Jump to content

Recommended Posts

Windows XP will no longer boot (in any mode) after running Malwarebytes. It seems to run in a loop. After the windows splash screen, the screen goes black, then starts re-booting all over again, and again...

I believe this began with "Antimalware Doctor".

1) ran secured2k boot disk, ran Eset scanner. This also caused the exact same problem of computer not able to boot. I restored the quarantined files, and was again able to boot.

2) ran spybot search and destroy, and MBAM.

Antimalware doctor still popping up all the time, but in addition I now kept getting other errors, such as "error loading C/windows/ecalotefa.dll" and most prevalently when I try to shut down windows "ending program rundll32.exe", which after "ending now" multiple times, the computer would eventually shut down.

3) restored the quarantine files from Spybot and MBAM.

4) updated MBAM and ran again (full scan), and quarantined the files. Rebooted the computer, and now I'm stuck with it no longer able to boot up.

I can still succesfully run the secured2k boot disk, but I do not know how to procede. I believe I can access the MBAM log using secured2k. If so should I post it here? Would greatly appreciate assistance.

Thanks.

Link to post
Share on other sites

  • Replies 93
  • Created
  • Last Reply

Top Posters In This Topic

Go ahead and post it and we'll see what we can do, MrC

Ok, I was able to copy the file. Thanks in advance for having a look.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/7/2011 6:09:52 PM

mbam-log-2011-01-07 (18-09-52).txt

Scan type: Full scan (C:\|)

Objects scanned: 221694

Time elapsed: 44 minute(s), 20 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 23

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

C:\WINDOWS\taskmgr.exe (Worm.Saphira) -> No action taken.

C:\WINDOWS\win32.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkerb (Worm.Saphira) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkerb (Worm.Saphira) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfpc (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfpc (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvqaixnth (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkese (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvqaixnth (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkese (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkeg (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkeg (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvqaixnuf (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvlxkixnuf (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvqaixnuf (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvlxkixnuf (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvqaixnsf (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvqaixnsf (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvqaixntpf (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvqaixntpf (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkeuf (Heuristics.Reserved.Word.Exploit) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkeuf (Heuristics.Reserved.Word.Exploit) -> No action taken.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\taskmgr.exe (Worm.Saphira) -> No action taken.

C:\WINDOWS\win32.exe (Trojan.Agent) -> No action taken.

C:\Users\user\Local Settings\Temp\iexplarer.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Link to post
Share on other sites

I don't see anything in the log that would cause the computer not to boot.

BTW: The version and database you used for MBAM is way out of date.

Do you have the XP installation cd?

Did you happen to have the registry backed up with ERUNT?

Do you have the recovery console installed?

Try this:

Press F8 after the BIOS splash screen, there should be an option in the list to disable automatic restarting upon error.

See if that makes any difference or gives you an error message.

Note:

Where I live we are expecting a big snow storm and that means I may loose my internet connect, so if you don't hear from me tomorrow ...that's what happened.

MrC

Link to post
Share on other sites

Interesting that it is out of date, as I updated prior to running the scan. I thought it said "update successful". I'm obviously no expert, but it wouldn't surprise me if the malware interfered with the update?

No install CD (bought the PC from someone who built it using "XP Ultimate by Johnny" or some such.

Registry not backed up.

Not sure about recovery console - but it sorta rings a bell that it may be there (I'm not at that computer right now and won't be able to check it further for another day). I seem to remember that I tried going into (possibly) Recovery from a boot menu, and it needed DOS commands, so I typed exit (one of the few DOS commands I know that gets me someplace!).

I will try your suggestion tomorrow evening and report back. Thanks. Good luck with your weather. We just had our "big snow" (3" which pretty much closes my area - near Memphis - down). It's funny to me because I'm originally from MT.

Link to post
Share on other sites

I disabled automatic restarting, and the error message was:

Stop: C000021a [fatal system error]

The Windows Logon Process system process terminated unexpectedly with a status of Ox0000005 (0x00000000 0x00000000). The system has been shut down.

I do have recovery console.

I also have these (which I have no idea if any are useful):

Enable boot logging

Enable VGA mode

Last known good configuration (yes I tried this one, of course it didn't work)

Directory services restore mode

Debugging Mode

Also as previously mentioned I also have the secured2k boot disk, which allows me to access files, and registry editor, and other items - you probably are familliar with it.

