1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Strange Malware

Discussion in 'Malware and Virus Removal Archive' started by wealthymike, 2010/06/18.

  1. 2010/06/18
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    [Inactive] Strange Malware

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 12:37:51.53 on Fri 06/18/2010
    Internet Explorer: 8.0.6001.18372

    ============== Running Processes ===============


    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uSearch Page = hxxp://internetsearchservice.com
    uSearch Bar = hxxp://internetsearchservice.com/ie6.html
    uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
    uDefault_Search_URL = hxxp://internetsearchservice.com
    mSearch Bar = hxxp://internetsearchservice.com/ie6.html
    mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
    uSearchAssistant = hxxp://internetsearchservice.com
    mSearchURL = hxxp://internetsearchservice.com
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
    BHO: c:\windows\system32\had73sfdfd.dll: {b2c7b2a1-00f3-42bd-f434-00aaba2c8952} - c:\windows\system32\had73sfdfd.dll
    BHO: Antivirus Plus BHO: {c2b5aab8-2183-4be7-81a6-f11493c45872} - c:\documents and settings\networkservice\application data\antivirus plus\AntiVirus Plus.70367223.dll
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\networkservice\application data\antivirus plus\AntiVirus Plus.70367223.dll ", start 70367223
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
    mRun: [14200004] c:\documents and settings\all users\application data\14200004\14200004.exe
    mRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\networkservice\application data\antivirus plus\AntiVirus Plus.70367223.dll ", start 70367223
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [<NO NAME>] c:\windows\temp\cx11o.exe
    dRun: [hsf7husjnfg98gi498aejhiugjkdg4] c:\windows\temp\cx11o.exe
    dRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\networkservice\application data\antivirus plus\AntiVirus Plus.70367223.dll ", start 70367223
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\antivi~1.lnk - c:\windows\system32\rundll32.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\antivi~1.lnk - c:\windows\system32\rundll32.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\lexmar~1.lnk - c:\program files\lexmark x125\LEX125SU.exe
    uPolicies-explorer: NoFolderOptions = 1 (0x1)
    uPolicies-system: EnableProfileQuota = 1 (0x1)
    uPolicies-system: DisableRegistryTools = 1 (0x1)
    mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-explorer: NoFolderOptions = 1 (0x1)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - d:\progra~1\msoffice\office12\EXCEL.EXE/3000
    IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - d:\program files\aim2\aim.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\msoffice\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\msoffice\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\msoffice\office12\GR99D3~1.DLL
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    AppInit_DLLs: c:\windows\system32\pirelora.dll,gasowihu.dll c:\windows\system32\jisideso.dll c:\windows\system32\gewigemo.dll c:\windows\system32\tiyutova.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    STS: c:\windows\system32\had73sfdfd.dll: {b2c7b2a1-00f3-42bd-f434-00aaba2c8952} - c:\windows\system32\had73sfdfd.dll
    STS: {cf0e2451-f78c-4f14-ab02-de1d1de21db6} - No File
    STS: {5aca4283-2cbe-4ccc-ba77-105a24c5b2bf} - No File
    STS: {d3dcd755-c393-41ec-9ee9-0cf6b352225c} - No File
    STS: {bbf48e3d-b6cf-48ac-b8e1-844964e55bc5} - No File
    STS: {fc59dc28-5c2c-46fe-bc6d-573b9ca2b16b} - No File
    STS: {3e578ea5-8891-42a1-a075-97dbecbe1ffd} - No File
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\msoffice\office12\GRA8E1~1.DLL
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    LSA: Notification Packages = scecli yaponema.dll

