puddin0229

Members

View Profile See their activity

Posts
20
Joined
February 28, 2010
Last visited
March 25, 2010

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by puddin0229

Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

when is it ok to run an active x control. I went to update microsoft and it said i had to add actice x control
- March 20, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

Thanks again for all your help. Are all viruses and stuff off my computer now?I have another question with regards to scanners and such. I have spybot on my computer but when it tells me I have a registry change or other stuff....How do I know how to answer these questions.....I try to go do a defragment and clear out stuff regularly but im always afraid i will get rid of something I need.... I also installed spy doctor but when it finished scanning it wanted me to purchase is that theyway its suppose to work. Are there simple classes you can take that does not get really technical like what you do. One more thing, what you did for me was invaluable and I would very much like to contribute but right now Im not able, do i have to do it here or can I mail a money order when i am able.
- March 20, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

Everything is going good as far as I can tell, there have been no pop ups or redirecting. The only pop up im getting is for error reporting to micorsoft
- March 19, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

Everything seems fine, there are no pop-ups or anything. Things load good as far as i know. Thanks again for all your help.
- March 19, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

Everything seems fine, there are no pop-ups or anything. Things load good as far as i know. Thanks again for all your help.
- March 19, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

========== OTL ========== C:\Documents and Settings\All Users\Application Data\ijuluz.com moved successfully. C:\WINDOWS\xivez.sys moved successfully. C:\Documents and Settings\All Users\Application Data\netekud._sy moved successfully. C:\Documents and Settings\All Users\Application Data\upamireb._dl moved successfully. OTL by OldTimer - Version 3.1.34.0 log created on 03182010_065613 Im not sure what to look for as far as issues. Now that that has been done what do I need to do now to try to prevent this from happening again. I know I don't understand all the things you had me do but is there something that I can learn to look for or do to protect my computers from things you think will help you when they are really designed to hurt. Thanks for all your help
- March 18, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