I did locate the Eset Scanner log from the earlier cleaning. I restored those quarantined files from that cleaning because the computer would also not reboot then (as now), so perhaps this log could shed light on the problem. Below is the log. Thanks again for helping.

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=2f6deebd1bb17642ab6fe913923929ea

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-12-31 01:17:23

# local_time=2010-12-30 05:17:23 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7260 NT

# compatibility_mode=crash

# scanned=68488

# found=72

# cleaned=72

# scan_time=1716

C:\Users\Administrator\Local Settings\Temp\3806444330.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Administrator\Local Settings\Temp\avp.exe Win32/Agent.ROS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Administrator\Local Settings\Temp\csrss.exe Win32/Agent.ROS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Administrator\Local Settings\Temp\msmgm.exe Win32/Agent.ROS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Administrator\Local Settings\Temp\setup.exe Win32/Agent.ROS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Administrator\Local Settings\Temp\user.exe Win32/Agent.ROS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Application Data\ED6F7DF3E29F8CA6621C0A3F1B3B16AE\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Application Data\ED6F7DF3E29F8CA6621C0A3F1B3B16AE\hiber70700conf.exe a variant of Win32/Kryptik.JFS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Application Data\ED6F7DF3E29F8CA6621C0A3F1B3B16AE\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\3033653428.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\3112091932.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\3220999576.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\440005376.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\avp32.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\csrss.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\debug.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\dkikqtl.exe a variant of Win32/Kryptik.JFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\gdv8ej.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\h384b72ysbkh.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\he4j9lwub.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\hsumkrd.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\iexplarer.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\kmbu526bt.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\laeib4dp6.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\lhj54.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\lkwenoju.exe a variant of Win32/Kryptik.JGS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\lsass.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\mdm.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\mpqte.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\nvsvc32.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\ofd54nwke0pmtpy.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\qp259qbwg5.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\ronawsecxm.tmp a variant of Win32/Kryptik.JGS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\svchost.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\user.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\vgv829ja.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\w275tchi.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\winamp.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\xdsfi.exe a variant of Win32/Kryptik.JGS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\yaugktd.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temp\bcynwknqu\aswaitxlajb.exe a variant of Win32/Kryptik.JFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\avp32.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\cmd.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\debd32.dll a variant of Win32/Kryptik.JGS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\debug.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\ecalotefa.dll a variant of Win32/Cimag.FN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\explorer.exe Win32/Patched.GO trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\gdi32.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\iexplarer.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\login.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\oxarevegubelix.dll a variant of Win32/Cimag.FN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\setup.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\smss.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\spoolsv.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\svchost.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\taskmgr.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\user.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\win32.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\winamp.exe a variant of Win32/Kryptik.IKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\b3ygjw51.dll a variant of Win32/Kryptik.IZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\bgkr1v.dll a variant of Win32/Kryptik.IZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\eshs0t7.dll a variant of Win32/Kryptik.IZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\gg887.dll a variant of Win32/Kryptik.IZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\iw0axwirz.dll a variant of Win32/Kryptik.IZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\ms.dll Win32/Bamital.DV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\p53352hhd.dll a variant of Win32/Kryptik.IZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\sw7vrh.dll a variant of Win32/Kryptik.IZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\winlogon.exe Win32/Patched.GN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\zeck4gpcv.dll a variant of Win32/Kryptik.IZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\dllcache\winlogon.exe Win32/Patched.GN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\svkphuifp.sys a variant of Win32/Bubnix.BH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=669999935ab11948bdb5063c0c1486c1

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-01-01 12:18:21

# local_time=2010-12-31 04:18:21 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7260 NT

# compatibility_mode=crash

# scanned=68448

# found=1

# cleaned=1

# scan_time=1702

C:\Users\user\Application Data\ED6F7DF3E29F8CA6621C0A3F1B3B16AE\upd_debug.exe a variant of Win32/Kryptik.JIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=70e1fa99be76704a86b85594c879fbfa