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================


    ==================== Find3M ====================

    2010-05-04 02:46:42 9438100 ----a-w- c:\windows\system32\SKYNETyhnyfeip.dat
    2010-02-01 21:57:13 36 ----a-w- c:\program files\skynet.dat
    2010-01-23 12:59:08 2713 --sh--w- c:\windows\system32\bomugopa.exe
    2010-01-18 02:55:12 2713 --sh--w- c:\windows\system32\buhukeko.exe
    2010-01-04 04:43:46 2713 --sh--w- c:\windows\system32\bulahuta.exe
    2010-01-02 16:41:18 2713 --sh--w- c:\windows\system32\bupokadu.exe
    2010-01-07 04:48:41 2713 --sh--w- c:\windows\system32\dajiviwo.exe
    2010-01-16 14:54:44 2713 --sh--w- c:\windows\system32\dohisave.exe
    2009-12-29 22:35:15 2713 --sh--w- c:\windows\system32\dotezelu.exe
    2009-12-07 07:14:13 2713 --sh--w- c:\windows\system32\falodoza.dll
    2009-09-12 07:15:45 12288 --sha-w- c:\windows\system32\fimazemo.dll
    2010-01-21 04:57:20 2713 --sh--w- c:\windows\system32\geraroyi.exe
    2009-12-05 07:13:17 2713 --sh--w- c:\windows\system32\gikohusi.dll
    2010-02-01 09:58:00 2713 --sh--w- c:\windows\system32\haditapo.dll
    1601-01-01 00:03:28 45568 --sha-w- c:\windows\system32\hedafatu.dll
    2010-01-06 10:47:31 2713 --sh--w- c:\windows\system32\hevumuzi.exe
    2010-01-20 12:57:01 2713 --sh--w- c:\windows\system32\hizikahe.exe
    2009-12-29 04:34:30 2713 --sh--w- c:\windows\system32\jerutute.exe
    2009-12-31 10:37:41 2713 --sh--w- c:\windows\system32\jugumutu.exe
    2010-01-01 22:40:08 2713 --sh--w- c:\windows\system32\lepuvibo.exe
    2010-01-19 00:55:58 2713 --sh--w- c:\windows\system32\lurelika.exe
    2009-12-30 16:36:26 2713 --sh--w- c:\windows\system32\mihayoya.exe
    2009-09-09 19:14:52 88064 --sha-w- c:\windows\system32\moluhatu.exe
    2010-01-22 00:58:02 2713 --sh--w- c:\windows\system32\motemesa.exe
    2009-09-09 19:14:52 38912 --sha-w- c:\windows\system32\namajasi.dll
    2010-01-01 04:38:52 2713 --sh--w- c:\windows\system32\numugimu.exe
    1601-01-01 00:03:28 45568 --sha-w- c:\windows\system32\peroruvo.dll
    2009-12-26 10:32:36 2713 --sh--w- c:\windows\system32\popezaho.dll
    2009-12-27 22:32:31 2713 --sh--w- c:\windows\system32\pugoriku.dll
    2009-12-11 07:16:05 2713 --sh--w- c:\windows\system32\pumizabe.dll
    2010-01-03 10:42:32 2713 --sh--w- c:\windows\system32\sijobije.exe
    2009-09-09 19:14:53 16384 --sha-w- c:\windows\system32\tugufiki.dll
    2010-01-17 13:55:03 2713 --sh--w- c:\windows\system32\wafesufa.exe
    2010-01-19 15:56:18 2713 --sh--w- c:\windows\system32\wuwagahi.exe
    2009-09-12 07:15:45 4096 --sha-w- c:\windows\system32\yahobedo.dll
    2010-01-04 22:45:00 2713 --sh--w- c:\windows\system32\yejudogi.exe
    2010-01-05 16:46:15 2713 --sh--w- c:\windows\system32\ziruluzi.exe
    2009-12-08 19:15:08 2713 --sh--w- c:\windows\system32\zuyoriyu.dll
    2009-09-30 22:44:15 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2010-02-01 09:57:27 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
    2010-02-01 21:57:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010020120100202\index.dat
    2010-02-01 09:57:27 32768 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

    ============= FINISH: 12:39:11.87 ===============
     
    wealthymike,
    #1
  2. 2010/06/18
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)


    ==== Disk Partitions =========================


    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    µTorrent
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    ABC Amber BlackBerry Converter
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 8
    AOL Instant Messenger
    BlackBerry Desktop Software 4.3
    BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
    Critical Update for Windows Media Player 11 (KB959772)
    DVD Flick
    FileZilla Client 3.1.2
    Flock 1.2
    GIMP 2.6.4
    Google Talk Plugin
    Hotfix for Windows XP (KB926239)
    Internet Service
    Java(TM) 6 Update 3
    Lexmark X125
    LimeWire 5.0.11
    LiveUpdate 1.80 (Symantec Corporation)
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Microsoft .NET Framework 2.0
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Professional 2007 Trial
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Essentials
    Microsoft Software Update for Web Folders (English) 12
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    PC Inspector smart recovery
    Picasa 3
    Privacy-Components
    QuickTime
    Realtek AC'97 Audio
    Roxio Media Manager
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB955936)
    Security Update for Microsoft Office Excel 2007 (KB955470)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB951808)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office Word 2007 (KB950113)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Software Update for Web Folders
    Symantec AntiVirus Client
    TL-WN321G Wireless Utility
    twhirl
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb957258)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB914882)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB973815)
    VAIOSoft Recovery Manager
    VLC media player 0.9.8a
    VMware Workstation
    Web Application
    WebFldrs XP
    Windows Antivirus Pro
    Windows Defender
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8 Release Candidate 1
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WinFtp Client 1.5
    WinRAR archiver
    WinZip 10 Pro

    ==== End Of File ===========================
     
    wealthymike,
    #2


  3. to hide this advert.

  4. 2010/06/18
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    PeteC,
    #3
  5. 2010/06/18
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Download the update from here if you have problems.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    Make sure that you restart the computer.

    =============

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    crunchie,
    #4
  6. 2010/06/19
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4214

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18372

    6/18/2010 9:53:41 PM
    mbam-log-2010-06-18 (21-53-41).txt

    Scan type: Full scan (C:\|D:\|I:\|)
    Objects scanned: 217914
    Time elapsed: 53 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 24
    Registry Values Infected: 11
    Registry Data Items Infected: 17
    Folders Infected: 18
    Files Infected: 82