OTL logfile created on: 3/17/2010 8:02:42 PM - Run 2 OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 2 3069 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.46 Gb Total Space | 38.39 Gb Free Space | 51.56% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CYNTANDZEST Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\WINDOWS\system32\LxrJD31s.exe () PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) PRC - C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.) PRC - C:\Program Files\Common Files\AOL\1112159610\EE\aolsoftware.exe (AOL LLC) PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC) PRC - C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (McNASvc) -- File not found SRV - (ITMRTSVC) -- File not found SRV - (aolavupd) -- File not found SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe () SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation) SRV - (npkcmsvc) -- C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC) SRV - (dlbt_device) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell) SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (LxrJD31d) -- C:\WINDOWS\system32\drivers\LxrJD31d.sys () DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MCSTRM) -- C:\WINDOWS\system32\drivers\mcstrm.sys (RealNetworks, Inc.) DRV - (ATWPKT2) -- C:\WINDOWS\system32\drivers\atwpkt2.sys (America Online) DRV - (StMp3Rec) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys (Generic) DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys () DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,start page = http://www.msn.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Documents and Settings\JUST DONT KNOW\Application Data\MySpace\Toolbar\bin\ FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 21:11:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/22 22:38:37 | 000,000,000 | ---D | M] [2009/06/04 19:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2009/06/04 19:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2010/03/15 18:29:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC) O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe () O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1112159610\EE\aolsoftware.exe (AOL LLC) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\intelmem.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1112754142203 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1131064372484 (MUWebControl Class) O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB (TLIEFlashObj Class) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Real%20Crimes%20-%20The%20Unicorn%20Killer/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/03/29 21:20:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/03/17 19:57:46 | 000,000,000 | ---D | C] -- C:\_OTL [2010/03/16 21:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/03/16 21:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes [2010/03/16 21:07:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/16 21:07:31 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/03/16 21:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/16 20:59:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/03/15 22:46:42 | 000,000,000 | ---D | C] -- C:\puddin17215p [2010/03/15 18:15:46 | 000,000,000 | ---D | C] -- C:\puddin4335p [2010/03/14 18:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\combo log txt [2010/03/14 17:25:53 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/03/14 17:23:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/03/14 17:23:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/03/14 17:23:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/03/14 17:23:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/03/14 17:23:36 | 000,000,000 | ---D | C] -- C:\puddin [2010/03/14 17:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/03/13 20:05:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/03/11 21:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2010/03/06 18:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2010/02/27 22:38:35 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/02/27 17:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/06/13 20:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2008/10/13 21:12:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008/10/11 17:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2008/10/11 17:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo! [2008/03/10 20:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2008/03/10 20:49:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2005/12/27 14:45:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2005/12/08 15:26:00 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\flashshl.dll [2005/08/31 20:33:54 | 000,092,672 | ---- | C] ( ) -- C:\WINDOWS\System32\DVDRead.dll [2005/03/31 23:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2003/12/09 13:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/03/17 19:53:17 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2010/03/17 19:52:52 | 000,334,438 | ---- | M] () -- C:\logfile [2010/03/17 19:51:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/03/17 19:50:50 | 000,011,261 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2010/03/17 19:50:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/03/17 19:50:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/03/17 07:27:50 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat [2010/03/17 07:27:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini [2010/03/16 21:07:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/15 22:57:36 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini [2010/03/15 18:29:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/03/15 18:11:21 | 003,891,061 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\puddin.exe [2010/03/15 17:59:13 | 000,444,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/03/15 17:59:12 | 000,528,018 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/03/15 17:59:12 | 000,073,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/03/14 19:10:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/03/14 19:07:14 | 000,000,309 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2010/03/14 18:26:01 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk [2010/03/14 17:26:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/03/13 20:10:57 | 003,888,953 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe [2010/03/13 19:55:07 | 003,888,953 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2010/03/13 19:51:00 | 000,000,627 | ---- | M] () -- C:\WINDOWS\dellstat.ini [2010/03/11 23:19:08 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk [2010/03/08 00:54:33 | 000,008,804 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kiwayne's rough draft my edit.rtf [2010/03/06 20:07:30 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\7w2htxsg.exe [2010/03/06 19:40:31 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/03/06 18:14:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2010/03/05 14:03:19 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/03/16 21:07:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/14 17:26:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/03/14 17:25:56 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/03/14 17:23:58 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/03/14 17:23:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/03/14 17:23:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/03/14 17:23:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/03/14 17:23:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/03/14 16:42:35 | 003,891,061 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\puddin.exe [2010/03/13 20:07:38 | 003,888,953 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe [2010/03/13 19:54:55 | 003,888,953 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2010/03/08 00:50:51 | 000,008,804 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kiwayne's rough draft my edit.rtf [2010/03/06 20:07:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\7w2htxsg.exe [2010/02/06 21:46:00 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old [2009/08/19 20:59:57 | 000,018,166 | ---- | C] () -- C:\WINDOWS\System32\esyb.sys [2009/08/19 20:59:57 | 000,014,206 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ijuluz.com [2009/08/19 20:59:57 | 000,012,292 | ---- | C] () -- C:\WINDOWS\xivez.sys [2009/08/19 20:59:57 | 000,011,653 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\netekud._sy [2009/08/19 20:59:57 | 000,010,689 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\upamireb._dl [2009/07/03 14:06:10 | 001,329,664 | ---- | C] () -- C:\WINDOWS\System32\nszFA.dll [2009/07/02 21:51:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI [2009/07/02 19:39:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat [2009/07/02 16:37:43 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009/06/29 20:52:53 | 000,622,113 | ---- | C] () -- C:\WINDOWS\System32\IDPList.dll [2009/06/29 20:52:53 | 000,013,772 | ---- | C] () -- C:\WINDOWS\System32\IDPImmData.dll [2009/06/29 20:52:52 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\IDPCritProc.dll [2009/06/07 12:35:29 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\IDPVer.ini [2009/06/07 12:14:08 | 000,002,557 | ---- | C] () -- C:\WINDOWS\System32\sk_bho.ini [2009/06/07 11:40:19 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini [2009/05/15 23:37:13 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BuGHkSmUzn.gif [2009/05/15 23:37:12 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BuGHkSmUat.gif [2009/05/15 23:37:12 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BuGHkSmUby.gif [2008/11/30 15:40:21 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/10/13 01:05:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini [2008/03/31 20:05:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI [2008/03/20 22:48:25 | 000,000,627 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2008/03/20 22:44:53 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll [2008/03/20 22:44:52 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll [2008/03/20 22:43:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll [2008/03/20 22:43:15 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll [2008/03/20 22:43:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll [2008/03/20 22:43:02 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll [2008/03/20 22:42:52 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll [2008/03/11 18:31:18 | 000,000,309 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007/11/20 13:32:41 | 000,025,964 | ---- | C] () -- C:\WINDOWS\System32\IDPSigLevel.dll [2007/11/20 13:32:40 | 005,527,385 | ---- | C] () -- C:\WINDOWS\System32\IDPRSig.dll [2007/11/20 13:32:39 | 004,985,733 | ---- | C] () -- C:\WINDOWS\System32\IDPFSig.dll [2007/11/20 13:32:39 | 000,343,272 | ---- | C] () -- C:\WINDOWS\System32\IDPESig.dll [2007/11/20 13:32:39 | 000,002,380 | ---- | C] () -- C:\WINDOWS\System32\IDPBlkCoo.dll [2007/01/27 23:08:33 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll [2007/01/27 23:08:33 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll [2007/01/27 23:08:32 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys [2006/11/12 15:02:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI [2006/10/06 21:00:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Epscan2.INI [2006/10/06 19:30:01 | 000,004,131 | ---- | C] () -- C:\WINDOWS\estwn323.ini [2006/07/04 00:10:06 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini [2006/02/13 23:57:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini [2005/12/25 14:40:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005/12/08 15:26:00 | 000,000,468 | ---- | C] () -- C:\WINDOWS\LXBRFMT.INI [2005/12/08 15:26:00 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI [2005/12/08 15:25:56 | 000,003,205 | ---- | C] () -- C:\WINDOWS\LXBRCAH.ini [2005/12/08 15:25:55 | 000,002,178 | ---- | C] () -- C:\WINDOWS\System32\LXBRSET.INI [2005/09/12 21:44:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2005/07/17 23:30:34 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll [2005/07/17 23:30:21 | 000,000,529 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2005/06/08 15:21:28 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI [2005/05/13 15:31:40 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/05/08 13:31:06 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll [2005/05/08 13:31:06 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll [2005/05/08 13:31:06 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll [2005/05/08 13:31:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll [2005/05/08 13:29:34 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson640.ini [2005/04/26 01:58:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI [2005/04/25 00:22:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/04/05 21:31:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB [2005/04/05 21:31:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB [2005/04/05 21:21:06 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2005/04/03 23:32:50 | 000,060,449 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005/04/01 14:31:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL [2005/04/01 14:31:17 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll [2005/03/29 23:00:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/03/29 22:42:25 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys [2005/03/29 22:10:29 | 000,000,372 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2003/08/12 12:58:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll [2003/08/12 12:58:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [2002/07/07 11:54:51 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:182786D9 @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9BA8D0 @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2AAF611 @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0F561FE @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\ComboFix.exe:SummaryInformation @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51574724 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC460D15 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE19DD1 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BB9DCC9 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84ECD9DF @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F25B38E8 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C03F5109 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64648EF8 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A7CF18 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A6414DE @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C22C34B @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11201333 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F321F01E @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03392111 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8B5993B @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCAF903C @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F09BC2E @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B98740F @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E69E337 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:178D4338 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E01678 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A17AFE82 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73933431 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64FE250B @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD537E5A @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7ADB4DA @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1C0B203 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDBB1ABC @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B0B85D2 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41D53451 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56DDC33 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5096B56 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD2AB6E9 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67C9F690 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AC9B4B7 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DA64F2C < End of report >
- March 18, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

