Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help!

Unread postby AdaAlcove » April 18th, 2011, 6:01 pm

My computer has been getting hijacked when ever I use a serch engine, now extra files are just opening up - mostly ads. My computer has become extremly slow. I have cleaned up the files recently and deleted temporary files. I have also run the trend micro hijack program but don't know how to tell which program is supose to be their and which aren't. Thanks for any help you can give me.
Dolores
Below is the dds and the other file.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 16:25:20.67 on Mon 04/18/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.197 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Netopia\C3kWEPn.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
svchost.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Forefront Online Protection for Exchange Gateway\Microsoft.Forefront.Server.EhsGatewayService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\windows\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Wacom_Tablet.exe
C:\WINDOWS\System32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\System32\Wacom_Tablet.exe
C:\windows\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\MsiExec.exe
C:\windows\explorer.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mc1133.mail.yahoo.com/mc/welc ... 9kpqln8m81
mStart Page = hxxp://www.youcansearch.com
uInternet Connection Wizard,ShellNext = https://pbells.broadjump.com/wizlet/iw60/launch.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\COUPON~1.DLL
BHO: Browser Enhancer: {86ef8bd1-47f3-4322-923f-f29cdf477eb0} - c:\program files\caj media\browser enhancer\adxloader.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\CouponsBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"
uRun: [{40E0B0D5-50AA-C637-C6C4-B99B40B4F4AB}] "c:\documents and settings\owner\application data\lebize\ulokz.exe"
uRun: [AdobeBridge]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [{F2C7D944-FD36-49EB-E988-4B40B4DA5EF5}] "c:\documents and settings\owner\application data\imkui\cate.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [C2kWep] c:\program files\netopia\C3kWEPn.exe
mRun: [BellSouthWCC_McciTrayApp] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: plaxo.com\www
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 7652113531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\qs24tubu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://us.mc1147.mail.yahoo.com/mc/welc ... kfptfb1nok
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\qs24tubu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\qs24tubu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\qs24tubu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\qs24tubu.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\qs24tubu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {6B31B409-EF8A-407F-8315-28E79CF30908} - c:\documents and settings\owner\local settings\application data\{6B31B409-EF8A-407F-8315-28E79CF30908}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-4 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-4 301528]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl6e020cc5;MpKsl6e020cc5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f966d45c-e501-4077-935d-9d2256863069}\MpKsl6e020cc5.sys [2011-4-18 28752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-4 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-4 42184]
R2 FopeGatewayService;Microsoft Forefront Online Protection for Exchange Gateway Management Service;c:\program files\microsoft forefront online protection for exchange gateway\Microsoft.Forefront.Server.EhsGatewayService.exe [2009-10-2 55160]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-23 88176]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-7-9 1373480]
R3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2009-7-7 17536]
S1 MpKsl11b7ff98;MpKsl11b7ff98;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\mpksl11b7ff98.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\MpKsl11b7ff98.sys [?]
S1 MpKsl1e0b8786;MpKsl1e0b8786;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\mpksl1e0b8786.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\MpKsl1e0b8786.sys [?]
S1 MpKsl67410063;MpKsl67410063;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\mpksl67410063.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\MpKsl67410063.sys [?]
S1 MpKsl677e764f;MpKsl677e764f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c742587d-0259-404e-acdb-3ec2d22258cd}\mpksl677e764f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c742587d-0259-404e-acdb-3ec2d22258cd}\MpKsl677e764f.sys [?]
S1 MpKsl72bbce1e;MpKsl72bbce1e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\mpksl72bbce1e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\MpKsl72bbce1e.sys [?]
S1 MpKslbb40661c;MpKslbb40661c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f966d45c-e501-4077-935d-9d2256863069}\mpkslbb40661c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f966d45c-e501-4077-935d-9d2256863069}\MpKslbb40661c.sys [?]
S1 MpKslc72f6af2;MpKslc72f6af2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\mpkslc72f6af2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\MpKslc72f6af2.sys [?]
S1 MpKslcf4854a6;MpKslcf4854a6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a6803d7c-5cfb-4cfc-bb33-d91ab4f1c10b}\mpkslcf4854a6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a6803d7c-5cfb-4cfc-bb33-d91ab4f1c10b}\MpKslcf4854a6.sys [?]
S1 MpKsle7bfff81;MpKsle7bfff81;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\mpksle7bfff81.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b471c179-3317-48d2-96c5-7185d288a901}\MpKsle7bfff81.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-15 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-15 40552]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\plcmpr5.sys --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2009-7-19 17280]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\drivers\swld23u.sys [2009-7-7 82888]
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\drivers\swlubtl.sys [2009-7-7 53690]
.
=============== Created Last 30 ================
.
2011-04-18 18:53:35 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{f966d45c-e501-4077-935d-9d2256863069}\MpKsl6e020cc5.sys
2011-04-11 23:02:05 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{f966d45c-e501-4077-935d-9d2256863069}\mpengine.dll
2011-04-11 22:46:19 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PackageAware
2011-04-02 18:23:47 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-22 02:21:00 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
==================== Find3M ====================
.
2011-04-18 12:41:41 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500418AS rev.CC34 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F35439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f3b7b8]; MOV EAX, [0x86f3b834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86F85AB8]
3 CLASSPNP[0xF7617FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x86F90550]
\Driver\atapi[0x86F813D0] -> IRP_MJ_CREATE -> 0x86F35439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskST3500418AS_____________________________CC34____#5&2fdfe383&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86F3527F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:33:22.15 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2009 9:18:43 PM
System Uptime: 4/18/2011 2:52:20 PM (2 hours ago)
.
Motherboard: Dell Computer Corp. | | 0N2828
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 351.283 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (FAT32) - 466 GiB total, 269.037 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_05DC&PID_B023\0000275458
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_05DC&PID_B023\0000275458
Service: USBSTOR
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891028&REV_01\4&1C660DD6&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891028&REV_01\4&1C660DD6&0&08F0
Service:
.
==== System Restore Points ===================
.
RP691: 1/16/2011 2:21:13 AM - Software Distribution Service 3.0
RP692: 1/17/2011 3:26:19 AM - Software Distribution Service 3.0
RP693: 1/18/2011 6:21:08 AM - System Checkpoint
RP694: 1/18/2011 3:51:26 PM - Software Distribution Service 3.0
RP695: 1/19/2011 3:51:18 PM - Software Distribution Service 3.0
RP696: 1/20/2011 4:45:42 PM - System Checkpoint
RP697: 1/20/2011 7:14:19 PM - Software Distribution Service 3.0
RP698: 1/21/2011 7:14:14 PM - Software Distribution Service 3.0
RP699: 1/22/2011 7:14:22 PM - Software Distribution Service 3.0
RP700: 1/23/2011 1:42:59 AM - Software Distribution Service 3.0
RP701: 1/23/2011 7:14:44 PM - Software Distribution Service 3.0
RP702: 1/24/2011 7:13:11 PM - Software Distribution Service 3.0
RP703: 1/25/2011 7:12:56 PM - Software Distribution Service 3.0
RP704: 1/26/2011 7:13:11 PM - Software Distribution Service 3.0
RP705: 1/27/2011 7:12:46 PM - Software Distribution Service 3.0
RP706: 1/28/2011 1:24:08 PM - Software Distribution Service 3.0
RP707: 1/28/2011 1:36:25 PM - Software Distribution Service 3.0
RP708: 1/29/2011 2:09:06 PM - System Checkpoint
RP709: 1/30/2011 2:14:53 AM - Software Distribution Service 3.0
RP710: 1/30/2011 1:31:58 PM - Software Distribution Service 3.0
RP711: 1/30/2011 10:04:13 PM - Installed Windows XP KB942288-v3.
RP712: 1/30/2011 10:04:36 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP713: 1/31/2011 1:32:20 PM - Software Distribution Service 3.0
RP714: 2/1/2011 1:32:12 PM - Software Distribution Service 3.0
RP715: 2/2/2011 1:32:19 PM - Software Distribution Service 3.0
RP716: 2/3/2011 1:32:38 PM - Software Distribution Service 3.0
RP717: 2/4/2011 1:36:18 PM - Software Distribution Service 3.0
RP718: 2/5/2011 1:32:40 PM - Software Distribution Service 3.0
RP719: 2/6/2011 2:14:46 AM - Software Distribution Service 3.0
RP720: 2/6/2011 1:32:38 PM - Software Distribution Service 3.0
RP721: 2/7/2011 8:35:55 PM - Software Distribution Service 3.0
RP722: 2/9/2011 4:54:44 AM - Software Distribution Service 3.0
RP723: 2/10/2011 3:00:16 AM - Software Distribution Service 3.0
RP724: 2/11/2011 3:00:22 AM - Software Distribution Service 3.0
RP725: 2/11/2011 3:30:07 AM - Software Distribution Service 3.0
RP726: 2/12/2011 3:24:56 AM - Software Distribution Service 3.0
RP727: 2/13/2011 2:18:55 AM - Software Distribution Service 3.0
RP728: 2/14/2011 2:22:18 AM - System Checkpoint
RP729: 2/14/2011 3:25:15 AM - Software Distribution Service 3.0
RP730: 2/15/2011 3:25:22 AM - Software Distribution Service 3.0
RP731: 2/16/2011 3:00:16 AM - Software Distribution Service 3.0
RP732: 2/16/2011 3:25:32 AM - Software Distribution Service 3.0
RP733: 2/17/2011 3:25:08 AM - Software Distribution Service 3.0
RP734: 2/18/2011 3:25:21 AM - Software Distribution Service 3.0
RP735: 2/19/2011 3:25:21 AM - Software Distribution Service 3.0
RP736: 2/20/2011 2:19:20 AM - Software Distribution Service 3.0
RP737: 2/21/2011 3:07:25 AM - System Checkpoint
RP738: 2/21/2011 3:25:08 AM - Software Distribution Service 3.0
RP739: 2/22/2011 9:50:41 PM - System Checkpoint
RP740: 2/23/2011 10:47:16 PM - System Checkpoint
RP741: 2/25/2011 10:19:51 AM - System Checkpoint
RP742: 2/26/2011 7:52:03 PM - System Checkpoint
RP743: 2/28/2011 1:37:28 PM - System Checkpoint
RP744: 3/2/2011 10:16:25 AM - System Checkpoint
RP745: 3/3/2011 4:34:23 PM - System Checkpoint
RP746: 3/5/2011 10:26:26 AM - System Checkpoint
RP747: 3/6/2011 10:49:47 AM - System Checkpoint
RP748: 3/7/2011 3:23:24 PM - System Checkpoint
RP749: 3/10/2011 1:11:30 PM - System Checkpoint
RP750: 3/11/2011 2:40:26 PM - System Checkpoint
RP751: 3/12/2011 10:53:08 PM - System Checkpoint
RP752: 3/13/2011 11:35:02 PM - System Checkpoint
RP753: 3/15/2011 7:02:53 AM - System Checkpoint
RP754: 3/16/2011 10:47:54 PM - System Checkpoint
RP755: 3/17/2011 11:49:48 PM - System Checkpoint
RP756: 3/20/2011 1:03:12 AM - System Checkpoint
RP757: 3/29/2011 10:43:35 PM - System Checkpoint
RP758: 3/31/2011 10:45:11 PM - System Checkpoint
RP759: 4/2/2011 9:07:44 AM - System Checkpoint
RP760: 4/10/2011 9:46:01 PM - System Checkpoint
RP761: 4/12/2011 12:47:01 AM - System Checkpoint
RP762: 4/13/2011 1:01:29 AM - System Checkpoint
RP763: 4/15/2011 11:31:24 AM - System Checkpoint
.
==== Installed Programs ======================
.
AccompanEase
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
BellSouth Wireless Connection Tool
BellSouth Wireless LAN USB Adapter
Bonjour
BroadJump Client Foundation
Browser Enhancer
Calendar Creator 10
ClickArt® 300,000 Premier Image Pak
Compatibility Pack for the 2007 Office system
Corel MediaOne
Corel Paint Shop Pro Photo X2
Coupon Printer for Windows
CouponBar
Deep Zoom Composer
Dell ResourceCD
EMEA02
EPSON CardMonitor
EPSON PhotoCenter
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
EQ5
ESPR320 Reference Guide
EZ Fonts
Family Tree Maker 6.0
Fast Browser Search (My Tattoons)
FileOpen Client
FileZilla Client 3.3.5.1
Film Factory
GIMP 2.4.6
Google Chrome
Google Gears
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2100 series
hp psc 2100 series
ImageSkill Background Remover 3
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Connections Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 7
Kaleider 4.4
Little Mermaid II Return to the Sea
Logitech Vid HD
Logitech Webcam Software
McAfee SiteAdvisor
Media Go
Metafile Companion 1.10
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Blend 3
Microsoft Expression Blend 3 SDK
Microsoft Expression Design 3
Microsoft Expression Encoder 3
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Forefront Online Protection for Exchange Gateway
Microsoft FrontPage 2000
Microsoft Office XP Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 3 Toolkit November 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Paint Shop Pro 7
Photo Story 3 for Windows
Picasa 3
PlayStation(R)Network Downloader
PlayStation(R)Store
PlugLink 9650 Utility
QuickTime
QuiltAssistant
Rainlendar2 (remove only)
Scrapbook Flair
Search Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif PhotoPlus 6.0
Shape Collage
Skype Toolbars
Skype™ 5.1
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VoiceOver Kit
Wacom Tablet
WebFldrs XP
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinZip 12.1
WPF Toolkit June 2009 (Version 3.5.40619.1)
Yahoo! BrowserPlus
Yahoo! SiteBuilder
zFlick
.
==== Event Viewer Messages From Past Week ========
.
4/18/2011 2:48:32 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/18/2011 10:06:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1266.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/18/2011 10:06:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1266.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/18/2011 10:06:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1266.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/18/2011 10:06:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1266.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/18/2011 10:04:38 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1266.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion.
4/17/2011 10:04:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1266.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion.
4/16/2011 11:10:55 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/16/2011 10:08:59 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
4/16/2011 10:06:51 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1266.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion.
4/16/2011 10:05:51 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/15/2011 10:02:01 AM, error: Service Control Manager [7022] - The WebClient service hung on starting.
4/14/2011 10:26:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1266.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/13/2011 10:25:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1266.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/12/2011 10:25:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1266.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/11/2011 7:01:43 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.691.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/11/2011 6:33:49 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm
Advertisement
Register to Remove