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{26070ad0-cf3e-49be-8c83-85a63bfd36d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{26070ad0-cf3e-49be-8c83-85a63bfd36d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\privacy-components (Rogue.ControlCenter) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\skynetyoxvoklx (Rootkit.TDSS) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14200004 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\12890222 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\14200004 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\99683641 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Delete on reboot.
    C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Delete on reboot.
    C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows AntiVirus Pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Your PC Protector (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\247880 (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\falodoza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fimazemo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gikohusi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\haditapo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hedafatu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\namajasi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\peroruvo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\popezaho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pugoriku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pumizabe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tugufiki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yahobedo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zuyoriyu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Application Data\AntiVirus Plus\AntiVirus Plus.70367223.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\052B4X27\avplus[1].dll (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\moluhatu.exe (Rogue.Antivirus.Plus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\AntiVirus Plus\AntiVirus Plus.70367223.dll (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\uninstall.exe (Rogue.ControlCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\AntiVirus Plus\AntiVirus Plus.70367223.dll (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OI2MN5AC\avplus[1].dll (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\wfhivymign.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\tcqfiwkoyx.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\dpposyqbko.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\ktfrtippoi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    D:\SoundForge70\keygen for Sound Foundry.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\14200004\14200004 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\14200004\pc14200004ins (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\guide.html (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images\gimg1.jpg (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images\gimg10.jpg (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images\gimg2.jpg (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images\gimg3.jpg (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images\gimg4.jpg (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images\gimg5.jpg (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images\gimg6.jpg (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images\gimg7.jpg (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images\gimg8.jpg (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\PC\faq\images\gimg9.jpg (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Start Menu\Programs\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Delete on reboot.
    C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Delete on reboot.
    C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows AntiVirus Pro\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Desktop\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Desktop\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Desktop\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Desktop\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Desktop\Your PC Protector.lnk (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\skynet.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Start Menu\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\SKYNETpyytlsob.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SKYNETcpiixkfm.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SKYNETsepqeisl.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SKYNETyhnyfeip.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SKYNETlog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\WINDOWS\sonce123198.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
     
    wealthymike,
    #5
  7. 2010/06/19
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    OTL logfile created on: 6/18/2010 10:08:04 PM - Run 1
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18372)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    222.00 Mb Total Physical Memory | 34.00 Mb Available Physical Memory | 15.00% Memory free
    544.00 Mb Paging File | 223.00 Mb Available in Paging File | 41.00% Paging File free
    Paging file location(s): c:\pagefile.sys 336 672 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 18.63 Gb Total Space | 10.32 Gb Free Space | 55.39% Space Free | Partition Type: NTFS
    Drive D: | 69.85 Gb Total Space | 41.72 Gb Free Space | 59.73% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Unable to calculate disk information.

    Computer Name: ONEMIKE4LIFE
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/18 22:06:53 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2009/09/13 19:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
    PRC - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2008/12/06 13:48:53 | 007,779,640 | ---- | M] (Flock, Inc.) -- D:\Program Files\Flock\flock\flock.exe
    PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/18 22:06:53 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (sp_rssrv)
    SRV - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
    SRV - [2006/11/13 13:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
    SRV - [2006/11/13 13:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2006/11/13 12:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Program Files\MsOffice\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
    SRV - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
    SRV - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


    ========== Driver Services (SafeList) ==========

    DRV - [2009/07/01 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090701.004\NAVEX15.SYS -- (NAVEX15)
    DRV - [2009/07/01 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090701.004\NAVENG.SYS -- (NAVENG)
    DRV - [2009/06/18 19:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
    DRV - [2008/07/26 11:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2008/07/26 11:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/09/09 01:26:51 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/01/12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/04 02:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/05/02 21:08:22 | 000,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
    DRV - [2003/05/02 21:08:18 | 000,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
    DRV - [2002/12/31 08:00:00 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
    DRV - [2002/07/14 22:41:12 | 000,051,712 | R--- | M] (Microsoft(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MSWUSB51.sys -- (MSW_USB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
    IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Search "

    FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins
    FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components

    [2009/02/21 03:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2009/02/21 03:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2007/08/11 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pl4kxr2n.default\extensions
    [2008/06/09 01:23:38 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pl4kxr2n.default\searchplugins\search.xml

    O1 HOSTS File: ([2009/06/28 16:07:36 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2007/08/21 21:23:51 | 000,000,000 | ---D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\MsOffice\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\MsOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\MsOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\MsOffice\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM2\aim.exe (America Online, Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\MsOffice\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (c:\windows\system32\pirelora.dll) - C:\WINDOWS\System32\pirelora.dll File not found
    O20 - AppInit_DLLs: (gasowihu.dll c:\windows\system32\jisideso.dll c:\windows\system32\gewigemo.dll c:\windows\system32\tiyutova.dll) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\jmeyh.dll ()
    O22 - SharedTaskScheduler: {3e578ea5-8891-42a1-a075-97dbecbe1ffd} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {5aca4283-2cbe-4ccc-ba77-105a24c5b2bf} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {bbf48e3d-b6cf-48ac-b8e1-844964e55bc5} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {cf0e2451-f78c-4f14-ab02-de1d1de21db6} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {d3dcd755-c393-41ec-9ee9-0cf6b352225c} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {fc59dc28-5c2c-46fe-bc6d-573b9ca2b16b} - kupuhivus - Reg Error: Key error. File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\MsOffice\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/11 20:47:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{58a01d2c-e1d4-11dd-985c-0019e08a173b}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{58a01d2c-e1d4-11dd-985c-0019e08a173b}\Shell\Explore\command - " " = K:\system.exe -- File not found
    O33 - MountPoints2\{58a01d2c-e1d4-11dd-985c-0019e08a173b}\Shell\Open\command - " " = K:\system.exe -- File not found
    O33 - MountPoints2\{975c8a04-8c35-11dd-9835-0050f27b2ef0}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{975c8a04-8c35-11dd-9835-0050f27b2ef0}\Shell\Explore\command - " " = system.exe
    O33 - MountPoints2\{975c8a04-8c35-11dd-9835-0050f27b2ef0}\Shell\Open\command - " " = system.exe
    O33 - MountPoints2\{b41acf4e-9030-11dd-983e-0050f27b2ef0}\Shell - " " = AutoRun
    O33 - MountPoints2\{b41acf4e-9030-11dd-983e-0050f27b2ef0}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{b41acf4e-9030-11dd-983e-0050f27b2ef0}\Shell\AutoRun\command - " " = K:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{ee090ffc-02ba-11de-9865-0050f27b2ef0}\Shell - " " = AutoRun
    O33 - MountPoints2\{ee090ffc-02ba-11de-9865-0050f27b2ef0}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{ee090ffc-02ba-11de-9865-0050f27b2ef0}\Shell\AutoRun\command - " " = K:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/06 02:12:28 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    Unable to start service SrService!

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/18 22:06:57 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/06/18 20:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/06/18 20:52:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/06/18 20:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/06/18 20:51:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/06/18 20:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/06/18 20:50:10 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/06/18 22:10:22 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/06/18 22:06:53 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/06/18 22:02:51 | 000,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2010/06/18 22:02:42 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/18 22:02:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/06/18 22:01:47 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
    [2010/06/18 22:01:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/06/18 20:52:18 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/18 20:51:01 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
    [2010/06/18 12:37:33 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2010/05/05 13:32:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/05/05 09:53:41 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2010/05/04 05:06:44 | 233,390,080 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2010/05/03 19:23:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/06/18 20:52:18 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/18 12:37:15 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2010/05/03 19:23:00 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
    [2010/05/03 19:23:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
    [2009/04/09 17:08:36 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/10/18 01:34:40 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
    [2008/09/29 13:21:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
    [2008/08/17 18:07:54 | 000,000,765 | ---- | C] () -- C:\WINDOWS\ONFORMAT.INI
    [2008/08/03 23:18:29 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
    [2008/08/03 22:52:43 | 000,000,341 | ---- | C] () -- C:\WINDOWS\RECMGRUN.INI
    [2008/08/03 22:52:20 | 000,003,455 | ---- | C] () -- C:\WINDOWS\RECVCALL.INI
    [2008/08/03 22:27:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
    [2008/07/29 16:01:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WinFTP.INI
    [2008/07/29 15:19:51 | 000,000,216 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
    [2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2008/07/06 23:27:40 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2008/06/12 03:03:05 | 000,000,355 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2007/10/19 11:58:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2007/08/21 02:15:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/08/21 01:33:36 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
    [2007/08/21 01:33:08 | 000,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
    [2007/08/21 01:33:08 | 000,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
    [2007/08/21 01:33:08 | 000,012,800 | ---- | C] () -- C:\WINDOWS\SS16FT.DLL
    [2007/08/21 01:33:08 | 000,002,554 | ---- | C] () -- C:\WINDOWS\SSDS16.INI
    [2007/08/21 01:33:08 | 000,002,552 | ---- | C] () -- C:\WINDOWS\SSDS32.INI
    [2007/08/21 01:33:08 | 000,002,371 | ---- | C] () -- C:\WINDOWS\ssnew05.ini
    [2007/08/21 01:33:08 | 000,002,371 | ---- | C] () -- C:\WINDOWS\ssnew04.ini
    [2007/08/21 01:33:08 | 000,002,371 | ---- | C] () -- C:\WINDOWS\ssnew03.ini
    [2007/08/21 01:33:08 | 000,002,371 | ---- | C] () -- C:\WINDOWS\ssnew02.ini
    [2007/08/21 01:33:08 | 000,002,371 | ---- | C] () -- C:\WINDOWS\ssnew01.ini
    [2007/08/21 01:33:08 | 000,002,269 | ---- | C] () -- C:\WINDOWS\Ssdef32.ini
    [2007/08/21 01:33:08 | 000,002,267 | ---- | C] () -- C:\WINDOWS\SSDEF16.INI
    [2007/08/21 01:33:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MyScan.ini
    [2007/08/21 01:33:06 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\LMStatus.ini
    [2007/08/11 22:43:28 | 000,000,239 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
    [2007/04/16 11:52:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\jmeyh.dll
    [2006/05/02 18:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
    [2003/05/21 01:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
    [2002/12/31 08:00:00 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
    [2002/12/31 08:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll

    ========== LOP Check ==========

    [2008/12/20 15:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
    [2008/11/07 17:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
    [2008/09/27 14:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
    [2008/07/29 15:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoffeeCup Software
    [2008/08/01 02:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
    [2009/04/27 21:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
    [2008/08/12 01:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flock
    [2009/01/17 19:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
    [2009/04/09 17:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
    [2009/02/21 04:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
    [2008/08/05 01:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2008/08/26 22:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mjusbsp
    [2009/01/01 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
    [2009/04/07 22:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
    [2007/12/21 02:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NwDocx
    [2007/08/11 21:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
    [2008/08/17 15:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDF reDirect
    [2008/09/26 21:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
    [2008/10/17 02:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SecondLife
    [2009/06/06 20:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
    [2007/11/03 01:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
    [2008/09/29 18:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinBatch
    [2008/10/03 19:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wsInspector
    [2007/09/12 21:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2008/08/05 01:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/01/01 19:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/06/18 22:10:22 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2008/11/14 11:20:51 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/11/14 11:20:51 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\agp440.sys
    [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
    [2003/03/31 08:00:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
    [2008/11/14 11:20:51 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/11/14 11:20:51 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2003/03/31 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\atapi.sys
    [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\eventlog.dll
    [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
    [2003/03/31 08:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\netlogon.dll
    [2003/03/31 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
    [2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\SP2QFE\netlogon.dll
    [2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\SP2QFE\netlogon.dll
    [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
    [2003/03/31 08:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2005/07/26 00:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
    [18 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\System32\config\*.sav >
    [2008/11/05 21:01:46 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/11/06 01:46:12 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2008/11/05 21:01:46 | 024,379,392 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/11/05 21:01:46 | 007,602,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 8154 bytes -> C:\WINDOWS\System32\drivers\pgbzafvt.sys:changelist
    @Alternate Data Stream - 5056 bytes -> C:\WINDOWS\System32\drivers\mecmeman.sys:changelist
    @Alternate Data Stream - 1834 bytes -> C:\WINDOWS\System32\drivers\mcoxjymn.sys:changelist
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
    < End of report >
     