Error: Unable to interpret <CODE> in the current context! ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Starting removal of ActiveX control {38D63471-E630-4492-A986-B8C48B79F2F8} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{38D63471-E630-4492-A986-B8C48B79F2F8}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{38D63471-E630-4492-A986-B8C48B79F2F8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38D63471-E630-4492-A986-B8C48B79F2F8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{38D63471-E630-4492-A986-B8C48B79F2F8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38D63471-E630-4492-A986-B8C48B79F2F8}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. C:\WINDOWS\system32\litolani moved successfully. C:\Documents and Settings\Owner\Application Data\iexplore.iss moved successfully. ========== FILES ========== File\Folder c:\documents and settings\All Users\Application Data\vawirofa not found. File\Folder c:\documents and settings\All Users\Application Data\natulevo not found. File\Folder c:\documents and settings\All Users\Application Data\mafuyiha not found. File\Folder c:\documents and settings\All Users\Application Data\pasaruwe not found. File\Folder c:\documents and settings\All Users\Application Data\jijejamu not found. File\Folder c:\documents and settings\All Users\Application Data\labesina not found. OTL by OldTimer - Version 3.1.34.0 log created on 03172010_195909
- March 18, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

OTL logfile created on: 3/17/2010 7:02:42 AM - Run 1 OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 2 3069 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.46 Gb Total Space | 38.46 Gb Free Space | 51.65% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CYNTANDZEST Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\WINDOWS\system32\LxrJD31s.exe () PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) PRC - C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.) PRC - C:\Program Files\Common Files\AOL\1112159610\EE\aolsoftware.exe (AOL LLC) PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC) PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC) PRC - C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Common Files\AOL\ACS\WLHook.dll (America Online) ========== Win32 Services (SafeList) ========== SRV - (McNASvc) -- File not found SRV - (ITMRTSVC) -- File not found SRV - (aolavupd) -- File not found SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe () SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation) SRV - (npkcmsvc) -- C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC) SRV - (dlbt_device) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell) SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (LxrJD31d) -- C:\WINDOWS\system32\drivers\LxrJD31d.sys () DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MCSTRM) -- C:\WINDOWS\system32\drivers\mcstrm.sys (RealNetworks, Inc.) DRV - (ATWPKT2) -- C:\WINDOWS\system32\drivers\atwpkt2.sys (America Online) DRV - (StMp3Rec) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys (Generic) DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys () DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,start page = http://www.msn.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Documents and Settings\JUST DONT KNOW\Application Data\MySpace\Toolbar\bin\ FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 21:11:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/22 22:38:37 | 000,000,000 | ---D | M] [2009/06/04 19:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2009/06/04 19:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2010/03/15 18:29:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC) O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe () O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1112159610\EE\aolsoftware.exe (AOL LLC) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\intelmem.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} http://update.videoegg.com/wintel/VideoEggPublisher.exe (CVideoEgg_ActiveXCtl Object) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1112754142203 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1131064372484 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB (TLIEFlashObj Class) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Real%20Crimes%20-%20The%20Unicorn%20Killer/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/03/29 21:20:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/03/16 21:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/03/16 21:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes [2010/03/16 21:07:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/16 21:07:31 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/03/16 21:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/16 20:59:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/03/15 22:46:42 | 000,000,000 | ---D | C] -- C:\puddin17215p [2010/03/15 18:15:46 | 000,000,000 | ---D | C] -- C:\puddin4335p [2010/03/14 18:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\combo log txt [2010/03/14 17:25:53 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/03/14 17:23:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/03/14 17:23:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/03/14 17:23:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/03/14 17:23:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/03/14 17:23:36 | 000,000,000 | ---D | C] -- C:\puddin [2010/03/14 17:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/03/13 20:05:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/03/11 21:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2010/03/06 18:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2010/02/27 22:38:35 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/02/27 17:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/06/13 20:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2008/10/13 21:12:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008/10/11 17:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2008/10/11 17:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo! [2008/03/10 20:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2008/03/10 20:49:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2005/12/27 14:45:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2005/12/08 15:26:00 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\flashshl.dll [2005/08/31 20:33:54 | 000,092,672 | ---- | C] ( ) -- C:\WINDOWS\System32\DVDRead.dll [2005/03/31 23:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2003/12/09 13:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/03/17 06:56:26 | 000,334,286 | ---- | M] () -- C:\logfile [2010/03/17 06:55:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/03/17 06:55:30 | 000,011,261 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2010/03/17 06:55:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/03/17 06:54:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/03/17 03:52:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2010/03/16 21:24:09 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat [2010/03/16 21:24:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini [2010/03/16 21:07:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/15 22:57:36 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini [2010/03/15 18:29:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/03/15 18:11:21 | 003,891,061 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\puddin.exe [2010/03/15 17:59:13 | 000,444,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/03/15 17:59:12 | 000,528,018 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/03/15 17:59:12 | 000,073,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/03/14 19:10:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/03/14 19:07:14 | 000,000,309 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2010/03/14 18:26:01 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk [2010/03/14 17:26:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/03/13 20:10:57 | 003,888,953 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe [2010/03/13 19:55:07 | 003,888,953 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2010/03/13 19:51:00 | 000,000,627 | ---- | M] () -- C:\WINDOWS\dellstat.ini [2010/03/11 23:19:08 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk [2010/03/08 00:54:33 | 000,008,804 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kiwayne's rough draft my edit.rtf [2010/03/06 20:07:30 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\7w2htxsg.exe [2010/03/06 19:40:31 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/03/06 18:14:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2010/03/06 13:29:20 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\litolani [2010/03/05 14:03:19 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/03/16 21:07:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/14 17:26:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/03/14 17:25:56 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/03/14 17:23:58 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/03/14 17:23:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/03/14 17:23:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/03/14 