Re: Please help!

Unread postby Gary R » April 19th, 2011, 1:36 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help!

Unread postby Gary R » April 19th, 2011, 1:58 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi AdaAlcove

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.

IMPORTANT Even if your symptoms disappear after running Combofix, there are further things that need doing on this machine.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help!

Unread postby AdaAlcove » April 19th, 2011, 6:43 am

Thanks - am backing up personal files. Have combo fix on desktop and shut down virus software. Will post log soon.
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby AdaAlcove » April 20th, 2011, 3:44 am

McAfee must be running somewhere, but was not showing under processes or applications on task manager. Decided to run ComboFix and take a chance. Here is the log. Thanks for helping.


ComboFix 11-04-19.02 - Owner 04/20/2011 2:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.526 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\Imkui
c:\documents and settings\Owner\Application Data\Imkui\cate.exe
c:\documents and settings\Owner\Application Data\Lebize
c:\documents and settings\Owner\Application Data\Lebize\ulokz.exe
c:\documents and settings\Owner\Recent\Thumbs.db
c:\documents and settings\Owner\WINDOWS
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchAssistant.dll
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\ToolBarBHO.dll
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\INSTALL.LOG
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\program files\SGPSA\SeARchassistant.dll
C:\Thumbs.db
c:\windows\imikucadicuv.dll
c:\windows\system\U32CFG.DLL
c:\windows\system32\Thumbs.db
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GOOGLEUPDATEBETA
.
.
((((((((((((((((((((((((( Files Created from 2011-03-20 to 2011-04-20 )))))))))))))))))))))))))))))))
.
.
2011-04-11 23:02 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F966D45C-E501-4077-935D-9D2256863069}\mpengine.dll
2011-04-11 22:46 . 2011-04-11 22:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2011-04-02 18:23 . 2011-04-02 18:23 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-01 01:52 . 2011-04-01 01:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-03-25 16:26 . 2011-03-25 16:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Logitech
2011-03-22 02:21 . 2011-03-22 02:21 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 12:41 . 2009-07-31 17:23 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-03-15 04:05 . 2010-12-17 16:16 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-26 03:05 . 2011-02-26 03:05 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2011-02-23 15:04 . 2011-03-04 14:01 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2011-03-04 14:01 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-03-04 14:02 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2011-03-04 14:02 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2011-03-04 14:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2011-03-04 14:02 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2011-03-04 14:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2011-03-04 14:02 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2011-03-04 14:02 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2011-03-04 14:02 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 22:11 . 2010-12-16 15:57 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44 . 2003-07-16 20:44 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86ef8bd1-47f3-4322-923f-f29cdf477eb0}]
2010-07-01 14:31 462848 ----a-w- c:\program files\CAJ Media\Browser Enhancer\adxloader.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 149024]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"C2kWep"="c:\program files\Netopia\C3kWEPn.exe" [2005-02-23 249856]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2006-03-10 543232]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
kuloof.exe [2011-3-8 242176]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Expression\\Web 3\\ExpressionWeb.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/4/2011 10:02 AM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/4/2011 10:02 AM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/4/2011 10:02 AM 19544]
R2 FopeGatewayService;Microsoft Forefront Online Protection for Exchange Gateway Management Service;c:\program files\Microsoft Forefront Online Protection for Exchange Gateway\Microsoft.Forefront.Server.EhsGatewayService.exe [10/2/2009 2:10 AM 55160]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [7/9/2009 4:18 PM 1373480]
R3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [7/7/2009 10:51 PM 17536]
S1 MpKsl11b7ff98;MpKsl11b7ff98;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKsl11b7ff98.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKsl11b7ff98.sys [?]
S1 MpKsl1e0b8786;MpKsl1e0b8786;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKsl1e0b8786.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKsl1e0b8786.sys [?]
S1 MpKsl67410063;MpKsl67410063;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKsl67410063.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKsl67410063.sys [?]
S1 MpKsl677e764f;MpKsl677e764f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C742587D-0259-404E-ACDB-3EC2D22258CD}\MpKsl677e764f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C742587D-0259-404E-ACDB-3EC2D22258CD}\MpKsl677e764f.sys [?]
S1 MpKsl72bbce1e;MpKsl72bbce1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKsl72bbce1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKsl72bbce1e.sys [?]
S1 MpKslbb40661c;MpKslbb40661c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F966D45C-E501-4077-935D-9D2256863069}\MpKslbb40661c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F966D45C-E501-4077-935D-9D2256863069}\MpKslbb40661c.sys [?]
S1 MpKslc72f6af2;MpKslc72f6af2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKslc72f6af2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKslc72f6af2.sys [?]
S1 MpKslcf4854a6;MpKslcf4854a6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6803D7C-5CFB-4CFC-BB33-D91AB4F1C10B}\MpKslcf4854a6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6803D7C-5CFB-4CFC-BB33-D91AB4F1C10B}\MpKslcf4854a6.sys [?]
S1 MpKsle7bfff81;MpKsle7bfff81;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKsle7bfff81.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B471C179-3317-48D2-96C5-7185D288A901}\MpKsle7bfff81.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2009 2:54 PM 133104]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\System32\PLCMPR5.SYS --> c:\windows\System32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [7/19/2009 9:25 PM 17280]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\drivers\swld23u.sys [7/7/2009 10:46 PM 82888]
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\drivers\swlubtl.sys [7/7/2009 10:46 PM 53690]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2009-10-08 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4247062429.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 18:53]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 18:53]
.
2011-04-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc1133.mail.yahoo.com/mc/welc ... 9kpqln8m81
mStart Page = hxxp://www.youcansearch.com
uInternet Connection Wizard,ShellNext = https://pbells.broadjump.com/wizlet/iw60/launch.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: plaxo.com\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://us.mc1147.mail.yahoo.com/mc/welc ... kfptfb1nok
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {6B31B409-EF8A-407F-8315-28E79CF30908} - c:\documents and settings\Owner\Local Settings\Application Data\{6B31B409-EF8A-407F-8315-28E79CF30908}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Sonic RecordNow! - (no file)
HKCU-Run-{40E0B0D5-50AA-C637-C6C4-B99B40B4F4AB} - c:\documents and settings\Owner\Application Data\Lebize\ulokz.exe
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-{F2C7D944-FD36-49EB-E988-4B40B4DA5EF5} - c:\documents and settings\Owner\Application Data\Imkui\cate.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-20 02:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo R320 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"????????????????????????????????4??????w???w @?w?? ?`?O??n?w>n?w?>B~??G~`?i???????B~??B~@???????O?????????????????????????D~??B~@???????o?B~??????????????B~????????????????????????????s??|????????`?i??????????????????:B~??B~?vB~@???????????<?????????????????&?????@???????4????IB~@???????????????????????????????T????JB~?????????????D????????????????C~??????????????C~????????8???????????`??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2632)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\System32\WTablet\Wacom_TabletUser.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2011-04-20 03:02:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-20 07:02
.
Pre-Run: 377,601,495,040 bytes free
Post-Run: 380,872,122,368 bytes free
.
- - End Of File - - 395B77581BDBA85D881BB18573DEE0C1
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby Gary R » April 20th, 2011, 6:04 am

Your logs show you have at least 2 anti-virus programs installed ....

avast! Free Antivirus
Microsoft Security Essentials

It is important you only have one anti-virus installed, more than one will cause conflicts and will reduce your protection not improve it.