    wealthymike,
    #6
  8. 2010/06/19
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    OTL Extras logfile created on: 6/18/2010 10:08:04 PM - Run 1
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18372)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    222.00 Mb Total Physical Memory | 34.00 Mb Available Physical Memory | 15.00% Memory free
    544.00 Mb Paging File | 223.00 Mb Available in Paging File | 41.00% Paging File free
    Paging file location(s): c:\pagefile.sys 336 672 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 18.63 Gb Total Space | 10.32 Gb Free Space | 55.39% Space Free | Partition Type: NTFS
    Drive D: | 69.85 Gb Total Space | 41.72 Gb Free Space | 59.73% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Unable to calculate disk information.

    Computer Name: ONEMIKE4LIFE
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FlockHTML] -- D:\Program Files\Flock\flock\flock.exe (Flock, Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- D:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE -requestPending -osint -url "%1" (Flock, Inc.)
    https [open] -- D:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE -requestPending -osint -url "%1" (Flock, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- d:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- D:\PROGRA~1\MsOffice\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Directory [PlayWithVLC] -- d:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" File not found
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" File not found
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" File not found
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe:*:Disabled:pDP RPC Server -- (DeviceGuys)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
    "C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
    "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
    "C:\Program Files\AIM2\aim.exe" = C:\Program Files\AIM2\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
    "C:\Program Files\Flock\flock\flock.exe" = C:\Program Files\Flock\flock\flock.exe:*:Enabled:Flock -- File not found
    "C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
    "D:\Program Files\AIM2\aim.exe" = D:\Program Files\AIM2\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- File not found
    "D:\Program Files\MsOffice\Office12\OUTLOOK.EXE" = D:\Program Files\MsOffice\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "D:\Program Files\MsOffice\Office12\GROOVE.EXE" = D:\Program Files\MsOffice\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "D:\Program Files\MsOffice\Office12\ONENOTE.EXE" = D:\Program Files\MsOffice\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\Mikey.ONEMIKE4LIFE\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Mikey.ONEMIKE4LIFE\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\Mikey.ONEMIKE4LIFE\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Mikey.ONEMIKE4LIFE\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B59A227-CAC2-4688-8759-580B4DC5F220}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
    "{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
    "{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
    "{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
    "{4BF3C0FD-9FC0-F191-C16A-C464BA02CDD9}" = twhirl
    "{5012BC0C-7E1A-329A-8F02-B6846070C5F8}" = Google Talk Plugin
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
    "{88739060-F683-11D3-B761-00105AD153C1}" = Lexmark X125
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98D1A713-438C-4A23-8AB6-41B37C4A2D47}" = VMware Workstation
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
    "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
    "{B468AE7B-C667-4073-BED8-EAD17D5EE08C}" = TL-WN321G Wireless Utility
    "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
    "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
    "{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}" = Google Talk Plugin
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "ABC Amber BlackBerry Converter" = ABC Amber BlackBerry Converter
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AOL Instant Messenger" = AOL Instant Messenger
    "BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
    "de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
    "DVD Flick_is1" = DVD Flick
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "FileZilla Client" = FileZilla Client 3.1.2
    "Flock" = Flock 1.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8 Release Candidate 1
    "LimeWire" = LimeWire 5.0.11
    "LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
    "lvdrivers_11.80" = Logitech QuickCam Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Picasa 3" = Picasa 3
    "PRJPRO" = Microsoft Office Project Professional 2007
    "PROR" = Microsoft Office Professional 2007 Trial
    "VAIOSoft Recovery Manager" = VAIOSoft Recovery Manager
    "VLC media player" = VLC media player 0.9.8a
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 2
    "WinFtp Client_is1" = WinFtp Client 1.5
    "WinGimp-2.0_is1" = GIMP 2.6.4
    "WinRAR archiver" = WinRAR archiver
    "WinZip 10 Pro" = WinZip 10 Pro
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/7/2010 7:27:14 AM | Computer Name = ONEMIKE4LIFE | Source = Google Update | ID = 20
    Description =

    Error - 1/7/2010 8:27:14 AM | Computer Name = ONEMIKE4LIFE | Source = Google Update | ID = 20
    Description =

    Error - 1/7/2010 9:27:14 AM | Computer Name = ONEMIKE4LIFE | Source = Google Update | ID = 20
    Description =

    Error - 1/7/2010 10:27:14 AM | Computer Name = ONEMIKE4LIFE | Source = Google Update | ID = 20
    Description =

    Error - 1/7/2010 11:27:14 AM | Computer Name = ONEMIKE4LIFE | Source = Google Update | ID = 20
    Description =

    Error - 1/7/2010 12:27:14 PM | Computer Name = ONEMIKE4LIFE | Source = Google Update | ID = 20
    Description =

    Error - 1/7/2010 1:27:14 PM | Computer Name = ONEMIKE4LIFE | Source = Google Update | ID = 20
    Description =

    Error - 1/7/2010 2:27:14 PM | Computer Name = ONEMIKE4LIFE | Source = Google Update | ID = 20
    Description =

    Error - 1/7/2010 3:27:14 PM | Computer Name = ONEMIKE4LIFE | Source = Google Update | ID = 20
    Description =

    Error - 1/7/2010 3:50:13 PM | Computer Name = ONEMIKE4LIFE | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
    module mshtml.dll, version 8.0.6001.18372, fault address 0x00174ade.