17:23:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/03/14 17:23:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/03/14 16:42:35 | 003,891,061 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\puddin.exe [2010/03/13 20:07:38 | 003,888,953 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe [2010/03/13 19:54:55 | 003,888,953 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2010/03/08 00:50:51 | 000,008,804 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kiwayne's rough draft my edit.rtf [2010/03/06 20:07:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\7w2htxsg.exe [2010/02/06 21:46:00 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old [2009/08/19 20:59:57 | 000,018,166 | ---- | C] () -- C:\WINDOWS\System32\esyb.sys [2009/08/19 20:59:57 | 000,014,206 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ijuluz.com [2009/08/19 20:59:57 | 000,012,292 | ---- | C] () -- C:\WINDOWS\xivez.sys [2009/08/19 20:59:57 | 000,011,653 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\netekud._sy [2009/08/19 20:59:57 | 000,010,689 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\upamireb._dl [2009/07/03 14:06:10 | 001,329,664 | ---- | C] () -- C:\WINDOWS\System32\nszFA.dll [2009/07/02 21:51:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI [2009/07/02 19:39:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat [2009/07/02 16:37:43 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009/06/29 20:52:53 | 000,622,113 | ---- | C] () -- C:\WINDOWS\System32\IDPList.dll [2009/06/29 20:52:53 | 000,013,772 | ---- | C] () -- C:\WINDOWS\System32\IDPImmData.dll [2009/06/29 20:52:52 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\IDPCritProc.dll [2009/06/07 12:35:29 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\IDPVer.ini [2009/06/07 12:14:08 | 000,002,557 | ---- | C] () -- C:\WINDOWS\System32\sk_bho.ini [2009/06/07 11:40:19 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini [2009/05/15 23:37:13 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BuGHkSmUzn.gif [2009/05/15 23:37:12 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BuGHkSmUat.gif [2009/05/15 23:37:12 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BuGHkSmUby.gif [2008/11/30 15:40:21 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/10/13 01:05:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini [2008/10/12 23:01:54 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\iexplore.iss [2008/03/31 20:05:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI [2008/03/20 22:48:25 | 000,000,627 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2008/03/20 22:44:53 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll [2008/03/20 22:44:52 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll [2008/03/20 22:43:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll [2008/03/20 22:43:15 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll [2008/03/20 22:43:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll [2008/03/20 22:43:02 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll [2008/03/20 22:42:52 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll [2008/03/11 18:31:18 | 000,000,309 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007/11/20 13:32:41 | 000,025,964 | ---- | C] () -- C:\WINDOWS\System32\IDPSigLevel.dll [2007/11/20 13:32:40 | 005,527,385 | ---- | C] () -- C:\WINDOWS\System32\IDPRSig.dll [2007/11/20 13:32:39 | 004,985,733 | ---- | C] () -- C:\WINDOWS\System32\IDPFSig.dll [2007/11/20 13:32:39 | 000,343,272 | ---- | C] () -- C:\WINDOWS\System32\IDPESig.dll [2007/11/20 13:32:39 | 000,002,380 | ---- | C] () -- C:\WINDOWS\System32\IDPBlkCoo.dll [2007/01/27 23:08:33 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll [2007/01/27 23:08:33 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll [2007/01/27 23:08:32 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys [2006/11/12 15:02:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI [2006/10/06 21:00:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Epscan2.INI [2006/10/06 19:30:01 | 000,004,131 | ---- | C] () -- C:\WINDOWS\estwn323.ini [2006/07/04 00:10:06 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini [2006/02/13 23:57:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini [2005/12/25 14:40:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005/12/08 15:26:00 | 000,000,468 | ---- | C] () -- C:\WINDOWS\LXBRFMT.INI [2005/12/08 15:26:00 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI [2005/12/08 15:25:56 | 000,003,205 | ---- | C] () -- C:\WINDOWS\LXBRCAH.ini [2005/12/08 15:25:55 | 000,002,178 | ---- | C] () -- C:\WINDOWS\System32\LXBRSET.INI [2005/09/12 21:44:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2005/07/17 23:30:34 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll [2005/07/17 23:30:21 | 000,000,529 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2005/06/08 15:21:28 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI [2005/05/13 15:31:40 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/05/08 13:31:06 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll [2005/05/08 13:31:06 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll [2005/05/08 13:31:06 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll [2005/05/08 13:31:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll [2005/05/08 13:29:34 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson640.ini [2005/04/26 01:58:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI [2005/04/25 00:22:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/04/05 21:31:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB [2005/04/05 21:31:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB [2005/04/05 21:21:06 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2005/04/03 23:32:50 | 000,060,449 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005/04/01 14:31:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL [2005/04/01 14:31:17 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll [2005/03/29 23:00:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/03/29 22:42:25 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys [2005/03/29 22:10:29 | 000,000,372 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2003/08/12 12:58:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll [2003/08/12 12:58:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [2002/07/07 11:54:51 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:182786D9 @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9BA8D0 @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2AAF611 @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0F561FE @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\ComboFix.exe:SummaryInformation @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51574724 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC460D15 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE19DD1 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BB9DCC9 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84ECD9DF @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F25B38E8 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C03F5109 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64648EF8 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A7CF18 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A6414DE @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C22C34B @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11201333 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F321F01E @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03392111 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8B5993B @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCAF903C @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F09BC2E @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B98740F @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E69E337 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:178D4338 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E01678 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A17AFE82 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73933431 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64FE250B @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD537E5A @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7ADB4DA @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1C0B203 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDBB1ABC @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B0B85D2 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41D53451 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56DDC33 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5096B56 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD2AB6E9 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67C9F690 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AC9B4B7 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DA64F2C < End of report >