I recommend you keep Microsoft Security Essentials and uninstall Avast.

It also looks as if you might have orphans from an old installation of McAfee installed on your computer .....

To uninstall McAfee properly
  • Download MCPR2.exe to your Desktop.
  • Double click MCPR2.exe to run it.
  • When prompted Reboot your computer. (Removal will not occur until you reboot).

Next

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help!

Unread postby AdaAlcove » April 20th, 2011, 9:39 am

Removed McAfee and Advast. Left Microsoft Essentials.
OTL Txt log


OTL logfile created on: 4/20/2011 9:27:13 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 284.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 354.57 Gb Free Space | 76.13% Space Free | Partition Type: NTFS
Drive F: | 1.90 Gb Total Space | 0.41 Gb Free Space | 21.54% Space Free | Partition Type: FAT
Drive G: | 465.65 Gb Total Space | 181.13 Gb Free Space | 38.90% Space Free | Partition Type: FAT32

Computer Name: DOLORES | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 09:18:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/03/25 12:17:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/10/02 02:10:58 | 000,055,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront Online Protection for Exchange Gateway\Microsoft.Forefront.Server.EhsGatewayService.exe
PRC - [2009/06/10 12:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/08/24 08:01:56 | 004,067,328 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2008/08/08 18:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2008/08/08 18:30:40 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/07 11:40:34 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 11:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/04/20 08:03:08 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
PRC - [2007/04/20 08:03:02 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
PRC - [2006/03/10 14:01:02 | 000,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BellSouthWCC\McciTrayApp.exe
PRC - [2005/02/23 11:44:10 | 000,249,856 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Netopia\C3kWEPn.exe
PRC - [2004/04/26 03:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE
PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 17:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/09 17:41:38 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2011/04/20 09:18:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/02 02:10:58 | 000,055,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront Online Protection for Exchange Gateway\Microsoft.Forefront.Server.EhsGatewayService.exe -- (FopeGatewayService)
SRV - [2007/09/07 11:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/04/20 08:03:02 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/20 08:57:18 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5935A250-F067-474E-8716-1D1AB915D08C}\MpKsl2761c9e1.sys -- (MpKsl2761c9e1)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/14 14:03:00 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 10:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/05/02 14:38:42 | 000,110,720 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/10 10:57:54 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NtpaSp50.sys -- (NTPASp50)
DRV - [2004/04/26 18:11:00 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)
DRV - [2003/12/17 16:58:08 | 000,082,888 | ---- | M] (SAMSUNG Electro-Mechanics Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swld23u.sys -- (SWLD23U)
DRV - [2003/08/28 19:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/05/02 17:26:18 | 000,053,690 | ---- | M] (Samsung Electro-Mechanics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swlubtl.sys -- (swlubtl)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\windows\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youcansearch.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc1133.mail.yahoo.com/mc/welc ... 9kpqln8m81
IE - HKU\S-1-5-21-746137067-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mc1147.mail.yahoo.com/mc/welcome?.gx=1&.tm=1299092829&.rand=2npkfptfb1nok"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44079
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {6B31B409-EF8A-407F-8315-28E79CF30908}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/10 14:48:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 08:44:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6B31B409-EF8A-407F-8315-28E79CF30908}: C:\Documents and Settings\Owner\Local Settings\Application Data\{6B31B409-EF8A-407F-8315-28E79CF30908} [2010/06/24 19:32:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 12:17:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 12:17:44 | 000,000,000 | ---D | M]