    [ System Events ]
    Error - 6/18/2010 10:03:15 PM | Computer Name = ONEMIKE4LIFE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service winmgmt with
    arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Error - 6/18/2010 10:03:15 PM | Computer Name = ONEMIKE4LIFE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service winmgmt with
    arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Error - 6/18/2010 10:03:15 PM | Computer Name = ONEMIKE4LIFE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service winmgmt with
    arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Error - 6/18/2010 10:03:15 PM | Computer Name = ONEMIKE4LIFE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service winmgmt with
    arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Error - 6/18/2010 10:03:15 PM | Computer Name = ONEMIKE4LIFE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service winmgmt with
    arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Error - 6/18/2010 10:03:15 PM | Computer Name = ONEMIKE4LIFE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service winmgmt with
    arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Error - 6/18/2010 10:03:15 PM | Computer Name = ONEMIKE4LIFE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service winmgmt with
    arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Error - 6/18/2010 10:03:15 PM | Computer Name = ONEMIKE4LIFE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service winmgmt with
    arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Error - 6/18/2010 10:03:15 PM | Computer Name = ONEMIKE4LIFE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service winmgmt with
    arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Error - 6/18/2010 10:03:43 PM | Computer Name = ONEMIKE4LIFE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service winmgmt with
    arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}


    < End of report >
     
    wealthymike,
    #7
  9. 2010/06/19
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O20 - AppInit_DLLs: (c:\windows\system32\pirelora.dll) - C:\WINDOWS\System32\pirelora.dll File not found
O20 - AppInit_DLLs: (gasowihu.dll c:\windows\system32\jisideso.dll c:\windows\system32\gewigemo.dll c:\windows\system32\tiyutova.dll) - File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\jmeyh.dll ()
O22 - SharedTaskScheduler: {3e578ea5-8891-42a1-a075-97dbecbe1ffd} - jugezatag - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {5aca4283-2cbe-4ccc-ba77-105a24c5b2bf} - mujuzedij - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {bbf48e3d-b6cf-48ac-b8e1-844964e55bc5} - kupuhivus - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {cf0e2451-f78c-4f14-ab02-de1d1de21db6} - tokatiluy - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {d3dcd755-c393-41ec-9ee9-0cf6b352225c} - jugezatag - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {fc59dc28-5c2c-46fe-bc6d-573b9ca2b16b} - kupuhivus - Reg Error: Key error. File not found
:Commands
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    ====

    Let me know how the pc is now please.
     
    crunchie,
    #8
  10. 2010/06/19
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\pirelora.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gasowihu.dll c:\windows\system32\jisideso.dll c:\windows\system32\gewigemo.dll c:\windows\system32\tiyutova.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\ deleted successfully.
    C:\WINDOWS\system32\jmeyh.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3e578ea5-8891-42a1-a075-97dbecbe1ffd} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e578ea5-8891-42a1-a075-97dbecbe1ffd}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{5aca4283-2cbe-4ccc-ba77-105a24c5b2bf} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5aca4283-2cbe-4ccc-ba77-105a24c5b2bf}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{bbf48e3d-b6cf-48ac-b8e1-844964e55bc5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bbf48e3d-b6cf-48ac-b8e1-844964e55bc5}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{cf0e2451-f78c-4f14-ab02-de1d1de21db6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf0e2451-f78c-4f14-ab02-de1d1de21db6}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{d3dcd755-c393-41ec-9ee9-0cf6b352225c} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3dcd755-c393-41ec-9ee9-0cf6b352225c}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{fc59dc28-5c2c-46fe-bc6d-573b9ca2b16b} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc59dc28-5c2c-46fe-bc6d-573b9ca2b16b}\ not found.
    ========== COMMANDS ==========

    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 3059103 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: Mikey

    User: Mikey.ONEMIKE4LIFE
    ->Flash cache emptied: 4599 bytes

    User: NetworkService

    Total Flash Files Cleaned = 3.00 mb


    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 193395352 bytes
    ->Temporary Internet Files folder emptied: 227444698 bytes
    ->Java cache emptied: 4060502 bytes
    ->FireFox cache emptied: 5343281 bytes
    ->Google Chrome cache emptied: 9040022 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 98706 bytes

    User: Mikey
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mikey.ONEMIKE4LIFE
    ->Temp folder emptied: 201493 bytes
    ->Temporary Internet Files folder emptied: 43131 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 670620 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 3281601 bytes
    %systemroot%\System32 .tmp files removed: 3012625 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 91776 bytes
    Windows Temp folder emptied: 47547522 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2650571 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 474.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.6.0 log created on 06192010_133629

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    wealthymike,
    #9
  11. 2010/06/19
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    OTL logfile created on: 6/19/2010 1:56:28 PM - Run 2
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18372)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    222.00 Mb Total Physical Memory | 20.00 Mb Available Physical Memory | 9.00% Memory free
    544.00 Mb Paging File | 217.00 Mb Available in Paging File | 40.00% Paging File free
    Paging file location(s): c:\pagefile.sys 336 672 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 18.63 Gb Total Space | 10.72 Gb Free Space | 57.55% Space Free | Partition Type: NTFS
    Drive D: | 69.85 Gb Total Space | 41.72 Gb Free Space | 59.73% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Unable to calculate disk information.