- March 17, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=ef19397a3d97dd4c9613a6438b9dc4b3 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2010-03-17 04:25:55 # local_time=2010-03-16 11:25:55 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 16776574 100 21 6602301 20798855 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=124434 # found=51 # cleaned=51 # scan_time=6242 C:\Documents and Settings\All Users\Application Data\jijejamu\jijejamu.dll a variant of Win32/Kryptik.CEO trojan (cleaned by deleting - quarantined) 96394336E735062B3CF20BAFDD1EC3A3 C C:\Documents and Settings\All Users\Application Data\juposeno\juposeno.exe Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 12D5E614B4311A59D558BF075428C5C3 C C:\Documents and Settings\All Users\Application Data\labesina\labesina.dll a variant of Win32/Kryptik.CEO trojan (cleaned by deleting - quarantined) 99AB1ED1BF75DA7EC9D9CE799F87094C C C:\Documents and Settings\All Users\Application Data\nijopido\nijopido.dll a variant of Win32/Kryptik.BUA trojan (cleaned by deleting - quarantined) E6DE20773D6486EE83E3BAB87DD76C6F C C:\Documents and Settings\All Users\Application Data\pasaruwe\pasaruwe.exe a variant of Win32/Adware.PCProtector.B application (cleaned by deleting - quarantined) 6ECF8C6B0B5C26B4107B4393FA33E4E3 C C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch128.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 1321C6642F54596031BD81ED17FB91D8 C C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch132.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) A6B9CA71E90A24F3640826B259F7D990 C C:\Documents and Settings\All Users\Application Data\turepare\turepare.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 25663D3896C689487660D5AB811408F6 C C:\Documents and Settings\All Users\Application Data\vikikeme\vikikeme.dll a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) 796A54BD2A843B36450E5872CA561D97 C C:\Documents and Settings\All Users\Application Data\yemopego\yemopego.dll a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) 138658FE8509F94BEBC98556828862F1 C C:\Documents and Settings\HULK2010\My Documents\My Pictures\HULK\My Documents\My Pictures\HULK2010\My Documents\My Pictures\HULK\Desktop\JUST DONT KNOW\My Documents\iMeshV7.exe a variant of Win32/Adware.Toolbar.Shopper.AA application (deleted - quarantined) 84E5BC764AFE52929481A01973AD9EF2 C C:\Documents and Settings\HULK2010\My Documents\My Pictures\HULK\My Documents\My Pictures\HULK2010\My Documents\My Pictures\HULK\My Documents\LimeWire\Saved\jamie foxx she has her own.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 95BFBC95E9845643C7DCAAA024E2BC68 C C:\Documents and Settings\HULK2010\My Documents\My Pictures\HULK\My Documents\My Pictures\HULK2010\My Documents\My Pictures\HULK\My Documents\LimeWire\Saved\Kanye West-Late Registration-04 - Gold Digger (Feat_ Jamie Foxx).wma WMA/TrojanDownloader.Wimad.NAD trojan (cleaned by deleting - quarantined) AEFF0ABAF96D4336264BB0C586E6319E C C:\Documents and Settings\HULK2010\My Documents\My Pictures\HULK\My Documents\My Pictures\HULK2010\My Documents\My Pictures\HULK\My Documents\LimeWire\Saved\Mary Mary - Get Up.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) E0DB7BD7A77EDA33B52F9833F09DC3D8 C C:\Documents and Settings\HULK2010\My Documents\My Pictures\HULK\My Documents\My Pictures\HULK2010\My Documents\My Pictures\HULK\My Documents\LimeWire\Saved\O Jays - Baby I Need Your Loving.wma probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) BDFEA0A8E6C89DA6B57837ADE2D98ED3 C C:\Documents and Settings\HULK2010\My Documents\My Pictures\HULK\My Documents\My Pictures\HULK2010\My Documents\My Pictures\HULK\My Documents\LimeWire\Saved\soulja boy easy.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 71B46AF29C39DC0D4C8AC8E7DAF6D6A7 C C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\gladys night memories.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 936C1EAB00823F40B4A86771E1A65451 C C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\itsso hard cooley high original studio version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) CD37F1580BE3A9BE561A2D3712D19464 C C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\kuzeduhu\kuzeduhu.dll.vir a variant of Win32/Kryptik.CZK trojan (cleaned by deleting - quarantined) 9131E1E48C303DD1AB6EEA291EDB4D5C C C:\Qoobox\Quarantine\C\Program Files\Gamevance\gvun.exe.vir a variant of Win32/Adware.Gamevance.AE application (cleaned by deleting - quarantined) C832B45C6B77D7C758DE7190E55D393C C C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 1375586480385CFDD91A0F27B2E28F3E C C:\Qoobox\Quarantine\C\Program Files\adc32.dll.vir Win32/Adware.PCProtector.A application (cleaned by deleting - quarantined) 8526C578E106193A541436563288D1CD C C:\Qoobox\Quarantine\C\Program Files\alggui.exe.vir a variant of Win32/Adware.PCProtector.B application (cleaned by deleting - quarantined) CE6DA2892749BAC3F32732476223CF40 C C:\Qoobox\Quarantine\C\Program Files\svchost.exe.vir a variant of Win32/Adware.PCProtector.B application (cleaned by deleting - quarantined) 02B5EBCFBD21452AE227D7847794FB37 C C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTenbobqakdm.sys.vir a variant of Win32/Olmarik.SR trojan (cleaned by deleting - quarantined) 71079D7FFEEF52760C48BA6D612B232A C C:\Qoobox\Quarantine\C\WINDOWS\system32\bataduka.dll.vir a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) 9BF8D5AE5EA911FC1DBB4C83D24FB3E5 C C:\Qoobox\Quarantine\C\WINDOWS\system32\bolapuno.dll.vir a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) 5E2BAEC8F98D1FD3B73AB8ED43001FA3 C C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 4CD346697529EFC743A608B2F5D0CC94 C C:\Qoobox\Quarantine\C\WINDOWS\system32\fugafizu.dll.vir a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) CB592A236ADEBD0167C20AF21972D400 C C:\Qoobox\Quarantine\C\WINDOWS\system32\gapfovbxloz.dll.vir a variant of Win32/Adware.GooochiBiz.AD application (cleaned by deleting - quarantined) 2C38B22678D92F3135ABEE0F664235A9 C C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTixfumqlvho.dll.vir a variant of Win32/Kryptik.BFC trojan (cleaned by deleting - quarantined) 9B51D2C8C22B301B6EEF40B8785BE1EB C C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTnaokymupqk.dll.vir a variant of Win32/Kryptik.BFC trojan (cleaned by deleting - quarantined) C8A672464E5114ECDE4B39752364324D C C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTtbwylyxevy.dll.vir a variant of Win32/Kryptik.BFC trojan (cleaned by deleting - quarantined) CC7A49540192A4D8A1D6056622020D4A C C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTuckkwpbrnt.dll.vir a variant of Win32/Kryptik.BFC trojan (cleaned by deleting - quarantined) 1CAA16D9966C5B8602D7881E4CC265CB C C:\Qoobox\Quarantine\C\WINDOWS\system32\kewowupa.dll.vir a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) 3B85E81D362C0DC50E27634192DAEBE5 C C:\Qoobox\Quarantine\C\WINDOWS\system32\lajijasu.dll.vir a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) 4D68A33827F6785BBF505AB45531B80E C C:\Qoobox\Quarantine\C\WINDOWS\system32\nilimuvo.dll.vir a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) FA2E7F5318BC0DE58E7543CD6EB68CAA C C:\Qoobox\Quarantine\C\WINDOWS\system32\wepekigi.dll.vir a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) 78D93C38FE42F14215B967F06E049E89 C C:\Qoobox\Quarantine\C\WINDOWS\system32\zowirewa.dll.vir a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) AC2132F896D7C83AB6FDF75663779435 C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP1\A0000091.sys Win32/Olmarik.UI trojan (cleaned - quarantined) 51CB0835761BE316E2558359156559CF C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP1\A0000099.dll a variant of Win32/Kryptik.CZK trojan (cleaned by deleting - quarantined) 9131E1E48C303DD1AB6EEA291EDB4D5C C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP1\A0000103.exe a variant of Win32/Adware.Gamevance.AE application (cleaned by deleting - quarantined) C832B45C6B77D7C758DE7190E55D393C C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP2\A0001359.dll a variant of Win32/Kryptik.CEO trojan (cleaned by deleting - quarantined) 96394336E735062B3CF20BAFDD1EC3A3 C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP2\A0001360.exe Win32/TrojanDownloader.FakeAlert.AED trojan (cleaned by deleting - quarantined) 12D5E614B4311A59D558BF075428C5C3 C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP2\A0001361.dll a variant of Win32/Kryptik.CEO trojan (cleaned by deleting - quarantined) 99AB1ED1BF75DA7EC9D9CE799F87094C C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP2\A0001362.dll a variant of Win32/Kryptik.BUA trojan (cleaned by deleting - quarantined) E6DE20773D6486EE83E3BAB87DD76C6F C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP2\A0001363.exe a variant of Win32/Adware.PCProtector.B application (cleaned by deleting - quarantined) 6ECF8C6B0B5C26B4107B4393FA33E4E3 C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP2\A0001364.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 25663D3896C689487660D5AB811408F6 C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP2\A0001365.dll a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) 796A54BD2A843B36450E5872CA561D97 C C:\System Volume Information\_restore{2B6B23BF-2145-4A8C-9E7C-A73845E8E258}\RP2\A0001366.dll a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) 138658FE8509F94BEBC98556828862F1 C C:\WINDOWS\system32\jevstuvlpibilbv.dll a variant of Win32/Adware.Virtumonde.NGX application (cleaned by deleting - quarantined) 8B9DAB120479DCDDA9E6EE5D4D44DFD8 C
- March 17, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