[2009/07/09 18:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/04/19 23:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions
[2010/04/28 13:12:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/21 08:54:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/02 08:28:55 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/03/02 08:28:56 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/03/26 12:33:34 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\personas@christopher.beard
[2011/03/26 12:33:19 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\piclens@cooliris.com
[2011/03/26 12:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\piclens@cooliris.com-trash
[2010/03/20 18:56:46 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\searchplugins\bing.xml
[2009/11/28 05:56:56 | 000,005,413 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\searchplugins\fast-browser-search.xml
[2011/04/19 23:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/01 18:38:25 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/07 07:30:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/27 19:23:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/06/24 19:32:44 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{6B31B409-EF8A-407F-8315-28E79CF30908}
[2010/03/06 08:44:00 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/01/30 22:36:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/02/21 21:04:19 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/12/01 14:52:13 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/04/20 02:53:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Browser Enhancer) - {86ef8bd1-47f3-4322-923f-f29cdf477eb0} - C:\Program Files\CAJ Media\Browser Enhancer\adxloader.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [C2kWep] C:\Program Files\Netopia\C3kWEPn.exe (Netopia, Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [{40E0B0D5-50AA-C637-C6C4-B99B40B4F4AB}] File not found
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [{F2C7D944-FD36-49EB-E988-4B40B4DA5EF5}] File not found
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [EPSON Stylus Photo R320 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [Sonic RecordNow!] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\kuloof.exe (OJHZAWMUB)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-492894223-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-746137067-492894223-725345543-1003\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 7652113531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 23:55:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/04/19 23:55:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/04/19 23:55:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/04/19 23:55:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/04/19 23:55:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/19 14:51:33 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/04/19 13:51:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/18 15:06:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/11 18:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2011/04/02 14:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/03/31 21:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/03/29 17:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2011/03/29 17:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Add-in Express
[2011/03/25 12:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Logitech
[2011/03/21 22:21:00 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\windows\System32\cpnprt2.cid
[7 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/20 09:02:18 | 000,000,424 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/04/20 08:58:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/20 08:56:26 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 08:56:14 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/20 08:56:11 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/20 08:49:55 | 000,002,577 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[2011/04/20 07:44:48 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/04/20 07:16:35 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2011/04/20 02:53:44 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/04/19 23:52:36 | 004,325,107 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/19 21:45:05 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2011/04/18 22:38:03 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
[2011/04/18 15:39:46 | 000,002,496 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/04/17 09:39:54 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft PowerPoint.lnk
[2011/04/13 11:56:06 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2011/04/10 20:08:20 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/04/06 15:05:09 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2011/04/06 11:20:53 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 07:56:41 | 000,476,758 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/04/02 07:54:13 | 000,192,320 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/04/02 07:23:37 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/03/30 05:01:08 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EQ5.lnk
[2011/03/28 13:00:40 | 000,016,759 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\timedout.jpg
[2011/03/28 11:25:32 | 001,037,023 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\5563585529_8d39200275_o.jpg
[2011/03/21 22:21:00 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\windows\System32\cpnprt2.cid
[7 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/19 23:55:30 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/04/19 23:55:30 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/04/19 23:55:30 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/04/19 23:55:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/04/19 23:55:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/04/19 06:26:55 | 004,325,107 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/15 09:56:56 | 000,258,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/02 14:23:46 | 000,002,496 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/04/02 07:56:41 | 000,476,758 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/04/02 07:54:13 | 000,192,320 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/04/02 07:23:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/03/30 05:01:08 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\EQ5.lnk
[2011/03/28 12:57:55 | 000,016,759 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\timedout.jpg
[2011/03/28 11:25:23 | 001,037,023 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\5563585529_8d39200275_o.jpg
[2011/03/07 21:25:53 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 19:39:42 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2011/01/12 20:49:48 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs
[2010/11/10 11:01:55 | 000,003,350 | ---- | C] () -- C:\windows\System32\KGyGaAvL.sys
[2010/10/13 03:04:02 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2010/08/11 16:33:27 | 000,089,588 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/07/27 03:57:27 | 000,000,000 | ---- | C] () -- C:\windows\ozicapaq.dll
[2010/07/27 01:55:27 | 000,000,000 | ---- | C] () -- C:\windows\ubagoheke.dll
[2010/07/26 23:53:27 | 000,000,000 | ---- | C] () -- C:\windows\asopunep.dll
[2010/07/26 19:49:06 | 000,000,000 | ---- | C] () -- C:\windows\asajiyerez.dll
[2010/07/26 17:47:06 | 000,000,000 | ---- | C] () -- C:\windows\ofupijaf.dll
[2010/07/26 15:45:27 | 000,000,000 | ---- | C] () -- C:\windows\uviwiqul.dll
[2010/07/26 13:43:06 | 000,000,000 | ---- | C] () -- C:\windows\ereluhuziqi.dll
[2010/07/26 11:41:06 | 000,000,000 | ---- | C] () -- C:\windows\oravehamirolu.dll
[2010/07/26 09:39:09 | 000,000,000 | ---- | C] () -- C:\windows\icukitub.dll
[2010/07/26 07:37:06 | 000,000,000 | ---- | C] () -- C:\windows\ijisicog.dll
[2010/07/26 05:35:27 | 000,000,000 | ---- | C] () -- C:\windows\ujevacuq.dll
[2010/07/26 03:33:06 | 000,000,000 | ---- | C] () -- C:\windows\ijuwanubilil.dll
[2010/07/26 01:31:06 | 000,000,000 | ---- | C] () -- C:\windows\imusecoq.dll
[2010/07/25 23:29:06 | 000,000,000 | ---- | C] () -- C:\windows\odagutudiwo.dll
[2010/07/25 21:27:27 | 000,000,000 | ---- | C] () -- C:\windows\oyabupov.dll
[2010/07/25 19:25:06 | 000,000,000 | ---- | C] () -- C:\windows\esuyuqidefa.dll
[2010/07/25 17:23:06 | 000,000,000 | ---- | C] () -- C:\windows\alumebope.dll
[2010/07/25 15:21:06 | 000,000,000 | ---- | C] () -- C:\windows\ogehocozis.dll
[2010/07/25 13:19:06 | 000,000,000 | ---- | C] () -- C:\windows\iveyunol.dll
[2010/07/25 11:17:06 | 000,000,000 | ---- | C] () -- C:\windows\ijudokezezocoh.dll
[2010/07/25 09:15:06 | 000,000,000 | ---- | C] () -- C:\windows\ivobicitaqun.dll
[2010/07/25 07:13:06 | 000,000,000 | ---- | C] () -- C:\windows\ilakohiyi.dll
[2010/07/25 05:11:27 | 000,000,000 | ---- | C] () -- C:\windows\eqadoqen.dll
[2010/07/25 03:09:27 | 000,000,000 | ---- | C] () -- C:\windows\oqohetiq.dll
[2010/07/25 01:07:06 | 000,000,000 | ---- | C] () -- C:\windows\iyucepepajo.dll
[2010/07/24 23:05:27 | 000,000,000 | ---- | C] () -- C:\windows\akalininozum.dll
[2010/07/24 21:03:06 | 000,000,000 | ---- | C] () -- C:\windows\opuvanoqiq.dll
[2010/07/24 19:03:05 | 000,000,000 | ---- | C] () -- C:\windows\igobupovi.dll
[2010/07/24 16:55:27 | 000,000,000 | ---- | C] () -- C:\windows\agiyuqidefayoqe.dll
[2010/07/24 14:53:06 | 000,000,000 | ---- | C] () -- C:\windows\izeziqowukaza.dll
[2010/07/24 12:51:06 | 000,000,000 | ---- | C] () -- C:\windows\ijiropifatu.dll
[2010/07/24 10:49:09 | 000,000,000 | ---- | C] () -- C:\windows\edoyunol.dll
[2010/07/24 08:47:27 | 000,000,000 | ---- | C] () -- C:\windows\ilenejob.dll
[2010/07/24 08:11:45 | 000,000,000 | ---- | C] () -- C:\windows\ojawafon.dll
[2010/07/24 06:09:45 | 000,000,000 | ---- | C] () -- C:\windows\upuxomodor.dll
[2010/07/24 04:07:45 | 000,000,000 | ---- | C] () -- C:\windows\ugovuroviloxegir.dll
[2010/07/24 02:05:45 | 000,000,000 | ---- | C] () -- C:\windows\ofukaxodem.dll
[2010/07/24 00:03:45 | 000,000,000 | ---- | C] () -- C:\windows\oxufizosowuwule.dll
[2010/07/23 22:02:09 | 000,000,000 | ---- | C] () -- C:\windows\usavolovo.dll
[2010/07/23 19:59:45 | 000,000,000 | ---- | C] () -- C:\windows\ifowiges.dll
[2010/07/23 17:58:06 | 000,000,000 | ---- | C] () -- C:\windows\usixezibeceri.dll
[2010/07/23 15:55:45 | 000,000,000 | ---- | C] () -- C:\windows\icogifinosobuz.dll
[2010/07/23 13:53:45 | 000,000,000 | ---- | C] () -- C:\windows\ovubiwey.dll
[2010/07/23 11:51:45 | 000,000,000 | ---- | C] () -- C:\windows\ekiyifeg.dll
[2010/07/23 09:49:45 | 000,000,000 | ---- | C] () -- C:\windows\uhizafitequwezan.dll
[2010/07/23 07:47:45 | 000,000,000 | ---- | C] () -- C:\windows\ifuhelicomepo.dll
[2010/07/23 05:45:45 | 000,000,000 | ---- | C] () -- C:\windows\ejuyizajova.dll
[2010/07/23 03:43:45 | 000,000,000 | ---- | C] () -- C:\windows\ojiguzele.dll
[2010/07/23 01:41:45 | 000,000,000 | ---- | C] () -- C:\windows\inebalep.dll
[2010/07/22 23:39:45 | 000,000,000 | ---- | C] () -- C:\windows\icorawaxozuvovep.dll
[2010/07/22 21:37:45 | 000,000,000 | ---- | C] () -- C:\windows\idinuresiqaquz.dll
[2010/07/22 19:36:06 | 000,000,000 | ---- | C] () -- C:\windows\iyepofev.dll
[2010/07/22 17:34:06 | 000,000,000 | ---- | C] () -- C:\windows\iricuwus.dll
[2010/07/22 15:31:45 | 000,000,000 | ---- | C] () -- C:\windows\ohijiles.dll
[2010/07/22 13:29:45 | 000,000,000 | ---- | C] () -- C:\windows\igopozanijudu.dll
[2010/07/22 11:27:45 | 000,000,000 | ---- | C] () -- C:\windows\awekolasihi.dll
[2010/07/22 09:26:10 | 000,000,000 | ---- | C] () -- C:\windows\ibidaribiy.dll
[2010/07/22 07:23:45 | 000,000,000 | ---- | C] () -- C:\windows\ehukiqaqoju.dll
[2010/07/22 05:21:45 | 000,000,000 | ---- | C] () -- C:\windows\idirifucipisozoq.dll
[2010/07/22 03:19:45 | 000,000,000 | ---- | C] () -- C:\windows\uxasiwojiy.dll
[2010/07/22 01:17:45 | 000,000,000 | ---- | C] () -- C:\windows\iqaperul.dll
[2010/07/21 23:15:45 | 000,000,000 | ---- | C] () -- C:\windows\eribazuko.dll
[2010/07/21 21:13:45 | 000,000,000 | ---- | C] () -- C:\windows\ebisesoxikayisu.dll
[2010/07/21 19:12:06 | 000,000,000 | ---- | C] () -- C:\windows\erugosulizego.dll
[2010/07/21 17:09:45 | 000,000,000 | ---- | C] () -- C:\windows\acuwuzozawu.dll
[2010/07/21 15:07:45 | 000,000,000 | ---- | C] () -- C:\windows\ajecafof.dll
[2010/07/21 13:05:45 | 000,000,000 | ---- | C] () -- C:\windows\ugeteriw.dll
[2010/07/21 11:03:45 | 000,000,000 | ---- | C] () -- C:\windows\egubowinewunozab.dll
[2010/07/21 09:01:45 | 000,000,000 | ---- | C] () -- C:\windows\afasufiyas.dll
[2010/07/21 06:59:45 | 000,000,000 | ---- | C] () -- C:\windows\usedusib.dll
[2010/07/21 04:57:45 | 000,000,000 | ---- | C] () -- C:\windows\esahilono.dll
[2010/07/21 02:55:45 | 000,000,000 | ---- | C] () -- C:\windows\alokizicesojolo.dll
[2010/07/21 00:53:45 | 000,000,000 | ---- | C] () -- C:\windows\ukuqoseje.dll
[2010/07/20 22:52:06 | 000,000,000 | ---- | C] () -- C:\windows\ucupixoxiwakev.dll
[2010/07/20 20:49:45 | 000,000,000 | ---- | C] () -- C:\windows\avurewer.dll
[2010/07/20 18:47:45 | 000,000,000 | ---- | C] () -- C:\windows\okodifex.dll
[2010/07/20 16:46:06 | 000,000,000 | ---- | C] () -- C:\windows\ehohafileyocozof.dll
[2010/07/20 14:44:06 | 000,000,000 | ---- | C] () -- C:\windows\aderasewisura.dll
[2010/07/20 12:41:45 | 000,000,000 | ---- | C] () -- C:\windows\utulevef.dll
[2010/07/20 10:39:45 | 000,000,000 | ---- | C] () -- C:\windows\usumesaw.dll
[2010/07/20 08:37:45 | 000,000,000 | ---- | C] () -- C:\windows\amikalegetekola.dll
[2010/07/20 06:36:06 | 000,000,000 | ---- | C] () -- C:\windows\abayuwamoxobuzog.dll
[2010/07/20 04:33:45 | 000,000,000 | ---- | C] () -- C:\windows\iyotafabiz.dll
[2010/07/20 02:31:45 | 000,000,000 | ---- | C] () -- C:\windows\awowiman.dll
[2010/07/20 00:29:45 | 000,000,000 | ---- | C] () -- C:\windows\urolurac.dll
[2010/07/19 22:27:45 | 000,000,000 | ---- | C] () -- C:\windows\uxatuzuhovehula.dll
[2010/07/19 20:26:06 | 000,000,000 | ---- | C] () -- C:\windows\ugobezaxeqeta.dll
[2010/07/19 18:23:45 | 000,007,916 | ---- | C] () -- C:\windows\uxiyisuk.dll
[2010/07/18 22:14:13 | 000,000,000 | ---- | C] () -- C:\windows\ifecukalibiki.dll
[2010/07/18 20:10:52 | 000,000,000 | ---- | C] () -- C:\windows\atisuvarukurur.dll
[2010/07/18 18:08:52 | 000,000,000 | ---- | C] () -- C:\windows\iyipopeg.dll
[2010/07/18 16:07:13 | 000,000,000 | ---- | C] () -- C:\windows\eseridas.dll
[2010/07/18 14:04:52 | 000,000,000 | ---- | C] () -- C:\windows\ecedovugiyar.dll
[2010/07/18 12:02:52 | 000,000,000 | ---- | C] () -- C:\windows\ebivekanugazi.dll
[2010/07/18 10:01:13 | 000,000,000 | ---- | C] () -- C:\windows\ivewefokibo.dll
[2010/07/18 07:59:00 | 000,000,000 | ---- | C] () -- C:\windows\avasikun.dll
[2010/07/18 05:56:54 | 000,000,000 | ---- | C] () -- C:\windows\eruvakad.dll
[2010/07/18 03:55:15 | 000,000,000 | ---- | C] () -- C:\windows\efebavukubonerav.dll
[2010/07/18 01:53:13 | 000,000,000 | ---- | C] () -- C:\windows\eqisedoxiyetuk.dll
[2010/07/17 23:50:52 | 000,000,000 | ---- | C] () -- C:\windows\exuzodul.dll
[2010/07/17 21:49:13 | 000,000,000 | ---- | C] () -- C:\windows\etaruvoz.dll
[2010/07/17 19:47:13 | 000,000,000 | ---- | C] () -- C:\windows\aceyajofoyejeji.dll
[2010/07/17 17:45:13 | 000,000,000 | ---- | C] () -- C:\windows\abeqariwitatu.dll
[2010/07/17 15:42:52 | 000,000,000 | ---- | C] () -- C:\windows\eyobokogike.dll
[2010/07/17 13:41:13 | 000,000,000 | ---- | C] () -- C:\windows\awuyoxiy.dll
[2010/07/17 11:38:52 | 000,000,000 | ---- | C] () -- C:\windows\ohadudib.dll
[2010/07/17 09:37:16 | 000,000,000 | ---- | C] () -- C:\windows\egahidonokecikot.dll
[2010/07/17 07:34:52 | 000,000,000 | ---- | C] () -- C:\windows\azuciviciduhak.dll
[2010/07/17 05:32:52 | 000,000,000 | ---- | C] () -- C:\windows\ujutodejexijokiq.dll
[2010/07/17 03:31:13 | 000,000,000 | ---- | C] () -- C:\windows\atapejoxi.dll
[2010/07/17 01:29:13 | 000,000,000 | ---- | C] () -- C:\windows\alukikikodurexu.dll
[2010/07/16 23:27:13 | 000,000,000 | ---- | C] () -- C:\windows\udolexexexivu.dll
[2010/07/16 21:24:52 | 000,000,000 | ---- | C] () -- C:\windows\ogefozuzifowasi.dll
[2010/07/16 19:23:13 | 000,000,000 | ---- | C] () -- C:\windows\uwuradew.dll
[2010/07/16 17:20:52 | 000,000,000 | ---- | C] () -- C:\windows\upalepix.dll
[2010/07/16 15:18:52 | 000,000,000 | ---- | C] () -- C:\windows\obofedawevev.dll
[2010/07/16 13:17:13 | 000,000,000 | ---- | C] () -- C:\windows\abokudegemidar.dll
[2010/07/16 11:14:52 | 000,000,000 | ---- | C] () -- C:\windows\onusuram.dll
[2010/07/16 09:13:13 | 000,000,000 | ---- | C] () -- C:\windows\otumejab.dll
[2010/07/16 07:11:34 | 000,000,000 | ---- | C] () -- C:\windows\unewixanimifixe.dll
[2010/07/16 05:09:13 | 000,000,000 | ---- | C] () -- C:\windows\ufilukacegala.dll
[2010/07/16 03:06:52 | 000,000,000 | ---- | C] () -- C:\windows\osoqovabup.dll
[2010/07/16 01:04:52 | 000,000,000 | ---- | C] () -- C:\windows\uyibevax.dll
[2010/07/15 23:02:52 | 000,000,000 | ---- | C] () -- C:\windows\osiyeluk.dll
[2010/07/15 21:00:52 | 000,000,000 | ---- | C] () -- C:\windows\ocimopajeboy.dll
[2010/07/15 18:58:52 | 000,000,000 | ---- | C] () -- C:\windows\ivujoxodokake.dll
[2010/07/15 16:57:13 | 000,000,000 | ---- | C] () -- C:\windows\uvekaxuwena.dll
[2010/07/15 14:54:52 | 000,000,000 | ---- | C] () -- C:\windows\ojiqerof.dll
[2010/07/15 12:53:13 | 000,000,000 | ---- | C] () -- C:\windows\igenojowaye.dll
[2010/07/15 10:50:53 | 000,000,000 | ---- | C] () -- C:\windows\ayexayotik.dll
[2010/07/15 09:08:18 | 000,000,000 | ---- | C] () -- C:\windows\efalejac.dll
[2010/07/15 07:06:35 | 000,000,000 | ---- | C] () -- C:\windows\epakuhoxajedec.dll
[2010/07/15 05:04:14 | 000,000,000 | ---- | C] () -- C:\windows\upaduqir.dll
[2010/07/15 03:02:14 | 000,000,000 | ---- | C] () -- C:\windows\obuxuhij.dll
[2010/07/15 01:00:14 | 000,000,000 | ---- | C] () -- C:\windows\oteganidesugune.dll
[2010/07/14 22:58:14 | 000,000,000 | ---- | C] () -- C:\windows\unalonor.dll
[2010/07/14 20:56:35 | 000,000,000 | ---- | C] () -- C:\windows\ulexucem.dll
[2010/07/14 18:54:14 | 000,000,000 | ---- | C] () -- C:\windows\ifogojer.dll
[2010/07/14 16:53:41 | 000,000,000 | ---- | C] () -- C:\windows\apugilim.dll
[2010/06/24 19:32:45 | 000,009,850 | ---- | C] () -- C:\windows\Pgujafisequpali.dat
[2010/06/24 19:32:45 | 000,000,000 | ---- | C] () -- C:\windows\Mfapebiwe.bin
[2010/06/22 21:14:04 | 000,000,315 | ---- | C] () -- C:\windows\EReg515.dat
[2010/06/22 20:27:35 | 000,001,373 | ---- | C] () -- C:\windows\disney.ini
[2010/05/20 18:15:43 | 000,000,056 | ---- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/02/23 00:04:33 | 000,000,063 | ---- | C] () -- C:\windows\mdm.ini
[2010/01/27 17:50:42 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2009/12/28 17:07:53 | 000,000,037 | ---- | C] () -- C:\windows\marscam.ini
[2009/10/07 20:27:28 | 000,010,240 | ---- | C] () -- C:\windows\System32\vidx16.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll
[2009/08/27 20:07:25 | 000,000,074 | ---- | C] () -- C:\windows\MPLAYER.INI
[2009/07/31 13:23:10 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F0F92D9D8F.sys
[2009/07/31 13:23:09 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/07/31 13:11:59 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2009/07/20 20:13:04 | 000,004,272 | ---- | C] () -- C:\windows\System32\drivers\bvrp_pci.sys
[2009/07/19 21:25:43 | 000,213,054 | ---- | C] () -- C:\windows\System32\AsokaPLC16.dll
[2009/07/12 15:13:26 | 000,000,406 | ---- | C] () -- C:\windows\MSREGUSR.INI
[2009/07/09 18:33:14 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/07/08 13:23:23 | 001,294,336 | ---- | C] () -- C:\windows\System32\MGIIpl2A6.dll
[2009/07/08 13:23:23 | 001,261,568 | ---- | C] () -- C:\windows\System32\MGIIpl2M6.dll
[2009/07/08 13:23:23 | 001,228,800 | ---- | C] () -- C:\windows\System32\MGIIpl2M5.dll
[2009/07/08 13:23:23 | 001,105,920 | ---- | C] () -- C:\windows\System32\MGIIpl2P6.dll
[2009/07/08 13:23:22 | 001,052,672 | ---- | C] () -- C:\windows\System32\MGIIpl2P5.dll
[2009/07/08 13:23:10 | 000,000,002 | ---- | C] () -- C:\windows\PhotoSuite.ini
[2009/07/08 13:23:07 | 001,093,632 | ---- | C] () -- C:\windows\System32\MGIIpl2PX.dll
[2009/07/08 13:23:07 | 000,122,880 | ---- | C] () -- C:\windows\System32\JPEGLIB.DLL
[2009/07/08 13:23:07 | 000,122,880 | ---- | C] () -- C:\windows\System32\EnrouteStitch.dll
[2009/07/08 13:23:07 | 000,020,480 | ---- | C] () -- C:\windows\System32\MGIIpl2.dll
[2009/07/08 13:23:07 | 000,019,968 | ---- | C] () -- C:\windows\System32\CPUINF32.DLL
[2009/07/08 13:23:06 | 000,332,800 | ---- | C] () -- C:\windows\System32\FPXLIB.DLL
[2009/07/08 10:56:16 | 000,000,138 | ---- | C] () -- C:\windows\wininit.ini
[2009/07/08 10:43:32 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/07/08 10:33:37 | 000,013,024 | ---- | C] () -- C:\windows\tabinst.dll
[2009/07/08 10:33:37 | 000,004,032 | ---- | C] () -- C:\windows\tabins16.dll
[2009/07/08 10:23:40 | 000,032,200 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2009/07/08 10:23:40 | 000,020,910 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2009/07/08 10:23:40 | 000,020,869 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2009/07/08 10:23:40 | 000,000,022 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2009/07/08 10:19:18 | 000,000,058 | ---- | C] () -- C:\windows\System32\EAL32.INI
[2009/07/08 10:19:11 | 000,000,044 | ---- | C] () -- C:\windows\EPSPR320.ini
[2009/07/08 10:05:21 | 000,018,179 | ---- | C] () -- C:\windows\hpoins01.dat
[2009/07/08 10:05:21 | 000,016,606 | ---- | C] () -- C:\windows\hpomdl01.dat
[2009/07/07 22:43:14 | 000,086,016 | ---- | C] () -- C:\windows\System32\BJInstaller.dll
[2009/07/07 22:43:14 | 000,040,448 | ---- | C] () -- C:\windows\System32\BJAXSecurityManager.dll
[2009/07/07 21:38:17 | 000,006,048 | ---- | C] () -- C:\windows\System32\MCC16.dll
[2009/07/07 21:18:46 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/07 21:13:35 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2009/07/07 17:09:47 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/07/07 17:09:01 | 003,649,552 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\windows\System32\PSIService.exe
[2003/08/14 03:13:23 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\windows\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2003/07/16 16:41:25 | 000,442,608 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,072,238 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\windows\System32\hpotscl.dll
[2002/12/11 19:19:34 | 000,708,608 | ---- | C] () -- C:\windows\System32\ltcry13n.dll
[2002/12/11 19:19:34 | 000,147,456 | ---- | C] () -- C:\windows\System32\lttls13n.dll
[2001/10/12 11:58:20 | 000,028,672 | ---- | C] () -- C:\windows\System32\mr310exd.dll
[2001/10/12 11:57:18 | 000,036,864 | ---- | C] () -- C:\windows\System32\mr310exv.dll
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\windows\System32\lfkodak.dll
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\windows\System32\lffpx7.dll