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-01-02 11:49:40

# local_time=2011-01-02 03:49:40 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7260 NT

# compatibility_mode=crash

# scanned=68451

# found=0

# cleaned=0

# scan_time=1702

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=70e1fa99be76704a86b85594c879fbfa

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-01-03 01:37:10

# local_time=2011-01-02 05:37:10 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7260 NT

# compatibility_mode=crash

# scanned=68450

# found=0

# cleaned=0

# scan_time=1652

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=0dab65f52f212245a277894df16ee586

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-01-07 01:54:01

# local_time=2011-01-06 05:54:01 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7260 NT

# compatibility_mode=crash

# scanned=68452

# found=9

# cleaned=9

# scan_time=1706

C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\C5SQR4R2\fwlink[1] Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\C5SQR4R2\fwlink[2] Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\C5SQR4R2\fwlink[3] Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\C5SQR4R2\fwlink[4] Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\C5SQR4R2\get2[1].php Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\C5SQR4R2\get2[2].php Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\C5SQR4R2\index[1].php Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\ificedofibu.dll Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\Temp\yxmd\setup.exe a variant of Win32/TrojanDownloader.FraudLoad.NAE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

What a mess :P

See if these files are present:

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\Csrss.exe

C:\WINDOWS\explorer.exe

and this registry entry:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\System32\\userinit.exe,"

Let me know, MrC

Link to post
Share on other sites

  • 2 weeks later...

Sorry about getting back so late.

The first 3 items (winlogon.exe, csrss.exe, and explorer.exe) are all present as you described.

The [HKEY_LOCAL_MACHINE\ entry I believe is also present, just not exactly as your entry shows. When I navigate on the left window pane to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, the right pane, having 3 colums, is 1st colum (labeled 'Name'), userinit. 2nd column (labeled 'Type'), REG_SZ. 3rd column (labled 'Data'), userinit.exe,

Link to post
Share on other sites

mtSungirl, your situation is different...please be patient...someone will get to you.

--------------------------

binovc

That 3rd column should be: C:\WINDOWS\system32\userinit.exe,

Not what you say

3rd column (labled 'Data'), userinit.exe

I hope that's the problem.

Why don't you do this....

Make the reg file below, copy it to your usb flash drive, boot the computer up with the disk you're using, plug in your flash drive, drag the reg file onto your desktop and then double click on it and allow it to merge into the registry.

Here's how to make the reg file:

Copy all the text in the code box into notepad.

Save it as fix.reg

Save as file type > All files

Save it to your desktop

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

If you did it right it will look like this except with a different name:

ScreenShot-crop.jpg

Let me know....MrC

Link to post
Share on other sites

I'm embarassed to say that I mis-typed the Data column I provided you. I jotted it down on a note paper, ran out of space at the end of the line, and wrote "userinit.exe," on the second line, and that's the only part I forwarded. :)

The Data column contains exactly what you wrote:

C:\WINDOWS\system32\userinit.exe,

Sorry for the false hope, but I guess that file appears also to be in order.

Link to post
Share on other sites

OK, there's limit on what I can do from here:

1. We can scan the system with an OTLPE disk and see what it shows.

2. From the Recovery Console we could run these:

fixboot , Fixmbr and bootcfg /rebuild

3. You can also find someone who has an XP disk the same version as yours and do a repair install, you just have to find out your Windows key first.

-------------------

The disk I would want you to make is OTLPE:

First:

Please download HJT from here and copy it to your flash drive.

Then:

Download OTLPE from here or here

Now put a blank cd-r in your burner and double click on OTLPEStd.exe, it will automatically burn the cd. (burn it at a slow speed to avoid errors)

Once you have the cd, boot the computer up using it.

Note : If you do not know how to set your computer to boot from CD follow the steps here

It's going to go something like this when OTLPE loads:

  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.

--------------------

After you do that, drag HJT.exe to the desktop and double click to it to run it.