Malwarebytes' Anti-Malware 1.44 Database version: 3874 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 3/16/2010 9:20:21 PM mbam-log-2010-03-16 (21-20-21).txt Scan type: Quick Scan Objects scanned: 184550 Time elapsed: 7 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 33 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 12 Files Infected: 18 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{54b8fe6a-2478-5a04-a615-4ea5dc7122b7} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\ExcellentAdDisplay.dll (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\APMFC1 (Rogue.AntiTrojanPro) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\Owner\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Program Files\PC Protection Center 2008 (Rogue.PCProtectionCenter) -> Quarantined and deleted successfully. C:\Program Files\PC Protection Center 2008\lang (Rogue.PCProtectionCenter) -> Quarantined and deleted successfully. C:\Program Files\Registry Mighty (Rogue.RegistryMighty) -> Quarantined and deleted successfully. C:\Program Files\Registry Mighty\RepairBackup (Rogue.RegistryMighty) -> Quarantined and deleted successfully. C:\Documents and Settings\JUST DONT KNOW\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\WINDOWS\Ad-Ware Pro (Rogue.AdWarePro) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\VideoEgg\Loader\2364\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\imoliv.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\vbaaaah.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\HULK\Local Settings\Temp\H8SRT5120.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\HULK\Local Settings\Temp\H8SRT513f.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\RegTool\Logs\2009-04-21 07-45-090.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\2364\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\2364\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Program Files\PC Protection Center 2008\lang\english.lng (Rogue.PCProtectionCenter) -> Quarantined and deleted successfully. C:\Program Files\PC Protection Center 2008\lang\russian.lng (Rogue.PCProtectionCenter) -> Quarantined and deleted successfully. C:\Program Files\Registry Mighty\RepairBackup\_20081130_165618.reg (Rogue.RegistryMighty) -> Quarantined and deleted successfully. C:\Documents and Settings\JUST DONT KNOW\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\WINDOWS\Ad-Ware Pro\uninstall.exe (Rogue.AdWarePro) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kcopt.dll (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\Ad-Ware Pro Setup Log.txt (Rogue.AdWarePro) -> Quarantined and deleted successfully. C:\WINDOWS\Ad-Ware Pro Uninstall Log.txt (Rogue.AdWarePro) -> Quarantined and deleted successfully.
- March 17, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