========== LOP Check ==========

[2011/04/20 08:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/07/08 10:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/11/16 19:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2011/02/04 12:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/06/06 17:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaleider
[2009/07/07 22:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/01/11 21:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/14 09:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/07 09:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/07 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/26 02:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\FileOpen
[2009/11/22 22:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/02/23 20:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2011/01/12 23:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/17 09:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreInternetUtility
[2009/10/07 20:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EuroTalk
[2011/02/04 12:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen
[2011/03/31 09:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2011/01/24 16:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/10/12 21:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ilik
[2010/06/06 17:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kaleider
[2009/07/08 10:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/03/16 10:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Piizi
[2010/11/29 16:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuiltAssistant
[2011/01/20 18:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RMS
[2011/03/02 20:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smilebox
[2011/01/30 23:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2011/01/26 17:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/10/08 10:14:22 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1247062429.job
[2011/04/20 09:02:18 | 000,000,424 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC3DB898

< End of report >
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby AdaAlcove » April 20th, 2011, 9:40 am

Extras.Txt log

OTL Extras logfile created on: 4/20/2011 9:27:13 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 284.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 354.57 Gb Free Space | 76.13% Space Free | Partition Type: NTFS
Drive F: | 1.90 Gb Total Space | 0.41 Gb Free Space | 21.54% Space Free | Partition Type: FAT
Drive G: | 465.65 Gb Total Space | 181.13 Gb Free Space | 38.90% Space Free | Partition Type: FAT32