You want to click scan and then when done, click save log

It will be on the desktop, copy it to your flash drive and post it back here along with the OTL.txt

Let me know, MrC

Link to post
Share on other sites

Log from OTLPE (note date/time incorrect, more like 1/24/2011 6:ish PM):

OTL logfile created on: 1/23/2011 6:34:30 AM - Run

OTLPE by OldTimer - Version 3.1.44.1 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 48.76 Gb Free Space | 65.43% Space Free | Partition Type: NTFS

Drive D: | 1006.77 Mb Total Space | 455.87 Mb Free Space | 45.28% Space Free | Partition Type: FAT32

Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)

SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)

SRV - [2010/07/12 22:36:41 | 001,352,832 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/06/10 13:29:40 | 001,442,088 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2008/06/10 13:29:40 | 000,053,032 | ---- | M] (Nero AG) [Disabled] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)

SRV - [2007/02/22 21:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)

SRV - [2007/02/22 21:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2006/12/19 12:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2011/01/23 07:25:16 | 000,759,808 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\svkphuifp.sys -- (svkphuifp)

DRV - [2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/06/10 22:37:21 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)

DRV - [2009/02/04 02:27:20 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008/10/31 13:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2008/06/10 13:29:30 | 000,040,488 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2008/06/10 13:29:30 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2008/06/10 13:29:30 | 000,018,088 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\system32\drivers\InCDrec.sys -- (InCDRec)

DRV - [2008/06/10 13:29:20 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2008/04/29 17:21:38 | 000,401,280 | ---- | M] (YUAN High-Tech Development Co. Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OmniTV.sys -- (OmniTV)

DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2007/06/25 21:29:52 | 000,500,736 | ---- | M] (Atheros Technology Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(Atheros)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros)

DRV - [2007/04/26 10:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007/04/26 10:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2007/04/26 10:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007/02/22 21:50:00 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2006/11/30 09:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2006/11/30 09:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2006/11/30 09:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2006/11/30 09:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2006/11/30 09:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)

DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)

DRV - [2004/06/06 22:43:52 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.winxpu.info/forums/ [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.winxpu.info/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.winxpu.info/forums/ [binary data]

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.winxpu.info/

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.winxpu.info/forums/ [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.winxpu.info/

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP

IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/

IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.winxpu.info | http://www.winxpu.info/forums"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{84DB84AC-518E-4395-B13F-6ABA2709557C}: C:\Users\user\Local Settings\Application Data\{84DB84AC-518E-4395-B13F-6ABA2709557C} [2010/12/28 18:38:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Firefox\components [2009/11/02 18:18:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010/02/19 15:30:12 | 000,000,000 | ---D | M]

[2009/11/02 18:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\Application Data\Mozilla\Extensions

[2009/11/02 18:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\h4fpqx55.default\extensions

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (C:\WINDOWS\system32\sw7vrh.dll) - {B2B220C1-A503-59BD-F413-01B53A2C8953} - File not found

O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()

O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Cralomewomewom] File not found

O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LvLXKIXnte] File not found

O4 - HKLM..\Run: [LvLXKIXnvc] File not found

O4 - HKLM..\Run: [LvLXKIXnwe] File not found

O4 - HKLM..\Run: [LvqaIXnb] File not found

O4 - HKLM..\Run: [LvqaIXneP] File not found

O4 - HKLM..\Run: [LvqaIXnoc] File not found

O4 - HKLM..\Run: [LvqaIXnrc] File not found

O4 - HKLM..\Run: [LvqaIXnsf] File not found

O4 - HKLM..\Run: [LvqaIXnth] File not found

O4 - HKLM..\Run: [LvqaIXntpf] File not found

O4 - HKLM..\Run: [LvqaIXnuf] File not found

O4 - HKLM..\Run: [LvqaIXnvc] File not found

O4 - HKLM..\Run: [LvqaIXnwe] File not found

O4 - HKLM..\Run: [LvqaIXnz9] File not found

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [ultimateServices] C:\WINDOWS\System32\ultsvcs.exe ()

O4 - HKLM..\Run: [uPc+MV0NkRaXms] File not found

O4 - HKLM..\Run: [uPc+MV0NNAXJsiv] File not found

O4 - HKLM..\Run: [uPc+MV0NnTaGuo] File not found

O4 - HKLM..\Run: [uPc+MV0NYAJsiv] File not found

O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\Run: [LvLXKIXnd] File not found