This is the report, I didn't know whether to put like this like you said as a copy and paste or as an attachment like before....I hope this is alright ComboFix 10-03-15.04 - Owner 03/15/2010 22:47:59.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1522 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\puddin.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt FW: AOL Firewall *enabled* {6515F560-BD88-41EB-AD77-F1F3F6F80BEA} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\system32\dllcache\atapi.sys --> c:\windows\system32\drivers\atapi.sys c:\windows\system32\dllcache\atapi.sys --> c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys . ((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 ))))))))))))))))))))))))))))))) . 2010-03-15 23:15 . 2010-03-15 23:43 -------- d-----w- C:\puddin4335p 2010-03-14 22:23 . 2010-03-14 23:23 -------- d-----w- C:\puddin 2010-03-06 22:31 . 2010-03-06 22:31 -------- d-----w- c:\documents and settings\Kenue\Local Settings\Application Data\Threat Expert 2010-02-28 00:18 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-28 00:18 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-27 22:50 . 2010-02-28 00:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-27 22:50 . 2010-02-27 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-16 03:28 . 2008-10-31 00:40 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire 2010-03-14 23:09 . 2006-08-05 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-14 22:11 . 2009-06-14 02:11 -------- d-----w- c:\program files\McAfee 2010-03-14 22:11 . 2009-06-14 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-03-14 22:11 . 2008-02-24 01:32 -------- d-----w- c:\program files\Spyware Doctor 2010-03-14 22:11 . 2008-02-20 04:01 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-14 21:55 . 2007-02-10 04:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-12 02:05 . 2009-06-14 03:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2010-03-06 23:45 . 2008-03-20 19:23 -------- d-----w- c:\documents and settings\Kenue\Application Data\LimeWire 2010-02-28 08:08 . 2010-02-09 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\vawirofa 2010-02-28 08:08 . 2010-01-23 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\natulevo 2010-02-27 20:05 . 2009-12-14 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\mafuyiha 2010-02-09 17:23 . 2010-02-09 17:23 -------- d-----w- c:\documents and settings\HULK2010\Application Data\Corel 2010-02-09 17:20 . 2010-02-09 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\pasaruwe 2010-02-09 17:20 . 2010-02-09 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\jijejamu 2010-02-07 02:21 . 2008-02-20 03:15 -------- d-----w- c:\program files\SpywareBlaster 2010-02-02 13:02 . 2009-12-03 00:50 -------- d-----w- c:\documents and settings\HULK2010\Application Data\LimeWire 2010-01-23 21:39 . 2010-01-23 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\labesina 2010-01-22 20:40 . 2009-12-17 07:19 -------- d-----w- c:\documents and settings\HULK2010\Application Data\U3 2010-01-21 04:55 . 2010-01-21 04:55 -------- d-----w- c:\documents and settings\Guest\Application Data\McAfee 2010-01-21 02:59 . 2007-04-01 19:55 -------- d-----w- c:\documents and settings\Guest\Application Data\Corel 2010-01-05 10:00 . 2004-12-07 21:37 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-24 20:03 . 2009-12-24 20:03 61224 ----a-w- c:\documents and settings\Owner\GoToAssistDownloadHelper.exe 2009-12-16 18:43 . 2005-03-30 02:17 343040 ----a-w- c:\windows\system32\mspaint.exe 2005-12-27 19:45 . 2005-12-27 19:45 774144 -c--a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2008-04-01 122933] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-04-01 221184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 155648] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-01 98304] "Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-29 290816] "HostManager"="c:\program files\Common Files\AOL\1112159610\ee\AOLSoftware.exe" [2007-04-12 42032] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440] c:\documents and settings\HULK2010\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\Real\RealPlayer\LimeWire\LimeWire.exe [2009-9-30 503808] c:\documents and settings\Kenue\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\Real\RealPlayer\LimeWire\LimeWire.exe [2009-9-30 503808] c:\documents and settings\Owner\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\Real\RealPlayer\LimeWire\LimeWire.exe [2009-9-30 503808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2008-12-2 36954] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "RestrictRun"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\limewire\\LimeWire.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Real\\RealPlayer\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"= "c:\\Program Files\\Common Files\\Motive\\McciCMService.exe"= S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys --> c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-03-05 c:\windows\Tasks\Disk Cleanup.job - c:\windows\system32\cleanmgr.exe [2003-07-16 00:12] 2010-03-16 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-04-01 22:32] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s Trusted Zone: internet Trusted Zone: mcafee.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-15 22:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-682003330-789336058-839522115-1003\Software\Corel\WordPerfect\11\Power Bar\Power Bar Last Selected - \ * |*] "0Arial"=hex(80000006):30 [HKEY_USERS\S-1-5-21-682003330-789336058-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3880) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\wpdshext.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll . Completion time: 2010-03-15 23:01:06 ComboFix-quarantined-files.txt 2010-03-16 04:01 ComboFix2.txt 2010-03-15 23:43 ComboFix3.txt 2010-03-14 23:23 Pre-Run: 41,448,816,640 bytes free Post-Run: 41,410,297,856 bytes free - - End Of File - - 187A741B77E5A2440DA203B9BBA3108F
- March 16, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