Computer Name: DOLORES | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Expression\Web 3\ExpressionWeb.exe" = C:\Program Files\Microsoft Expression\Web 3\ExpressionWeb.exe:*:Enabled:Microsoft Expression Web 3 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{157616FE-1A3B-4B74-90AF-56ACA3824390}" = Microsoft Forefront Online Protection for Exchange Gateway
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}" = Scrapbook Flair
"{23E4A9D2-3C02-4BFC-B9BA-6CA6180568EF}" = Browser Enhancer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3E421598-0E2D-4272-8734-3E2A0FF662EB}" = Deep Zoom Composer
"{3EA86486-E94C-49E1-831A-4974B06C1D9B}" = Microsoft Silverlight 3 Toolkit November 2009
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = hp psc 2100 series
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{949460AD-3C77-44FD-8D78-BF605EF28114}" = EMEA02
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD6ACA58-30FE-4336-A5B0-461FD60AF727}" = FileOpen Client
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}" = Media Go
"{C8CE30F9-CBD0-43B1-BFD3-B18F55A48827}" = Calendar Creator 10
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D76E927F-E292-434B-9661-3858F5D7BF63}" = EPSON PhotoCenter
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D7FB76C8-3A76-49A1-B1A4-C686E4B067B9}" = BellSouth Wireless LAN USB Adapter
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F73340A9-8AA9-49C4-937E-E271B837056C}" = Microsoft Expression Encoder 3
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FDCB0CA0-E96B-C312-0AE3-0E33DE2F3348}" = zFlick
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"10CB2083F7325ECF7648ED6DB0E2392F905A2829" = Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)
"AccompanEase" = AccompanEase
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BellSouth Wireless Connection Tool" = BellSouth Wireless Connection Tool
"Blend_3.0.1927.0" = Microsoft Expression Blend 3
"BroadJump Client Foundation" = BroadJump Client Foundation
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClickArt 300,000 Premier Image Pak 1.0" = ClickArt® 300,000 Premier Image Pak
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.example.assets.BF8C6DE3BF2EC0B079B9A373AE538EADAB49A61B.1" = zFlick
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"EPSON Printer and Utilities" = EPSON Printer Software
"EQ5" = EQ5
"Family Tree Maker" = Family Tree Maker 6.0
"FileZilla Client" = FileZilla Client 3.3.5.1
"Film Factory" = Film Factory
"Google Chrome" = Google Chrome
"HP PSC 2100 Series" = HP Photo and Imaging 2.0 - hp psc 2100 series
"ie8" = Windows Internet Explorer 8
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3
"Kaleider_is1" = Kaleider 4.4
"Little Mermaid II" = Little Mermaid II Return to the Sea
"Logitech Vid" = Logitech Vid HD
"Metafile Companion 1.10" = Metafile Companion 1.10
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"PlugLink 9650 Utility" = PlugLink 9650 Utility
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuiltAssist" = QuiltAssistant
"Rainlendar2" = Rainlendar2 (remove only)
"Search Toolbar" = Search Toolbar
"ShapeCollage" = Shape Collage
"Silent Package Run-Time Sample" = ESPR320 Reference Guide
"TTB000001.TTB000001Toolbar" = CouponBar
"Wacom Tablet Driver" = Wacom Tablet
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2011 4:41:42 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/19/2011 5:12:49 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/19/2011 5:43:55 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/19/2011 6:15:04 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/19/2011 6:46:18 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/19/2011 10:15:13 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>
with error: The connection with the server was terminated abnormally

Error - 4/19/2011 10:15:13 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>
with error: This network connection does not exist.

Error - 4/19/2011 11:15:55 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/19/2011 11:15:56 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/19/2011 2:58:44 PM | Computer Name = DOLORES | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 4/18/2011 2:50:16 PM | Computer Name = DOLORES | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 4/18/2011 2:50:49 PM | Computer Name = DOLORES | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 4/18/2011 2:55:48 PM | Computer Name = DOLORES | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/19/2011 1:50:45 PM | Computer Name = DOLORES | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/19/2011 2:58:44 PM | Computer Name = DOLORES | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1266.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally

Error - 4/19/2011 2:58:58 PM | Computer Name = DOLORES | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1266.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not
enough storage is available to process this command.

Error - 4/19/2011 2:58:58 PM | Computer Name = DOLORES | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1266.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not
enough storage is available to process this command.

Error - 4/19/2011 2:58:59 PM | Computer Name = DOLORES | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1266.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not
enough storage is available to process this command.

Error - 4/19/2011 2:58:59 PM | Computer Name = DOLORES | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1266.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not
enough storage is available to process this command.

Error - 4/20/2011 2:23:18 AM | Computer Name = DOLORES | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby AdaAlcove » April 20th, 2011, 9:46 am

