:308 2652 IRP_MJ_SET_INFORMATION : 804F4562
15:16:48:308 2652 IRP_MJ_QUERY_EA : 804F4562
15:16:48:308 2652 IRP_MJ_SET_EA : 804F4562
15:16:48:308 2652 IRP_MJ_FLUSH_BUFFERS : F75722E2
15:16:48:308 2652 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:16:48:308 2652 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:16:48:308 2652 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:16:48:308 2652 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:16:48:308 2652 IRP_MJ_DEVICE_CONTROL : F75723BB
15:16:48:308 2652 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7575F28
15:16:48:308 2652 IRP_MJ_SHUTDOWN : F75722E2
15:16:48:308 2652 IRP_MJ_LOCK_CONTROL : 804F4562
15:16:48:308 2652 IRP_MJ_CLEANUP : 804F4562
15:16:48:308 2652 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:16:48:308 2652 IRP_MJ_QUERY_SECURITY : 804F4562
15:16:48:308 2652 IRP_MJ_SET_SECURITY : 804F4562
15:16:48:308 2652 IRP_MJ_POWER : F7573C82
15:16:48:308 2652 IRP_MJ_SYSTEM_CONTROL : F757899E
15:16:48:308 2652 IRP_MJ_DEVICE_CHANGE : 804F4562
15:16:48:308 2652 IRP_MJ_QUERY_QUOTA : 804F4562
15:16:48:308 2652 IRP_MJ_SET_QUOTA : 804F4562
15:16:48:308 2652 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:16:48:308 2652 sion
15:16:48:324 2652 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:16:48:324 2652
15:16:48:324 2652 Driver Name: SiSRaid
15:16:48:324 2652 IRP_MJ_CREATE : F736C44C
15:16:48:324 2652 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:16:48:324 2652 IRP_MJ_CLOSE : F736C44C
15:16:48:324 2652 IRP_MJ_READ : 804F4562
15:16:48:324 2652 IRP_MJ_WRITE : 804F4562
15:16:48:324 2652 IRP_MJ_QUERY_INFORMATION : 804F4562
15:16:48:324 2652 IRP_MJ_SET_INFORMATION : 804F4562
15:16:48:324 2652 IRP_MJ_QUERY_EA : 804F4562
15:16:48:324 2652 IRP_MJ_SET_EA : 804F4562
15:16:48:324 2652 IRP_MJ_FLUSH_BUFFERS : 804F4562
15:16:48:324 2652 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:16:48:324 2652 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:16:48:324 2652 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:16:48:324 2652 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:16:48:324 2652 IRP_MJ_DEVICE_CONTROL : F736C44C
15:16:48:324 2652 IRP_MJ_INTERNAL_DEVICE_CONTROL : F736C44C
15:16:48:324 2652 IRP_MJ_SHUTDOWN : 804F4562
15:16:48:324 2652 IRP_MJ_LOCK_CONTROL : 804F4562
15:16:48:324 2652 IRP_MJ_CLEANUP : 804F4562
15:16:48:324 2652 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:16:48:324 2652 IRP_MJ_QUERY_SECURITY : 804F4562
15:16:48:324 2652 IRP_MJ_SET_SECURITY : 804F4562
15:16:48:324 2652 IRP_MJ_POWER : F736C44C
15:16:48:324 2652 IRP_MJ_SYSTEM_CONTROL : F736C44C
15:16:48:324 2652 IRP_MJ_DEVICE_CHANGE : 804F4562
15:16:48:324 2652 IRP_MJ_QUERY_QUOTA : 804F4562
15:16:48:324 2652 IRP_MJ_SET_QUOTA : 804F4562
15:16:48:324 2652 siohd: 0
15:16:48:340 2652 C:\WINDOWS\system32\DRIVERS\SiSRaid.sys - Verdict: Clean
15:16:48:340 2652
15:16:48:340 2652 Completed
15:16:48:340 2652
15:16:48:340 2652 Results:
15:16:48:340 2652 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
15:16:48:340 2652 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:16:48:340 2652 File objects infected / cured / cured on reboot: 0 / 0 / 0
15:16:48:340 2652
15:16:48:340 2652 KLMD(ARK) unloaded successfully

Re: multiple issues- nugel-e, etc...5th March 2010, 8:42 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

multiple issues- nugel-e, etc...

descriptionmultiple issues- nugel-e, etc...4th March 2010, 5:42 pm

descriptionRe: multiple issues- nugel-e, etc...4th March 2010, 9:22 pm

descriptionRe: multiple issues- nugel-e, etc...4th March 2010, 9:37 pm

descriptionRe: multiple issues- nugel-e, etc...4th March 2010, 9:39 pm

descriptionRe: multiple issues- nugel-e, etc...4th March 2010, 11:21 pm

descriptionRe: multiple issues- nugel-e, etc...5th March 2010, 2:29 pm

descriptionRe: multiple issues- nugel-e, etc...5th March 2010, 2:58 pm

descriptionRe: multiple issues- nugel-e, etc...5th March 2010, 8:02 pm

descriptionRe: multiple issues- nugel-e, etc...5th March 2010, 8:21 pm

descriptionRe: multiple issues- nugel-e, etc...5th March 2010, 8:42 pm

descriptionRe: multiple issues- nugel-e, etc...