O4 - HKU\Administrator_ON_C..\Run: [LvLXKIXnte] File not found

O4 - HKU\Administrator_ON_C..\Run: [LvLXKIXnuf] File not found

O4 - HKU\Administrator_ON_C..\Run: [LvLXKIXnvc] File not found

O4 - HKU\Administrator_ON_C..\Run: [LvLXKIXnwe] File not found

O4 - HKU\Administrator_ON_C..\Run: [MKexe] File not found

O4 - HKU\LocalService_ON_C..\Run: [upd_debug.exe] File not found

O4 - HKU\user_ON_C..\Run: [LvLXKIXnte] File not found

O4 - HKU\user_ON_C..\Run: [LvLXKIXnvc] File not found

O4 - HKU\user_ON_C..\Run: [LvLXKIXnwe] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXnb] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXneP] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXnoc] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXnrc] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXnsf] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXnth] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXntpf] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXnuf] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXnvc] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXnwe] File not found

O4 - HKU\user_ON_C..\Run: [LvqaIXnz9] File not found

O4 - HKU\user_ON_C..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)

O4 - HKU\user_ON_C..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\user_ON_C..\Run: [uPc+MV0NkRaXms] File not found

O4 - HKU\user_ON_C..\Run: [uPc+MV0NNAXJsiv] File not found

O4 - HKU\user_ON_C..\Run: [uPc+MV0NnTaGuo] File not found

O4 - HKU\user_ON_C..\Run: [uPc+MV0NYAJsiv] File not found

O4 - HKLM..\RunOnce: [*upd_debug.exe] File not found

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] File not found

O4 - HKU\Administrator_ON_C..\RunOnce: [_nltide_2] File not found

O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)

O4 - HKU\NetworkService_ON_C..\RunOnce: [*upd_debug.exe] File not found

O4 - HKU\NetworkService_ON_C..\RunOnce: [_nltide_2] File not found

O4 - Startup: C:\Users\All Users\Start Menu\Programs\Startup\hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe (Motive Communications, Inc.)

O4 - Startup: C:\Users\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Users\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (%SystemRoot%\System32\ultlogonui.exe) - C:\WINDOWS\system32\ultlogonui.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O22 - SharedTaskScheduler: {B2B220C1-A503-59BD-F413-01B53A2C8953} - iwuiahf87sfy8ushfijsjgfgf - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/06 21:01:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/12/30 18:12:13 | 000,000,000 | ---D | C] -- C:\10E92CC5

[2010/12/30 17:39:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache

[2010/12/30 17:38:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Macromedia

[2010/12/30 17:38:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Adobe

[2010/12/30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrivacIE

[2010/12/30 17:34:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2010/12/30 00:05:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2010/12/29 23:50:30 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\IETldCache

[2010/12/29 23:50:02 | 000,000,000 | --SD | C] -- C:\Users\Administrator\Local Settings\Application Data\Microsoft

[2010/12/29 23:50:02 | 000,000,000 | --SD | C] -- C:\Users\Administrator\Application Data\Microsoft

[2010/12/29 23:50:02 | 000,000,000 | RH-D | C] -- C:\Users\Administrator\Contacts

[2010/12/29 23:50:02 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites

[2010/12/29 23:50:02 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads

[2010/12/29 23:50:02 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents

[2010/12/29 23:50:02 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop

[2010/12/29 23:50:02 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies

[2010/12/29 23:50:02 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data

[2010/12/29 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\OtakuSoftware

[2010/12/29 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Nero

[2010/12/29 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\Mozilla

[2010/12/29 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Mozilla

[2010/12/29 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\LClock

[2010/12/29 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\Adobe

[2010/12/29 23:50:01 | 000,000,000 | RH-D | C] -- C:\Users\Administrator\Start Menu

[2010/12/29 23:50:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos

[2010/12/29 23:50:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Start Menu\Programs\Startup

[2010/12/29 23:50:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\SendTo

[2010/12/29 23:50:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures

[2010/12/29 23:50:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music

[2010/12/29 23:50:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Start Menu\Programs\Accessories

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Tracing

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Templates

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Recent

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\PrintHood

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\NetHood

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\NeroVision

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Nero

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\My Stationery

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\My Received Files

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Microsoft Games

[2010/12/29 23:50:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Local Settings

[2010/12/29 23:50:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\TrueTransparency

[2010/12/29 23:50:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\RKLauncher