TDSSKiller Log

2011/04/20 09:42:52.0765 3084 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/20 09:42:52.0937 3084 ================================================================================
2011/04/20 09:42:52.0937 3084 SystemInfo:
2011/04/20 09:42:52.0937 3084
2011/04/20 09:42:52.0937 3084 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/20 09:42:52.0937 3084 Product type: Workstation
2011/04/20 09:42:52.0937 3084 ComputerName: DOLORES
2011/04/20 09:42:52.0937 3084 UserName: Owner
2011/04/20 09:42:52.0937 3084 Windows directory: C:\windows
2011/04/20 09:42:52.0937 3084 System windows directory: C:\windows
2011/04/20 09:42:52.0937 3084 Processor architecture: Intel x86
2011/04/20 09:42:52.0937 3084 Number of processors: 1
2011/04/20 09:42:52.0937 3084 Page size: 0x1000
2011/04/20 09:42:52.0937 3084 Boot type: Normal boot
2011/04/20 09:42:52.0937 3084 ================================================================================
2011/04/20 09:42:56.0609 3084 Initialize success
2011/04/20 09:43:00.0140 3396 ================================================================================
2011/04/20 09:43:00.0140 3396 Scan started
2011/04/20 09:43:00.0140 3396 Mode: Manual;
2011/04/20 09:43:00.0140 3396 ================================================================================
2011/04/20 09:43:00.0500 3396 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
2011/04/20 09:43:00.0562 3396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
2011/04/20 09:43:00.0671 3396 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\windows\system32\drivers\aeaudio.sys
2011/04/20 09:43:00.0734 3396 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
2011/04/20 09:43:00.0796 3396 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys
2011/04/20 09:43:01.0125 3396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
2011/04/20 09:43:01.0187 3396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
2011/04/20 09:43:01.0265 3396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
2011/04/20 09:43:01.0343 3396 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
2011/04/20 09:43:01.0390 3396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
2011/04/20 09:43:01.0453 3396 bvrp_pci (c915a416f265149471d74e0815c928b2) C:\windows\System32\drivers\bvrp_pci.sys
2011/04/20 09:43:01.0765 3396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
2011/04/20 09:43:01.0812 3396 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
2011/04/20 09:43:01.0921 3396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
2011/04/20 09:43:01.0968 3396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
2011/04/20 09:43:02.0031 3396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
2011/04/20 09:43:02.0281 3396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
2011/04/20 09:43:02.0359 3396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
2011/04/20 09:43:02.0406 3396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys
2011/04/20 09:43:02.0437 3396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
2011/04/20 09:43:02.0484 3396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
2011/04/20 09:43:02.0562 3396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
2011/04/20 09:43:02.0625 3396 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\windows\system32\drivers\drvmcdb.sys
2011/04/20 09:43:02.0687 3396 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\windows\system32\drivers\drvnddm.sys
2011/04/20 09:43:02.0750 3396 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\windows\system32\DRIVERS\e100b325.sys
2011/04/20 09:43:02.0812 3396 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
2011/04/20 09:43:02.0859 3396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
2011/04/20 09:43:02.0921 3396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
2011/04/20 09:43:02.0937 3396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys
2011/04/20 09:43:03.0015 3396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
2011/04/20 09:43:03.0046 3396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
2011/04/20 09:43:03.0125 3396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
2011/04/20 09:43:03.0171 3396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/20 09:43:03.0218 3396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
2011/04/20 09:43:03.0265 3396 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
2011/04/20 09:43:03.0359 3396 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\windows\system32\DRIVERS\HPZid412.sys
2011/04/20 09:43:03.0390 3396 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\windows\system32\DRIVERS\HPZipr12.sys
2011/04/20 09:43:03.0421 3396 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\windows\system32\DRIVERS\HPZius12.sys
2011/04/20 09:43:03.0484 3396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
2011/04/20 09:43:03.0593 3396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\drivers\i8042prt.sys
2011/04/20 09:43:03.0656 3396 ialm (1406d6ef4436aee970efe13193123965) C:\windows\system32\DRIVERS\ialmnt5.sys
2011/04/20 09:43:03.0703 3396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
2011/04/20 09:43:03.0812 3396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys
2011/04/20 09:43:03.0875 3396 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
2011/04/20 09:43:03.0921 3396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/04/20 09:43:03.0968 3396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
2011/04/20 09:43:04.0000 3396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
2011/04/20 09:43:04.0078 3396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
2011/04/20 09:43:04.0125 3396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
2011/04/20 09:43:04.0171 3396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys
2011/04/20 09:43:04.0203 3396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys
2011/04/20 09:43:04.0234 3396 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys
2011/04/20 09:43:04.0265 3396 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
2011/04/20 09:43:04.0359 3396 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
2011/04/20 09:43:04.0468 3396 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/20 09:43:04.0531 3396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
2011/04/20 09:43:04.0562 3396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys
2011/04/20 09:43:04.0609 3396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys
2011/04/20 09:43:04.0656 3396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
2011/04/20 09:43:04.0718 3396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
2011/04/20 09:43:04.0781 3396 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\windows\system32\DRIVERS\MpFilter.sys
2011/04/20 09:43:04.0937 3396 MpKsl2761c9e1 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5935A250-F067-474E-8716-1D1AB915D08C}\MpKsl2761c9e1.sys
2011/04/20 09:43:05.0140 3396 MR97310_USB_DUAL_CAMERA (2d5990203cb98b7dfd13d73d71c48028) C:\windows\system32\DRIVERS\mr97310c.sys
2011/04/20 09:43:05.0218 3396 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/04/20 09:43:05.0234 3396 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/04/20 09:43:05.0281 3396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
2011/04/20 09:43:05.0390 3396 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/04/20 09:43:05.0484 3396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
2011/04/20 09:43:05.0531 3396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
2011/04/20 09:43:05.0562 3396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/04/20 09:43:05.0578 3396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
2011/04/20 09:43:05.0625 3396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
2011/04/20 09:43:05.0656 3396 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
2011/04/20 09:43:05.0718 3396 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys
2011/04/20 09:43:05.0765 3396 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
2011/04/20 09:43:05.0859 3396 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
2011/04/20 09:43:05.0890 3396 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
2011/04/20 09:43:05.0921 3396 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys
2011/04/20 09:43:05.0953 3396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
2011/04/20 09:43:05.0984 3396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
2011/04/20 09:43:06.0046 3396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
2011/04/20 09:43:06.0109 3396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
2011/04/20 09:43:06.0187 3396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
2011/04/20 09:43:06.0296 3396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
2011/04/20 09:43:06.0343 3396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
2011/04/20 09:43:06.0421 3396 NTPASp50 (71cb7616cb36d43ea787c41ab55fe458) C:\windows\system32\Drivers\NTPASp50.sys
2011/04/20 09:43:06.0468 3396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
2011/04/20 09:43:06.0500 3396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
2011/04/20 09:43:06.0515 3396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
2011/04/20 09:43:06.0562 3396 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\windows\SYSTEM32\DRIVERS\OMCI.SYS
2011/04/20 09:43:06.0609 3396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys
2011/04/20 09:43:06.0671 3396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
2011/04/20 09:43:06.0718 3396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
2011/04/20 09:43:06.0781 3396 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys
2011/04/20 09:43:06.0828 3396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
2011/04/20 09:43:06.0859 3396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys
2011/04/20 09:43:07.0125 3396 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\windows\system32\DRIVERS\LV302V32.SYS
2011/04/20 09:43:07.0250 3396 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) C:\windows\System32\PLCNDIS5.SYS
2011/04/20 09:43:07.0312 3396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
2011/04/20 09:43:07.0375 3396 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\windows\system32\DRIVERS\processr.sys
2011/04/20 09:43:07.0406 3396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
2011/04/20 09:43:07.0453 3396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
2011/04/20 09:43:07.0484 3396 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\windows\system32\DRIVERS\PxHelp20.sys
2011/04/20 09:43:07.0640 3396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
2011/04/20 09:43:07.0687 3396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/04/20 09:43:07.0718 3396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
2011/04/20 09:43:07.0734 3396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
2011/04/20 09:43:07.0812 3396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
2011/04/20 09:43:07.0859 3396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/04/20 09:43:07.0906 3396 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys
2011/04/20 09:43:07.0968 3396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys
2011/04/20 09:43:08.0046 3396 RT73 (da4980fad2b7d86d6ed8e35e3874f65e) C:\windows\system32\DRIVERS\rt73.sys
2011/04/20 09:43:08.0125 3396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
2011/04/20 09:43:08.0171 3396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
2011/04/20 09:43:08.0234 3396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys
2011/04/20 09:43:08.0296 3396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
2011/04/20 09:43:08.0375 3396 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
2011/04/20 09:43:08.0437 3396 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\windows\system32\drivers\smwdm.sys
2011/04/20 09:43:08.0500 3396 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\windows\system32\DRIVERS\SONYPVU1.SYS
2011/04/20 09:43:08.0562 3396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
2011/04/20 09:43:08.0625 3396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys
2011/04/20 09:43:08.0703 3396 Srv (0f6aefad3641a657e18081f52d0c15af) C:\windows\system32\DRIVERS\srv.sys
2011/04/20 09:43:08.0750 3396 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\windows\system32\drivers\sscdbhk5.sys
2011/04/20 09:43:08.0796 3396 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\windows\system32\drivers\ssrtln.sys
2011/04/20 09:43:08.0843 3396 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
2011/04/20 09:43:08.0890 3396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
2011/04/20 09:43:08.0937 3396 SWLD23U (1ec513697ef612dcd38fb99271d92398) C:\windows\system32\DRIVERS\SWLD23U.sys
2011/04/20 09:43:08.0984 3396 swlubtl (115f988b94c6285b0073e88867af2ab0) C:\windows\system32\Drivers\swlubtl.sys
2011/04/20 09:43:09.0015 3396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
2011/04/20 09:43:09.0156 3396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
2011/04/20 09:43:09.0265 3396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
2011/04/20 09:43:09.0312 3396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
2011/04/20 09:43:09.0343 3396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
2011/04/20 09:43:09.0500 3396 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
2011/04/20 09:43:09.0625 3396 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\windows\system32\dla\tfsnboio.sys
2011/04/20 09:43:09.0640 3396 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\windows\system32\dla\tfsncofs.sys
2011/04/20 09:43:09.0671 3396 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\windows\system32\dla\tfsndrct.sys
2011/04/20 09:43:09.0703 3396 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\windows\system32\dla\tfsndres.sys
2011/04/20 09:43:09.0718 3396 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\windows\system32\dla\tfsnifs.sys
2011/04/20 09:43:09.0750 3396 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\windows\system32\dla\tfsnopio.sys
2011/04/20 09:43:09.0765 3396 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\windows\system32\dla\tfsnpool.sys
2011/04/20 09:43:09.0812 3396 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\windows\system32\dla\tfsnudf.sys
2011/04/20 09:43:09.0875 3396 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\windows\system32\dla\tfsnudfa.sys
2011/04/20 09:43:09.0953 3396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
2011/04/20 09:43:10.0046 3396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
2011/04/20 09:43:10.0125 3396 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\windows\system32\Drivers\usbaapl.sys
2011/04/20 09:43:10.0171 3396 usbaudio (e919708db44ed8543a7c017953148330) C:\windows\system32\drivers\usbaudio.sys
2011/04/20 09:43:10.0234 3396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
2011/04/20 09:43:10.0296 3396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
2011/04/20 09:43:10.0343 3396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
2011/04/20 09:43:10.0359 3396 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
2011/04/20 09:43:10.0390 3396 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
2011/04/20 09:43:10.0421 3396 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/04/20 09:43:10.0468 3396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
2011/04/20 09:43:10.0515 3396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
2011/04/20 09:43:10.0609 3396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys
2011/04/20 09:43:10.0656 3396 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\windows\system32\DRIVERS\wacommousefilter.sys
2011/04/20 09:43:10.0718 3396 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\windows\system32\DRIVERS\wacomvhid.sys
2011/04/20 09:43:10.0734 3396 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\windows\system32\DRIVERS\WacomVKHid.sys
2011/04/20 09:43:10.0765 3396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/20 09:43:10.0828 3396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
2011/04/20 09:43:10.0968 3396 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
2011/04/20 09:43:11.0015 3396 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
2011/04/20 09:43:11.0046 3396 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
2011/04/20 09:43:11.0140 3396 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\windows\system32\drivers\ialmsbw.sys
2011/04/20 09:43:11.0171 3396 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\windows\system32\drivers\ialmkchw.sys
2011/04/20 09:43:11.0421 3396 ================================================================================
2011/04/20 09:43:11.0421 3396 Scan finished
2011/04/20 09:43:11.0421 3396 ================================================================================
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby Gary R » April 20th, 2011, 4:57 pm

OK, lets get started on round two (there will be more to come).

First

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

Java(TM) 6 Update 22
Java(TM) 6 Update 7


Reboot your computer

Now download and install JDK 6 Update 24 (JDK or JRE).

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youcansearch.com
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {6B31B409-EF8A-407F-8315-28E79CF30908}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - HKLM\software\mozilla\Firefox\Extensions\\{6B31B409-EF8A-407F-8315-28E79CF30908}: C:\Documents and Settings\Owner\Local Settings\Application Data\{6B31B409-EF8A-407F-8315-28E79CF30908} [2010/06/24 19:32:44 | 000,000,000 | ---D | M]
[2009/11/28 05:56:56 | 000,005,413 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\searchplugins\fast-browser-search.xml
[2010/08/07 07:30:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/27 19:23:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/06/24 19:32:44 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{6B31B409-EF8A-407F-8315-28E79CF30908}
O2 - BHO: (Browser Enhancer) - {86ef8bd1-47f3-4322-923f-f29cdf477eb0} - C:\Program Files\CAJ Media\Browser Enhancer\adxloader.dll ()
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [{40E0B0D5-50AA-C637-C6C4-B99B40B4F4AB}] File not found
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [{F2C7D944-FD36-49EB-E988-4B40B4DA5EF5}] File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\kuloof.exe (OJHZAWMUB)
O15 - HKU\S-1-5-21-746137067-492894223-725345543-1003\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)

:Commands
[resethosts]
[emptytemp]
[emptyflash]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please download Malwarebytes' Anti-Malware to your Desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Summary of the logs I need from you in your next post:
  • OTL log
  • MBAM log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help!

Unread postby AdaAlcove » April 20th, 2011, 9:44 pm

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Fast Browser Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=" removed from browser.search.defaulturl
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
Prefs.js: {6B31B409-EF8A-407F-8315-28E79CF30908}:1.9.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6B31B409-EF8A-407F-8315-28E79CF30908} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B31B409-EF8A-407F-8315-28E79CF30908}\ not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\{6B31B409-EF8A-407F-8315-28E79CF30908}\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{6B31B409-EF8A-407F-8315-28E79CF30908}\chrome folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{6B31B409-EF8A-407F-8315-28E79CF30908} folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\searchplugins\fast-browser-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Folder C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{6B31B409-EF8A-407F-8315-28E79CF30908}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86ef8bd1-47f3-4322-923f-f29cdf477eb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86ef8bd1-47f3-4322-923f-f29cdf477eb0}\ deleted successfully.
C:\Program Files\CAJ Media\Browser Enhancer\adxloader.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\{40E0B0D5-50AA-C637-C6C4-B99B40B4F4AB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40E0B0D5-50AA-C637-C6C4-B99B40B4F4AB}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\{F2C7D944-FD36-49EB-E988-4B40B4DA5EF5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2C7D944-FD36-49EB-E988-4B40B4DA5EF5}\ not found.
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\kuloof.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\plaxo.com\www\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 294703 bytes
->Flash cache emptied: 89590 bytes

User: NetworkService
->Temp folder emptied: 12540 bytes
->Temporary Internet Files folder emptied: 589583 bytes
->Java cache emptied: 198252 bytes
->Flash cache emptied: 141151 bytes

User: Owner
->Temp folder emptied: 600612 bytes
->Temporary Internet Files folder emptied: 51708639 bytes
->Java cache emptied: 10227157 bytes
->FireFox cache emptied: 117785120 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 432229 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1165207 bytes
%systemroot%\System32 .tmp files removed: 1162769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127676 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 162356 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 177.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04202011_213046

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby AdaAlcove » April 20th, 2011, 10:08 pm

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6410

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/20/2011 10:07:02 PM
mbam-log-2011-04-20 (22-07-02).txt

Scan type: Quick scan
Objects scanned: 154719
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby Gary R » April 21st, 2011, 1:51 am