It worked but I could not disable or uninstall Mcagee so i continued anyway at my own risk as it said. after it ran this is the log combo_log.txt did that fix everything and do i need to try to delete mcafee again and reinstall it or another virus software?
- March 14, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

I saved it on the desk top and when I double clicked on it it ask if wanted to run or cancel. I clicked on run and it gave me the hour glass like it was going to run but it did nothing else...I double clicked on it again and it did the same thing....it would not run
- March 14, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

I guess you say where did she come from....here is the saved GMER FILE: ark.txt I hope I did this correctly.....im trying to learn, thanks for your patience
- March 13, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

I guess you say where did she come from....here is the saved GMER FILE: ark.txt I hope I did this correctly.....im trying to learn, thanks for your patience
- March 13, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

Im sorry i did not see where you could run a quick scan so i tried to run the scan again and it ran for a while then froze again. Is there any way I Can save the mbam on a jump drive then try to run it from there, or do you have any other suggestions I could use.....Thanks
- March 12, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

I have tried to run gmer for 2 days and it always freezes before it gets done so I can save it and apply to post. It takes about 8 hours to run,,,is it suppose to take that long? I was watching at the end hoping it would not freeze for the 3rd or 4th time and it was running C:\\mygames\ then I walked away for about 5 minutes came back and the screen was frozen and would not do anything.
- March 8, 2010
- 33 replies
Can not run malware

puddin0229 replied to puddin0229's topic in Resolved Malware Removal Logs

Hi thanks for the help sorry so long to get back to you....I downloaded the OTL and followed your directions...the first time I pasted all that were below because all looked bold and it froze and said:checking service:hkmsvc. So I looked at them again and some looked bolder than others so I pasted the following: %SYSTEMDRIVE%\*.exe IdeChnDr.sys AGP440.sys ViPrt.sys eNetHook.dll KR10N.sys CREATERESTOREPOINT and clicked run, this time it froze and said: Scanning Session Manager AppCertsDlls key... it never completed so please help.
- March 7, 2010
- 33 replies
Can not run malware

puddin0229 posted a topic in Resolved Malware Removal Logs

I have Mcafee on my computer but it will not run then I started getting pop-up telling me that I have threats and am infected. I talked to a friend who knows more about computers that I do and he advised me to go to malware.org and down load and run. I did download but can not run. I also had spybot on computer and could not run it. I can not run my restore program nor can I analyze defrag or scan disc, im surprised it let me get on line at all. I am not computer savvy at all.. I tried to follow some of the resolutions you had with regards to renaming but I had no success not sure if I did it correctly. Please help me
- February 28, 2010
- 33 replies

Events

Profiles

Forums

Everything posted by puddin0229

Important Information