[2010/12/28 18:50:18 | 000,000,000 | ---D | C] -- C:\Users\LocalService\Application Data\whitesmoketoolbar

[2010/12/28 18:50:18 | 000,000,000 | ---D | C] -- C:\Users\LocalService\Application Data\Mozilla

[2010/12/28 18:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar

[2010/12/28 18:49:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%

[2010/12/28 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\NetworkService\Local Settings\Application Data\Adobe

[2010/12/28 18:44:58 | 000,000,000 | ---D | C] -- C:\Users\NetworkService\Application Data\Macromedia

[2010/12/28 18:44:56 | 000,000,000 | ---D | C] -- C:\Users\NetworkService\Application Data\Adobe

[2010/12/28 18:38:19 | 000,000,000 | ---D | C] -- C:\Users\user\Local Settings\Application Data\{84DB84AC-518E-4395-B13F-6ABA2709557C}

[2010/12/28 02:31:51 | 000,000,000 | ---D | C] -- C:\Users\LocalService\Application Data\Macromedia

[2010/12/28 02:31:49 | 000,000,000 | ---D | C] -- C:\Users\LocalService\Application Data\Adobe

[2010/12/28 01:59:13 | 000,759,808 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\svkphuifp.sys

[2010/12/28 01:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar

[2010/12/28 01:58:46 | 000,000,000 | ---D | C] -- C:\Users\user\Application Data\ED6F7DF3E29F8CA6621C0A3F1B3B16AE

[1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/23 07:25:16 | 000,759,808 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\svkphuifp.sys

[2011/01/23 07:25:15 | 000,121,808 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2011/01/23 07:25:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/23 07:25:12 | 3084,697,600 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/08 17:25:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A8336EE-08BC-4C82-B312-F27CDDED60F7}.job

[2011/01/08 16:01:02 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/01/08 13:39:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/01/08 13:32:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ugoxuteboyobub.bin

[2011/01/07 20:01:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/01/07 20:00:44 | 000,007,680 | ---- | M] () -- C:\Users\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/06 22:28:51 | 000,000,363 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2011/01/06 19:33:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/30 17:38:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/30 17:24:01 | 000,003,002 | ---- | M] () -- C:\WINDOWS\ificedofibu.dll

[2010/12/28 18:49:25 | 000,001,072 | ---- | M] () -- C:\Users\LocalService\Desktop\Improve Your PC.lnk

[2010/12/28 18:38:30 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cjowujesazukuy.dat

[1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/08 17:35:58 | 3084,697,600 | -HS- | C] () -- C:\hiberfil.sys

[2011/01/07 19:13:45 | 000,004,345 | ---- | C] () -- C:\Users\user\mbam-log-2011-01-07 (18-09-52).txt

[2011/01/06 22:28:43 | 000,000,363 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/12/30 17:24:01 | 000,003,002 | ---- | C] () -- C:\WINDOWS\ificedofibu.dll

[2010/12/29 23:50:13 | 000,001,660 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk

[2010/12/29 23:50:13 | 000,001,493 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk

[2010/12/29 23:50:02 | 000,001,599 | ---- | C] () -- C:\Users\Administrator\Start Menu\Programs\Remote Assistance.lnk

[2010/12/29 23:50:02 | 000,000,788 | ---- | C] () -- C:\Users\Administrator\Start Menu\Programs\Windows Media Player.lnk

[2010/12/28 18:49:25 | 000,001,072 | ---- | C] () -- C:\Users\LocalService\Desktop\Improve Your PC.lnk

[2010/12/28 18:38:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Cjowujesazukuy.dat

[2010/12/28 18:38:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ugoxuteboyobub.bin

[2010/11/14 21:05:42 | 000,021,504 | ---- | C] () -- C:\Users\user\Tone Essay.doc

[2010/08/21 06:13:56 | 000,000,087 | ---- | C] () -- C:\Users\user\gnc.txt

[2010/08/13 10:58:26 | 000,017,785 | ---- | C] () -- C:\Users\user\forYoudisk.txt