There's still a whole bundle of files we need to remove. I had hoped MBAM would have made my work a little easier and I wouldn't have to script them all, but it seems not, so I'm going to need you to run OTL again.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\windows\ozicapaq.dll
C:\windows\ubagoheke.dll
C:\windows\asopunep.dll
C:\windows\asajiyerez.dll
C:\windows\ofupijaf.dll
C:\windows\uviwiqul.dll
C:\windows\ereluhuziqi.dll
C:\windows\oravehamirolu.dll
C:\windows\icukitub.dll
C:\windows\ijisicog.dll
C:\windows\ujevacuq.dll
C:\windows\ijuwanubilil.dll
C:\windows\imusecoq.dll
C:\windows\odagutudiwo.dll
C:\windows\oyabupov.dll
C:\windows\esuyuqidefa.dll
C:\windows\alumebope.dll
C:\windows\ogehocozis.dll
C:\windows\iveyunol.dll
C:\windows\ijudokezezocoh.dll
C:\windows\ivobicitaqun.dll
C:\windows\ilakohiyi.dll
C:\windows\eqadoqen.dll
C:\windows\oqohetiq.dll
C:\windows\iyucepepajo.dll
C:\windows\akalininozum.dll
C:\windows\opuvanoqiq.dll
C:\windows\igobupovi.dll
C:\windows\agiyuqidefayoqe.dll
C:\windows\izeziqowukaza.dll
C:\windows\ijiropifatu.dll
C:\windows\edoyunol.dll
C:\windows\ilenejob.dll
C:\windows\ojawafon.dll
C:\windows\upuxomodor.dll
C:\windows\ugovuroviloxegir.dll
C:\windows\ofukaxodem.dll
C:\windows\oxufizosowuwule.dll
C:\windows\usavolovo.dll
C:\windows\ifowiges.dll
C:\windows\usixezibeceri.dll
C:\windows\icogifinosobuz.dll
C:\windows\ovubiwey.dll
C:\windows\ekiyifeg.dll
C:\windows\uhizafitequwezan.dll
C:\windows\ifuhelicomepo.dll
C:\windows\ejuyizajova.dll
C:\windows\ojiguzele.dll
C:\windows\inebalep.dll
C:\windows\icorawaxozuvovep.dll
C:\windows\idinuresiqaquz.dll
C:\windows\iyepofev.dll
C:\windows\iricuwus.dll
C:\windows\ohijiles.dll
C:\windows\igopozanijudu.dll
C:\windows\awekolasihi.dll
C:\windows\ibidaribiy.dll
C:\windows\ehukiqaqoju.dll
C:\windows\idirifucipisozoq.dll
C:\windows\uxasiwojiy.dll
C:\windows\iqaperul.dll
C:\windows\eribazuko.dll
C:\windows\ebisesoxikayisu.dll
C:\windows\erugosulizego.dll
C:\windows\acuwuzozawu.dll
C:\windows\ajecafof.dll
C:\windows\ugeteriw.dll
C:\windows\egubowinewunozab.dll
C:\windows\afasufiyas.dll
C:\windows\usedusib.dll
C:\windows\esahilono.dll
C:\windows\alokizicesojolo.dll
C:\windows\ukuqoseje.dll
C:\windows\ucupixoxiwakev.dll
C:\windows\avurewer.dll
C:\windows\okodifex.dll
C:\windows\ehohafileyocozof.dll
C:\windows\aderasewisura.dll
C:\windows\utulevef.dll
C:\windows\usumesaw.dll
C:\windows\amikalegetekola.dll
C:\windows\abayuwamoxobuzog.dll
C:\windows\iyotafabiz.dll
C:\windows\awowiman.dll
C:\windows\urolurac.dll
C:\windows\uxatuzuhovehula.dll
C:\windows\ugobezaxeqeta.dll
C:\windows\uxiyisuk.dll
C:\windows\ifecukalibiki.dll
C:\windows\atisuvarukurur.dll
C:\windows\iyipopeg.dll
C:\windows\eseridas.dll
C:\windows\ecedovugiyar.dll
C:\windows\ebivekanugazi.dll
C:\windows\ivewefokibo.dll
C:\windows\avasikun.dll
C:\windows\eruvakad.dll
C:\windows\efebavukubonerav.dll
C:\windows\eqisedoxiyetuk.dll
C:\windows\exuzodul.dll
C:\windows\etaruvoz.dll
C:\windows\aceyajofoyejeji.dll
C:\windows\abeqariwitatu.dll
C:\windows\eyobokogike.dll
C:\windows\awuyoxiy.dll
C:\windows\ohadudib.dll
C:\windows\egahidonokecikot.dll
C:\windows\azuciviciduhak.dll
C:\windows\ujutodejexijokiq.dll
C:\windows\atapejoxi.dll
C:\windows\alukikikodurexu.dll
C:\windows\udolexexexivu.dll
C:\windows\ogefozuzifowasi.dll
C:\windows\uwuradew.dll
C:\windows\upalepix.dll
C:\windows\obofedawevev.dll
C:\windows\abokudegemidar.dll
C:\windows\onusuram.dll
C:\windows\otumejab.dll
C:\windows\unewixanimifixe.dll
C:\windows\ufilukacegala.dll
C:\windows\osoqovabup.dll
C:\windows\uyibevax.dll
C:\windows\osiyeluk.dll
C:\windows\ocimopajeboy.dll
C:\windows\ivujoxodokake.dll
C:\windows\uvekaxuwena.dll
C:\windows\ojiqerof.dll
C:\windows\igenojowaye.dll
C:\windows\ayexayotik.dll
C:\windows\efalejac.dll
C:\windows\epakuhoxajedec.dll
C:\windows\upaduqir.dll
C:\windows\obuxuhij.dll
C:\windows\oteganidesugune.dll
C:\windows\unalonor.dll
C:\windows\ulexucem.dll
C:\windows\ifogojer.dll
C:\windows\apugilim.dll
C:\windows\Pgujafisequpali.dat
C:\windows\Mfapebiwe.bin

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL log
  • E-Set log
  • How is your computer behaving now ???


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help!

Unread postby AdaAlcove » April 22nd, 2011, 12:29 am

OTL log
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Fast Browser Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=" removed from browser.search.defaulturl
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
Prefs.js: {6B31B409-EF8A-407F-8315-28E79CF30908}:1.9.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6B31B409-EF8A-407F-8315-28E79CF30908} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B31B409-EF8A-407F-8315-28E79CF30908}\ not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\{6B31B409-EF8A-407F-8315-28E79CF30908}\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{6B31B409-EF8A-407F-8315-28E79CF30908}\chrome folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{6B31B409-EF8A-407F-8315-28E79CF30908} folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\searchplugins\fast-browser-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Folder C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{6B31B409-EF8A-407F-8315-28E79CF30908}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86ef8bd1-47f3-4322-923f-f29cdf477eb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86ef8bd1-47f3-4322-923f-f29cdf477eb0}\ deleted successfully.
C:\Program Files\CAJ Media\Browser Enhancer\adxloader.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\{40E0B0D5-50AA-C637-C6C4-B99B40B4F4AB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40E0B0D5-50AA-C637-C6C4-B99B40B4F4AB}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\{F2C7D944-FD36-49EB-E988-4B40B4DA5EF5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2C7D944-FD36-49EB-E988-4B40B4DA5EF5}\ not found.
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\kuloof.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\plaxo.com\www\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 294703 bytes
->Flash cache emptied: 89590 bytes

User: NetworkService
->Temp folder emptied: 12540 bytes
->Temporary Internet Files folder emptied: 589583 bytes
->Java cache emptied: 198252 bytes
->Flash cache emptied: 141151 bytes

User: Owner
->Temp folder emptied: 600612 bytes
->Temporary Internet Files folder emptied: 51708639 bytes
->Java cache emptied: 10227157 bytes
->FireFox cache emptied: 117785120 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 432229 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1165207 bytes
%systemroot%\System32 .tmp files removed: 1162769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127676 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 162356 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 177.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04202011_213046

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby AdaAlcove » April 22nd, 2011, 12:32 am

E-SET log ( My computer seems to be running a little faster. I was able to do a google search with out getting hijacked)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=3e4b3ebad24fcf41ae78e787c763e975
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-21 11:45:37
# local_time=2011-04-21 07:45:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 42 87 0 14524212 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=277302
# found=15
# cleaned=0
# scan_time=10188
C:\Documents and Settings\Owner\My Documents\Downloads\Audible_Nero_English.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\BHO.dll.vir a variant of Win32/BHO.OCS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\SGPSA\BHO.dll.vir a variant of Win32/BHO.OCS trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP741\A0076395.dll Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP743\A0080439.dll Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP756\A0106473.exe probably a variant of Win32/Injector.FHR trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP764\A0122405.exe a variant of Win32/Kryptik.MUA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP764\A0122788.dll a variant of Win32/BHO.OCS trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP764\A0122803.dll Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP764\A0122806.dll a variant of Win32/BHO.OCS trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\CouponsBar.dll probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Downloaded Installations\{6674FEC9-7EB0-4BAF-9391-06E15D0EBB3C}\MyFantasyMaker.msi probably a variant of Win32/Agent.FBVCZFA trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\04202011_213046\C_Documents and Settings\Default User\Start Menu\Programs\Startup\kuloof.exe probably a variant of Win32/Injector.FHR trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=3e4b3ebad24fcf41ae78e787c763e975
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-22 03:56:11
# local_time=2011-04-21 11:56:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 42 87 0 14539179 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=277295
# found=15
# cleaned=0
# scan_time=10256
C:\Documents and Settings\Owner\My Documents\Downloads\Audible_Nero_English.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\BHO.dll.vir a variant of Win32/BHO.OCS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\SGPSA\BHO.dll.vir a variant of Win32/BHO.OCS trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP741\A0076395.dll Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP743\A0080439.dll Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP756\A0106473.exe probably a variant of Win32/Injector.FHR trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP764\A0122405.exe a variant of Win32/Kryptik.MUA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP764\A0122788.dll a variant of Win32/BHO.OCS trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP764\A0122803.dll Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP764\A0122806.dll a variant of Win32/BHO.OCS trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\CouponsBar.dll probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Downloaded Installations\{6674FEC9-7EB0-4BAF-9391-06E15D0EBB3C}\MyFantasyMaker.msi probably a variant of Win32/Agent.FBVCZFA trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\04202011_213046\C_Documents and Settings\Default User\Start Menu\Programs\Startup\kuloof.exe probably a variant of Win32/Injector.FHR trojan (unable to clean) 00000000000000000000000000000000 I
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware