Jump to content

Helpless

Members
 View Profile  See their activity

  • Posts

    19

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Helpless
    Here are all three logs as requested. I don't seem to be getting pop-ups or redirects... ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\pehinoroj deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{df65974f-b314-43f4-a6f2-41bf39b33c97} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df65974f-b314-43f4-a6f2-41bf39b33c97}\ deleted successfully. OTL by OldTimer - Version 3.1.27.1 log created on 02062010_114243 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, February 6, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, February 06, 2010 20:19:00 Records in database: 3442165 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Objects scanned: 87558 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 03:39:03 No threats found. Scanned area is clean. Selected area has been scanned. Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 9:35:22 PM, on 2/6/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\windows\ALCXMNTR.EXE C:\windows\AGRSMMSG.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\PeerBlock\peerblock.exe C:\windows\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\windows\system32\wscntfy.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\windows\system32\msiexec.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {9c0d1c95-14b5-4eee-aa63-09d80a75b24a} - mahoyape.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242519739859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1242523170109 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe -- End of file - 10498 bytes
  2. Helpless
    OTL Moved log All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\neyetapam deleted successfully. C:\WINDOWS\system32\fudukeva.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:napigowu.dll deleted successfully. File pInit_DLLs: not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fudukeva.dll deleted successfully. File C:\WINDOWS\system32\fudukeva.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\pehinoroj deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df65974f-b314-43f4-a6f2-41bf39b33c97}\ deleted successfully. File C:\WINDOWS\system32\fudukeva.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{df65974f-b314-43f4-a6f2-41bf39b33c97} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df65974f-b314-43f4-a6f2-41bf39b33c97}\ not found. File C:\WINDOWS\system32\fudukeva.dll not found. ========== FILES ========== File\Folder C:\WINDOWS\system32\fudukeva.dll not found. C:\windows\System32\wosalami.dll moved successfully. C:\windows\System32\yekugomo.dll moved successfully. C:\windows\System32\tuvikize.dll moved successfully. File\Folder C:\windows\System32\napigowu.dll not found. C:\Documents and Settings\Byer-Wein Family\Desktop\
  3. Helpless
    got to the step of running mbam-clean.exe and got same error message as the last time I tried running it: SHGetValue failed with error code 0. What do i do next?
  4. Helpless
    Just did step 1. OTL ran and then rebooted the computer. The log is below. At the same time that the log appeared I reeived the following error message. RUNDLL Error loading c:\windows\system32\fudukeva.dll OTL Log All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\neyetapam deleted successfully. C:\WINDOWS\system32\fudukeva.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:napigowu.dll deleted successfully. File pInit_DLLs: not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fudukeva.dll deleted successfully. File C:\WINDOWS\system32\fudukeva.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\pehinoroj deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df65974f-b314-43f4-a6f2-41bf39b33c97}\ deleted successfully. File C:\WINDOWS\system32\fudukeva.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{df65974f-b314-43f4-a6f2-41bf39b33c97} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df65974f-b314-43f4-a6f2-41bf39b33c97}\ not found. File C:\WINDOWS\system32\fudukeva.dll not found. ========== FILES ========== File\Folder C:\WINDOWS\system32\fudukeva.dll not found. C:\windows\System32\wosalami.dll moved successfully. C:\windows\System32\yekugomo.dll moved successfully. C:\windows\System32\tuvikize.dll moved successfully. File\Folder C:\windows\System32\napigowu.dll not found. C:\Documents and Settings\Byer-Wein Family\Desktop\
  5. Helpless
    Sorry for the delay... I'm still getting popups and redirects on my web browser on my way to this site to post... Here is the OTL logfile. It did not produce an extras.txt file. OTL logfile created on: 2/4/2010 8:34:25 PM - Run 3 OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Byer-Wein Family\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 503.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 16.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 30.21 Gb Free Space | 40.55% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BYER-WEIN Current User Name: Byer-Wein Family Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/02/03 20:45:54 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Byer-Wein Family\Desktop\OTL.exe PRC - [2009/12/09 10:27:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2009/11/18 14:00:00 | 000,495,432 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE PRC - [2009/10/28 19:21:26 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/10/28 19:21:14 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/09/28 02:02:44 | 001,524,824 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/05/17 09:03:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008/04/13 18:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2004/09/07 12:47:52 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE PRC - [2004/08/20 14:55:14 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2004/08/20 14:51:14 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2004/06/29 08:06:38 | 000,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe PRC - [2003/04/09 17:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe PRC - [2003/04/09 17:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe PRC - [2003/04/09 16:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe PRC - [2003/04/09 16:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe ========== Modules (SafeList) ========== MOD - [2099/01/01 12:00:00 | 000,096,768 | -HS- | M] () -- C:\WINDOWS\system32\fudukeva.dll MOD - [2010/02/03 20:45:54 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Byer-Wein Family\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009/12/09 10:27:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/10/28 19:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/17 09:52:04 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008/04/13 10:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/08/20 15:26:00 | 000,737,874 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2004/08/03 23:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2004/06/29 08:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003/03/31 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2003/03/09 20:31:02 | 000,021,456 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2003/03/09 20:31:02 | 000,016,080 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2003/03/09 20:31:00 | 000,051,024 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/01/28 23:24:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (no name) - {9c0d1c95-14b5-4eee-aa63-09d80a75b24a} - File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\windows\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [AlcxMonitor] C:\windows\ALCXMNTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [neyetapam] C:\windows\System32\fudukeva.DLL () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1242519739859 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1242523170109 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.157 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (napigowu.dll) - File not found O20 - AppInit_DLLs: (c:\windows\system32\fudukeva.dll) - C:\WINDOWS\system32\fudukeva.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation) O21 - SSODL: pehinoroj - {df65974f-b314-43f4-a6f2-41bf39b33c97} - C:\WINDOWS\system32\fudukeva.dll () O22 - SharedTaskScheduler: {df65974f-b314-43f4-a6f2-41bf39b33c97} - mujuzedij - C:\WINDOWS\system32\fudukeva.dll () O24 - Desktop WallPaper: Reg Error: Invalid data type. O24 - Desktop BackupWallPaper: Reg Error: Invalid data type. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/02/03 20:45:53 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Byer-Wein Family\Desktop\OTL.exe [2010/02/01 21:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\DoctorWeb [2010/02/01 20:50:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/01/31 21:02:42 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2010/01/31 13:32:40 | 000,000,000 | ---D | C] -- C:\DCE [2010/01/31 13:32:22 | 000,000,000 | ---D | C] -- C:\New Folder [2010/01/30 21:07:57 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Byer-Wein Family\Desktop\george-setup.exe [2010/01/28 23:31:42 | 000,000,000 | ---D | C] -- C:\windows\temp [2010/01/27 14:44:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Byer-Wein Family\UserData [2010/01/27 12:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/01/25 21:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2010/01/25 21:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2010/01/25 21:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\My Videos [2010/01/25 21:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\My Scans [2010/01/25 20:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\My Music [2010/01/25 20:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\My Data Sources [2010/01/25 20:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\My Albums [2010/01/25 20:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\Email addresses [2010/01/25 20:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\Downloads [2010/01/25 20:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\Condo [2010/01/25 20:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\Clip Art [2010/01/25 20:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\CD Covers [2010/01/25 20:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\Barry [2010/01/25 20:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\Barb [2010/01/25 20:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\ALS Film Fund [2010/01/25 20:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\Adobe Reader 9 Installer [2010/01/25 20:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Local Settings\Application Data\MediaMonkey [2010/01/25 20:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Desktop\Can't install or run mbam and I get web redirects - Log Attached - Malwarebytes Forum_files [2010/01/25 20:08:26 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Byer-Wein Family\Desktop\RootRepeal.exe [2010/01/25 20:08:26 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Byer-Wein Family\Desktop\TFC.exe [2010/01/25 20:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Desktop\Adobe CS4 [2010/01/25 20:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Application Data\Media Player Classic [2010/01/25 20:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Application Data\Malwarebytes [2010/01/25 20:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Application Data\Hewlett-Packard [2010/01/25 20:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Application Data\Apple Computer [2010/01/25 20:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Music [2010/01/25 20:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\DRM [2010/01/25 20:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [2010/01/25 20:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2010/01/25 20:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2010/01/25 20:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2010/01/25 20:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2010/01/25 20:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/01/25 20:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/01/25 20:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2010/01/25 20:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2010/01/25 20:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/01/25 20:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010/01/25 20:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010/01/25 20:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2010/01/24 21:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\My Documents\Updater5 [2010/01/24 21:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Application Data\uTorrent [2010/01/24 18:08:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Byer-Wein Family\IETldCache [2010/01/24 18:07:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Byer-Wein Family\PrivacIE [2010/01/24 18:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Local Settings\Application Data\Google [2010/01/24 18:07:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Byer-Wein Family\IECompatCache [2010/01/24 18:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/01/24 17:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Local Settings\Application Data\Adobe [2010/01/24 17:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2010/01/24 17:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Local Settings\Application Data\Apple Computer [2010/01/24 17:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010/01/24 14:26:29 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2010/01/24 11:55:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Byer-Wein Family\Recent [2010/01/24 11:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/01/23 21:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Byer-Wein Family\Application Data\Google [2010/01/23 14:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2010/01/23 12:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/01/13 00:51:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\aclayers.dll [2009/05/31 06:00:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/05/18 20:19:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft ========== Files - Modified Within 30 Days ========== [2099/01/01 12:00:00 | 000,096,768 | -HS- | M] () -- C:\windows\System32\fudukeva.dll [2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\windows\System32\wosalami.dll [2099/01/01 12:00:00 | 000,000,001 | -HS- | M] () -- C:\windows\System32\yekugomo.dll [2010/02/04 20:33:00 | 000,000,444 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{BA9C847F-139E-4CA1-B7B9-94CEC42E0867}.job [2010/02/04 19:06:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\FRU Task $ContextID$.job [2010/02/03 20:45:54 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Byer-Wein Family\Desktop\OTL.exe [2010/02/02 20:47:02 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\mbam-clean.exe [2010/02/02 18:14:13 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2010/02/02 18:14:07 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/02/02 18:14:04 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2010/02/02 18:13:13 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Byer-Wein Family\NTUSER.DAT [2010/02/02 18:13:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Byer-Wein Family\ntuser.ini [2010/02/02 18:13:03 | 002,656,656 | -H-- | M] () -- C:\Documents and Settings\Byer-Wein Family\Local Settings\Application Data\IconCache.db [2010/02/02 18:12:16 | 000,000,125 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\DrWebReport.csv [2010/02/01 20:57:43 | 029,616,872 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\drweb-cureit.exe [2010/02/01 19:14:16 | 000,001,585 | ---- | M] () -- C:\backup.reg [2010/02/01 19:14:14 | 000,135,168 | ---- | M] () -- C:\zip.exe [2010/02/01 19:14:14 | 000,019,286 | ---- | M] () -- C:\cleanup.exe [2010/02/01 19:14:14 | 000,000,574 | ---- | M] () -- C:\cleanup.bat [2010/02/01 07:09:15 | 000,000,001 | -HS- | M] () -- C:\windows\System32\tuvikize.dll [2010/01/31 19:56:04 | 000,843,187 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\SecurityCheck.exe [2010/01/31 15:07:48 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\gmer.zip [2010/01/31 13:35:40 | 039,360,815 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\lpt813.zip [2010/01/31 13:35:39 | 006,339,500 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\ssapiptn871.zip [2010/01/30 21:08:08 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Byer-Wein Family\Desktop\george-setup.exe [2010/01/30 21:07:23 | 000,047,792 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\3001-8022_4-10804572.html [2010/01/30 20:55:53 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\avenger.zip [2010/01/29 21:06:22 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml [2010/01/29 19:58:00 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job [2010/01/28 23:24:54 | 000,000,227 | ---- | M] () -- C:\windows\system.ini [2010/01/28 23:24:33 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2010/01/27 12:33:42 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\NTREGOPT.lnk [2010/01/27 12:33:42 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\ERUNT.lnk [2010/01/26 20:03:43 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/01/25 19:31:42 | 000,660,480 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\CFDQ-UsrPrf.exe [2010/01/24 14:30:22 | 000,023,884 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\error message.jpg [2010/01/24 14:15:58 | 000,136,628 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\Can't install or run mbam and I get web redirects - Log Attached - Malwarebytes Forum.htm [2010/01/24 14:10:45 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Byer-Wein Family\Desktop\TFC.exe [2010/01/24 12:56:46 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\~$rus software key.doc [2010/01/24 11:29:20 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\CCleaner.lnk [2010/01/24 11:07:26 | 001,629,489 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\whs_campaignposter-r6.pdf [2010/01/23 15:13:00 | 000,056,884 | -H-- | M] () -- C:\windows\System32\mlfcache.dat [2010/01/23 12:18:21 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\settings.dat [2010/01/23 12:11:41 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\HijackThis.lnk [2010/01/23 11:04:55 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Byer-Wein Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe [2010/01/08 21:18:31 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl ========== Files Created - No Company Name ========== [2099/01/01 12:00:00 | 000,096,768 | -HS- | C] () -- C:\windows\System32\fudukeva.dll [2099/01/01 12:00:00 | 000,042,496 | -HS- | C] () -- C:\windows\System32\wosalami.dll [2099/01/01 12:00:00 | 000,000,001 | -HS- | C] () -- C:\windows\System32\yekugomo.dll [2010/02/02 18:12:16 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\DrWebReport.csv [2010/02/01 20:57:40 | 029,616,872 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\drweb-cureit.exe [2010/02/01 19:24:24 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\mbam-clean.exe [2010/02/01 07:09:15 | 000,000,001 | -HS- | C] () -- C:\windows\System32\tuvikize.dll [2010/01/31 19:56:02 | 000,843,187 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\SecurityCheck.exe [2010/01/31 15:07:44 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\gmer.zip [2010/01/31 13:35:39 | 006,339,500 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\ssapiptn871.zip [2010/01/31 13:35:35 | 039,360,815 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\lpt813.zip [2010/01/30 21:07:21 | 000,047,792 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\3001-8022_4-10804572.html [2010/01/30 20:58:07 | 000,001,585 | ---- | C] () -- C:\backup.reg [2010/01/30 20:58:05 | 000,135,168 | ---- | C] () -- C:\zip.exe [2010/01/30 20:58:05 | 000,019,286 | ---- | C] () -- C:\cleanup.exe [2010/01/30 20:58:05 | 000,000,574 | ---- | C] () -- C:\cleanup.bat [2010/01/30 20:55:51 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\avenger.zip [2010/01/27 12:33:42 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\NTREGOPT.lnk [2010/01/27 12:33:42 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\ERUNT.lnk [2010/01/25 20:10:16 | 001,146,213 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\wein_family_pics_007.JPG [2010/01/25 20:10:16 | 000,505,198 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\school form.tif [2010/01/25 20:10:16 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\update 2.doc [2010/01/25 20:10:16 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Tzimmes recipe.doc [2010/01/25 20:10:16 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\virus software key.doc [2010/01/25 20:10:16 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\~$rus software key.doc [2010/01/25 20:10:16 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\~$brary Card - BMW.doc [2010/01/25 20:10:15 | 001,131,128 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Portfolio.JPG [2010/01/25 20:10:15 | 000,309,760 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\press_list_may_2008(1).xls [2010/01/25 20:10:15 | 000,230,179 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Receipt - PayPal.mht [2010/01/25 20:10:15 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\portrait.pub [2010/01/25 20:10:15 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\press_list-march 2008- revised.xls [2010/01/25 20:10:15 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\press_list-March_2008(1).xls [2010/01/25 20:10:15 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\recipes.doc [2010/01/25 20:10:15 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Josh's letter.doc [2010/01/25 20:10:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\INGREDIENTS.doc [2010/01/25 20:10:15 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Library Card - BMW.doc [2010/01/25 20:10:15 | 000,000,322 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\My Documents.lnk [2010/01/25 20:10:15 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\My Computer.lnk [2010/01/25 20:10:14 | 006,020,760 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Barb & Steve.tif [2010/01/25 20:10:14 | 000,505,198 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Experience & Interest.tif [2010/01/25 20:10:14 | 000,025,852 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\bookmark.htm [2010/01/25 20:10:14 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Computer Info.doc [2010/01/25 20:10:14 | 000,015,645 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Happy Holidays-2009[1].docx [2010/01/25 20:10:14 | 000,015,151 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Frida and Warhol.docx [2010/01/25 20:10:12 | 030,398,884 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Barb & Steve Early.tif [2010/01/25 20:10:12 | 000,685,831 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Barb & Steve Cropped.JPG [2010/01/25 20:10:12 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\atari.doc [2010/01/25 20:10:12 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Adobe Reader 9.lnk [2010/01/25 20:10:12 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\My Documents\Acrobat.com.lnk [2010/01/25 20:08:28 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/25 20:08:26 | 001,629,489 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\whs_campaignposter-r6.pdf [2010/01/25 20:08:26 | 000,102,912 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\Gift and Estate Planning Guide - DRAFT 5.doc [2010/01/25 20:08:26 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\Library Card - BMW.doc [2010/01/25 20:08:26 | 000,023,884 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\error message.jpg [2010/01/25 20:08:26 | 000,010,136 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\wireless settings.docx [2010/01/25 20:08:26 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\HijackThis.lnk [2010/01/25 20:08:26 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\CCleaner.lnk [2010/01/25 20:08:26 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\PeerBlock.lnk [2010/01/25 20:08:26 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Byer-Wein Family\Desktop\
  6. Helpless
    Dr Web Report A0031644.dll;C:\System Volume Information\_restore{564B3A04-E82D-4924-9498-B803C6FC34C0}\RP432;Trojan.Siggen.3283;Deleted.; Please advise how to proceed. Thanks.