[2010/08/13 10:47:47 | 000,026,402 | ---- | C] () -- C:\Users\user\bluedisk.txt

[2010/07/10 14:22:48 | 000,000,373 | ---- | C] () -- C:\Users\user\excluded.txt

[2010/06/26 12:46:38 | 000,001,624 | ---- | C] () -- C:\Users\user\email.txt

[2010/06/24 19:56:54 | 000,000,993 | ---- | C] () -- C:\Users\user\Remember.txt

[2010/06/11 16:37:58 | 000,000,233 | ---- | C] () -- C:\Users\user\rear seal prices.txt

[2010/06/02 14:54:53 | 000,000,077 | ---- | C] () -- C:\Users\user\bankrupsy.txt

[2010/06/01 09:35:44 | 000,001,056 | ---- | C] () -- C:\Users\user\guaranteed.txt

[2010/04/30 11:35:39 | 000,000,750 | ---- | C] () -- C:\Users\user\brook dream.txt

[2010/04/23 16:08:58 | 000,000,175 | ---- | C] () -- C:\Users\user\samsung smooth.txt

[2010/03/31 08:33:53 | 000,000,116 | ---- | C] () -- C:\Users\user\SKIN DOC.txt

[2010/02/15 18:04:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/02/14 15:14:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2010/02/14 14:28:35 | 000,002,784 | ---- | C] () -- C:\WINDOWS\DevMgr.ini

[2010/02/14 14:27:13 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI

[2010/02/12 19:25:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2010/02/12 19:25:44 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2010/02/07 16:18:37 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig

[2009/11/21 13:47:45 | 000,087,652 | ---- | C] () -- C:\Users\user\test.pmcl

[2009/11/21 13:23:02 | 000,007,680 | ---- | C] () -- C:\Users\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/02 22:26:08 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL

[2009/11/02 22:26:08 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL

[2009/11/02 22:26:08 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL

[2009/11/02 22:26:08 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL

[2009/11/02 22:26:08 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL

[2009/11/02 22:18:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/11/02 21:56:51 | 000,025,809 | ---- | C] () -- C:\Users\user\channel.pmcl

[2009/11/02 21:27:10 | 000,000,073 | ---- | C] () -- C:\Users\user\CPUInfo.txt

[2009/11/02 20:01:04 | 000,000,110 | ---- | C] () -- C:\Users\user\Local Settings\Application Data\fusioncache.dat

[2009/11/02 18:51:18 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2009/11/02 18:16:24 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2009/11/02 18:16:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2009/11/02 18:10:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/02 11:39:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/23 18:38:02 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll

[2009/01/18 11:22:56 | 000,001,008 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2008/06/22 03:42:48 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\vtthooks.dll

[2008/03/23 01:01:34 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\vshellext.dll

[2008/03/23 01:00:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\vclasses.dll

[2008/01/16 10:17:42 | 000,039,945 | ---- | C] () -- C:\WINDOWS\System32\winapp.ini

[2006/12/06 19:00:50 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2006/12/06 18:57:19 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2003/01/07 20:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/11/20 19:51:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

========== LOP Check ==========

[2009/11/02 18:25:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\OtakuSoftware

[2009/11/02 18:25:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\OtakuSoftware

[2010/12/28 18:50:23 | 000,000,000 | ---D | M] -- C:\Users\LocalService\Application Data\whitesmoketoolbar

[2011/01/08 17:21:42 | 000,000,000 | ---D | M] -- C:\Users\user\Application Data\ED6F7DF3E29F8CA6621C0A3F1B3B16AE

[2010/12/28 02:34:17 | 000,000,000 | ---D | M] -- C:\Users\user\Application Data\FrostWire

[2009/11/02 18:25:05 | 000,000,000 | ---D | M] -- C:\Users\user\Application Data\OtakuSoftware

[2011/01/08 13:39:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2011/01/08 16:01:02 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2011/01/08 17:25:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6A8336EE-08BC-4C82-B312-F27CDDED60F7}.job

========== Purity Check ==========

< End of report >

Log from HJT:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:43:21 AM, on 1/23/2011

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

X:\i386\system32\csrss.exe

X:\i386\system32\services.exe

X:\i386\system32\lsass.exe

X:\i386\system32\svchost.exe

X:\i386\System32\ReatogoLogon.exe

X:\i386\system32\svchost.exe

X:\i386\system32\svchost.exe

X:\i386\system32\svchost.exe

X:\Programs\wbload\wbload.exe

X:\i386\System32\svchost.exe

X:\i386\explorer.exe

B:\Documents and Settings\Default User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O10 - Broken Internet access because of LSP provider 'x:\i386\system32\rsvpsp.dll' missing

O13 - DefaultPrefix:

O13 - WWW Prefix:

O13 - Home Prefix:

O13 - Mosaic Prefix:

O13 - FTP Prefix:

O21 - SSODL: XpeShutdown - {DEADBEEF-BABE-BABE-BABE-DEADBEEFDEAD} - XpeShutdown.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - X:\i386\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - X:\i386\System32\browseui.dll

O23 - Service: DCOM Services (DcomLaunch) - Unknown owner - svchost.exe (file missing)

O23 - Service: Virtual Disk Service (vds) - Unknown owner - X:\i386\System32\vds.exe (file missing)

--

End of file - 1624 bytes

Link to post
Share on other sites

Sometimes it asks an sometimes it doesn't.

----------------

Basically what you have to do here is copy and paste what's in the code box into OTLs "Custom Scans/Fixes"

So you can copy it to notepad and then to your flash drive and then into OTLs "Custom Scans/Fixes"

and then click the Run Fix button at the top.

Copy the log back here, it should be on your desktop.

-----------------

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

DRV - [2011/01/23 07:25:16 | 000,759,808 | ---- | M] (Windows

Link to post
Share on other sites

Here's the log:

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svkphuifp deleted successfully.

C:\WINDOWS\system32\drivers\svkphuifp.sys moved successfully.

HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2B220C1-A503-59BD-F413-01B53A2C8953}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2B220C1-A503-59BD-F413-01B53A2C8953}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.

C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll moved successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cralomewomewom deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnte deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnvc deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnwe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnb deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXneP deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnoc deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnrc deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnsf deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnth deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXntpf deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnuf deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnvc deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnwe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnz9 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UltimateServices deleted successfully.

C:\WINDOWS\system32\ultsvcs.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NkRaXms deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NNAXJsiv deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NnTaGuo deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NYAJsiv deleted successfully.

Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnd deleted successfully.

Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnte deleted successfully.

Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnuf deleted successfully.

Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnvc deleted successfully.

Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnwe deleted successfully.

Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\MKexe deleted successfully.

Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\upd_debug.exe deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnte deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnvc deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXKIXnwe deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnb deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXneP deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnoc deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnrc deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnsf deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnth deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXntpf deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnuf deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnvc deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnwe deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LvqaIXnz9 deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NkRaXms deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NNAXJsiv deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NnTaGuo deleted successfully.

Registry value HKEY_USERS\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NYAJsiv deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*upd_debug.exe deleted successfully.

Invalid CLSID key: *upd_debug.exe

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 deleted successfully.

Invalid CLSID key: _nltide_2

Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 deleted successfully.

Invalid CLSID key: _nltide_2

Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*upd_debug.exe deleted successfully.

Invalid CLSID key: *upd_debug.exe

Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 deleted successfully.

Invalid CLSID key: _nltide_2

File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.

Starting removal of ActiveX control Microsoft XML Parser for Java

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

Registry key HKEY_USERS\user_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{B2B220C1-A503-59BD-F413-01B53A2C8953} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2B220C1-A503-59BD-F413-01B53A2C8953}\ not found.

C:\Users\LocalService\Application Data\whitesmoketoolbar folder moved successfully.

C:\Program Files\whitesmoketoolbar\components folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\searchbar folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\options folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\uwa folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\css folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\css folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\css folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\lib folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\skin folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\data\weather folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\data\search folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\data\rss folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\data\dynamicElements folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\data folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\widgets folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\newtab\images folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\newtab folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\modules folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content\lib folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome\content folder moved successfully.

C:\Program Files\whitesmoketoolbar\chrome folder moved successfully.

C:\Program Files\whitesmoketoolbar folder moved successfully.

C:\WINDOWS\Ugoxuteboyobub.bin moved successfully.

C:\WINDOWS\ificedofibu.dll moved successfully.

C:\WINDOWS\Cjowujesazukuy.dat moved successfully.

OTLPE by OldTimer - Version 3.1.44.1 log created on 01272011_063131

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.