    Computer Name: ONEMIKE4LIFE
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/18 22:06:53 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2009/09/13 19:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
    PRC - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2008/12/06 13:48:53 | 007,779,640 | ---- | M] (Flock, Inc.) -- D:\Program Files\Flock\flock\flock.exe
    PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/18 22:06:53 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (sp_rssrv)
    SRV - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
    SRV - [2006/11/13 13:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
    SRV - [2006/11/13 13:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2006/11/13 12:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Program Files\MsOffice\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
    SRV - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
    SRV - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


    ========== Driver Services (SafeList) ==========

    DRV - [2009/07/01 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090701.004\NAVEX15.SYS -- (NAVEX15)
    DRV - [2009/07/01 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090701.004\NAVENG.SYS -- (NAVENG)
    DRV - [2009/06/18 19:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
    DRV - [2008/07/26 11:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2008/07/26 11:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/09/09 01:26:51 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/01/12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/04 02:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/05/02 21:08:22 | 000,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
    DRV - [2003/05/02 21:08:18 | 000,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
    DRV - [2002/12/31 08:00:00 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
    DRV - [2002/07/14 22:41:12 | 000,051,712 | R--- | M] (Microsoft(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MSWUSB51.sys -- (MSW_USB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
    IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Search "

    FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins
    FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components

    [2009/02/21 03:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2009/02/21 03:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2007/08/11 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pl4kxr2n.default\extensions
    [2008/06/09 01:23:38 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pl4kxr2n.default\searchplugins\search.xml

    O1 HOSTS File: ([2010/06/19 13:39:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2007/08/21 21:23:51 | 000,000,000 | ---D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\MsOffice\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\MsOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\MsOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\MsOffice\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM2\aim.exe (America Online, Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\MsOffice\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (gasowihu.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\jisideso.dll) - C:\WINDOWS\System32\jisideso.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\gewigemo.dll) - C:\WINDOWS\System32\gewigemo.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\tiyutova.dll) - C:\WINDOWS\System32\tiyutova.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\MsOffice\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/11 20:47:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{58a01d2c-e1d4-11dd-985c-0019e08a173b}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{58a01d2c-e1d4-11dd-985c-0019e08a173b}\Shell\Explore\command - " " = K:\system.exe -- File not found
    O33 - MountPoints2\{58a01d2c-e1d4-11dd-985c-0019e08a173b}\Shell\Open\command - " " = K:\system.exe -- File not found
    O33 - MountPoints2\{975c8a04-8c35-11dd-9835-0050f27b2ef0}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{975c8a04-8c35-11dd-9835-0050f27b2ef0}\Shell\Explore\command - " " = system.exe
    O33 - MountPoints2\{975c8a04-8c35-11dd-9835-0050f27b2ef0}\Shell\Open\command - " " = system.exe
    O33 - MountPoints2\{b41acf4e-9030-11dd-983e-0050f27b2ef0}\Shell - " " = AutoRun
    O33 - MountPoints2\{b41acf4e-9030-11dd-983e-0050f27b2ef0}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{b41acf4e-9030-11dd-983e-0050f27b2ef0}\Shell\AutoRun\command - " " = K:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{ee090ffc-02ba-11de-9865-0050f27b2ef0}\Shell - " " = AutoRun
    O33 - MountPoints2\{ee090ffc-02ba-11de-9865-0050f27b2ef0}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{ee090ffc-02ba-11de-9865-0050f27b2ef0}\Shell\AutoRun\command - " " = K:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/19 13:36:29 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/06/18 22:06:57 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/06/18 20:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/06/18 20:52:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/06/18 20:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/06/18 20:51:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/06/18 20:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/06/18 20:50:10 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