  7. Helpless
    When I tried to run mbam-clean.exe, I received the following error message: SHGetValue failed with error code 0 Please advise how to proceed. Thanks. The Avenger log is below: Logfile of The Avenger Version 2.0,
  8. Helpless
    DURING OR RIGHT AFTER THE SECURITY CHECK SCAN, the system recovered from a serious error. My desktop wallpaper has been replaced by a black screen. the following files were included in the error report: C:\DOCUME~1\BYER-W~1\LOCALS~1\Temp\WER148c.dir00\Mini013110-01.dmp C:\DOCUME~1\BYER-W~1\LOCALS~1\Temp\WER148c.dir00\sysdata.xml Here are the requested logs in the requested order. I do not have a log for checkup.txt Thanks! SYSCLEAN LOG: /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2009-2010, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2010-01-31, 13:38:43, Auto-clean mode specified. 2010-01-31, 13:38:44, Initialized Rootkit Driver version 2.2.0.1004. 2010-01-31, 13:38:44, Running scanner "C:\DCE\TSC.BIN"... 2010-01-31, 13:39:06, Scanner "C:\DCE\TSC.BIN" has finished running. 2010-01-31, 13:39:06, TSC Log:
  9. Helpless
    You are correct. Malwarebytes is still on my computer. It just won't launch. This is the error message I receive: Unable to execute file: C:\ProgramFiles\Malwarebytes'Anti-Malware\mbam.exe CreateProcess failed; code 2. The system cannot find the file specified. I tried renaming the file as you suggested, but to no avail. Should I continue with the other steps anyway?
  10. Helpless
    I ran the avenger program, but I am still unable to install/run malwarebytes. Here is the Avenger log: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open driver "neyetapam" Disablement of driver "neyetapam" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "wihivusole" Disablement of driver "wihivusole" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "toranuzuj" Disablement of driver "toranuzuj" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "pusovidud" Disablement of driver "pusovidud" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "kupuhivus" Disablement of driver "kupuhivus" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\neyetapam" not found! Deletion of driver "neyetapam" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\wihivusole" not found! Deletion of driver "wihivusole" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\toranuzuj" not found! Deletion of driver "toranuzuj" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\pusovidud" not found! Deletion of driver "pusovidud" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\kupuhivus" not found! Deletion of driver "kupuhivus" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\dekuwuda.dll" not found! Deletion of file "c:\windows\system32\dekuwuda.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\pukohenu.dll" not found! Deletion of file "c:\windows\system32\pukohenu.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\vohejuha.dll" not found! Deletion of file "c:\windows\system32\vohejuha.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "C:\recycler" not found! Deletion of folder "C:\recycler" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open folder "D:\recycler" Deletion of folder "D:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "e:\recycler" Deletion of folder "e:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "f:\recycler" Deletion of folder "f:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "g:\recycler" Deletion of folder "g:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "h:\recycler" Deletion of folder "h:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Completed script processing. ******************* Finished! Terminate.
  11. Helpless
    I've been away from my computer the past few days... Here is the Hijack This log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:49:18 PM, on 1/30/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\ALCXMNTR.EXE C:\windows\AGRSMMSG.exe C:\WINDOWS\System32\igfxtray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\PeerBlock\peerblock.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\System32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\windows\explorer.exe C:\windows\system32\notepad.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?wa=wsignin1.0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {9c0d1c95-14b5-4eee-aa63-09d80a75b24a} - mahoyape.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [wihivusole] Rundll32.exe "vohejuha.dll",s O4 - HKLM\..\Run: [neyetapam] Rundll32.exe "c:\windows\system32\pukohenu.dll",a O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242519739859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1242523170109 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: napigowu.dll c:\windows\system32\pukohenu.dll O21 - SSODL: pusovidud - {79314909-ddc3-4191-853d-9d34b459da90} - c:\windows\system32\pukohenu.dll O22 - SharedTaskScheduler: kupuhivus - {79314909-ddc3-4191-853d-9d34b459da90} - c:\windows\system32\pukohenu.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe -- End of file - 9990 bytes
  12. Helpless
    I just got the following error message just after launching the program - "Boot partition could not be enumerated" What do I do now?
  13. Helpless
    Did you get the logs that I sent yesterday?
  14. Helpless
    Capacity on my computer is 74.5 GB. I have 3.61 GB remaining. I believe I had approximately 20% free disk space before. Thanks. BMW
  15. Helpless
    I ran the program and everything seems to be restored. However, now my computer is almost completely out of disk space whereas there was plenty of room before. I have a log from running the program, but my computer freezes every times I try to paste it into the reply. I've tried pasting it in bits and pieces and that doesn't seem to work either. I would love to be able to send you both notepad log files, so you can see what's really going on. Any suggestions? I won't do anything else on the computer until I hear from you. Thanks again.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.