    ========== Files - Modified Within 90 Days ==========

    [2010/06/19 13:59:45 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/06/19 13:52:06 | 000,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2010/06/19 13:51:56 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/19 13:51:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/06/19 13:51:01 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
    [2010/06/19 13:50:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/06/19 13:39:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/06/18 22:06:53 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/06/18 20:52:18 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/18 20:51:01 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
    [2010/06/18 12:37:33 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2010/05/05 13:32:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/05/05 09:53:41 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2010/05/04 05:06:44 | 233,390,080 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2010/05/03 19:23:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2010/06/18 20:52:18 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/18 12:37:15 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2010/05/03 19:23:00 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
    [2010/05/03 19:23:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
    [2009/04/09 17:08:36 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/10/18 01:34:40 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
    [2008/09/29 13:21:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
    [2008/08/17 18:07:54 | 000,000,765 | ---- | C] () -- C:\WINDOWS\ONFORMAT.INI
    [2008/08/03 23:18:29 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
    [2008/08/03 22:52:43 | 000,000,341 | ---- | C] () -- C:\WINDOWS\RECMGRUN.INI
    [2008/08/03 22:52:20 | 000,003,455 | ---- | C] () -- C:\WINDOWS\RECVCALL.INI
    [2008/08/03 22:27:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
    [2008/07/29 16:01:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WinFTP.INI
    [2008/07/29 15:19:51 | 000,000,216 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
    [2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2008/07/06 23:27:40 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2008/06/12 03:03:05 | 000,000,355 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2007/10/19 11:58:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2007/08/21 02:15:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/08/21 01:33:36 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
    [2007/08/21 01:33:08 | 000,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
    [2007/08/21 01:33:08 | 000,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
    [2007/08/21 01:33:08 | 000,012,800 | ---- | C] () -- C:\WINDOWS\SS16FT.DLL
    [2007/08/21 01:33:08 | 000,002,554 | ---- | C] () -- C:\WINDOWS\SSDS16.INI
    [2007/08/21 01:33:08 | 000,002,552 | ---- | C] () -- C:\WINDOWS\SSDS32.INI
    [2007/08/21 01:33:08 | 000,002,371 | ---- | C] () -- C:\WINDOWS\ssnew05.ini
    [2007/08/21 01:33:08 | 000,002,371 | ---- | C] () -- C:\WINDOWS\ssnew04.ini
    [2007/08/21 01:33:08 | 000,002,371 | ---- | C] () -- C:\WINDOWS\ssnew03.ini
    [2007/08/21 01:33:08 | 000,002,371 | ---- | C] () -- C:\WINDOWS\ssnew02.ini
    [2007/08/21 01:33:08 | 000,002,371 | ---- | C] () -- C:\WINDOWS\ssnew01.ini
    [2007/08/21 01:33:08 | 000,002,269 | ---- | C] () -- C:\WINDOWS\Ssdef32.ini
    [2007/08/21 01:33:08 | 000,002,267 | ---- | C] () -- C:\WINDOWS\SSDEF16.INI
    [2007/08/21 01:33:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MyScan.ini
    [2007/08/21 01:33:06 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\LMStatus.ini
    [2007/08/11 22:43:28 | 000,000,239 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
    [2006/05/02 18:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
    [2003/05/21 01:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
    [2002/12/31 08:00:00 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
    [2002/12/31 08:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll

    ========== LOP Check ==========

    [2008/12/20 15:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
    [2008/11/07 17:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
    [2008/09/27 14:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
    [2008/07/29 15:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoffeeCup Software
    [2008/08/01 02:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
    [2009/04/27 21:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
    [2008/08/12 01:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flock
    [2009/01/17 19:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
    [2009/04/09 17:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
    [2009/02/21 04:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
    [2008/08/05 01:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2008/08/26 22:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mjusbsp
    [2009/01/01 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
    [2009/04/07 22:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ntr
    [2007/12/21 02:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NwDocx
    [2007/08/11 21:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
    [2008/08/17 15:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDF reDirect
    [2008/09/26 21:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
    [2008/10/17 02:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SecondLife
    [2009/06/06 20:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
    [2007/11/03 01:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
    [2008/09/29 18:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinBatch
    [2008/10/03 19:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wsInspector
    [2007/09/12 21:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2008/08/05 01:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/01/01 19:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/06/19 13:59:45 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 8154 bytes -> C:\WINDOWS\System32\drivers\pgbzafvt.sys:changelist
    @Alternate Data Stream - 5056 bytes -> C:\WINDOWS\System32\drivers\mecmeman.sys:changelist
    @Alternate Data Stream - 1834 bytes -> C:\WINDOWS\System32\drivers\mcoxjymn.sys:changelist
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
    < End of report >
     
    wealthymike,
    #10
  12. 2010/06/19
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Please download JavaRa

    If you get this message:
    Problems with the download? Please use this direct link or try another mirror.

    Select the Direct link download unzip it to your Desktop.

    Double click JavaRa.exe then click Remove Older Versions.

    Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

    Next, open JavaRa.exe again, and select Search For Updates.

    Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 20 (JDK or JRE). On the right select this one Download JRE..

    In Vista and Windows 7 run the tool as Administrator.
     
    crunchie,
    #11
  13. 2010/06/19
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    JavaRa 1.15 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sat Jun 19 23:36:58 2010

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

    Found and removed: Software\Classes\JavaPlugin.160_03

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

    Found and removed: Software\JavaSoft\Java2D\1.6.0_02

    Found and removed: Software\JavaSoft\Java2D\1.6.0_03

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

    ------------------------------------

    Finished reporting.
     
    wealthymike,
    #12
  14. 2010/06/19
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    3rd time lucky :)
     
    crunchie,
    #13
  15. 2010/06/20
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    Everything seems good... Thanks again Crunchie!
     
    wealthymike,
    #14
  16. 2010/06/20
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Ok. Will get you to run an on-line scan to be certain.

    Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on the Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    crunchie,
    #15
  17. 2010/06/22
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    It keeps freezing either during the downloading/installing process or during the scanning process. I did see that I had about 30-something infected files but could not see what they were because it froze midway.
     
    wealthymike,
    #16
  18. 2010/06/22
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Try this one;

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

     
    crunchie,
    #17
  19. 2010/06/22
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=9385ab7ee7eb38468d6974212d48ccc8
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2010-06-22 07:26:21
    # local_time=2010-06-22 03:26:21 (-0500, Eastern Daylight Time)
    # country= "United States "
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=crash
    # scanned=71898
    # found=2
    # cleaned=0
    # scan_time=6038
    C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
    D:\Program Files\ABC Amber BlackBerry Converter\abcberry.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
     
    wealthymike,
    #18
  20. 2010/06/22
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Both of those look like 'normal' files to me. Do you know what they are and if you installed them?
     
    crunchie,
    #19

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...