Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello all!


  • This topic is locked This topic is locked
25 replies to this topic

#1 Shadowlord6343

Shadowlord6343

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 09 May 2009 - 01:08 PM

Hello all,
New member here as I hadn't heard of the site until I started to research this Dumavuja garbage that got onto my computer somehow. I think my girlfriend downloaded something from friend. Anyways, I have all the popups and the antivirus keeps finding the dumavuja Dll and keeps finding it over and over until I have to disable the antivirus ( avira antivir ) just to get Windows to be able to load and to get online.

I have not downloaded the DDS. program mentioned in the Prep Sticky as I already have HiJack this and Stinger and know that it is Dumavuja that is at least part of my problems/
If I still need to go back and download the DDS.Scr then I will.
As most are already aware, you can disable dumavuja from the Msconfig command and it just comes back over and over.
Using Hijack this, I came up w'/ a few things that can't be removed unless I disable System Restore. But if I want to disable Sys. Restore it tells me that doing so will erase all my previous restore points.
So any help or advice as what to do next or what to run and post up for review.
As much of a pain as this is, I am looking forward to the knowledge I will gain in the process.
I look forward to hearing back from others.

BC AdBot (Login to Remove)

 


#2 Shadowlord6343

Shadowlord6343
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 09 May 2009 - 02:37 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 12:33:34.53 on Sat 05/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.499 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: iolo Personal Firewall® *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
{6ed6efad-47c2-40c7-8783-5929363d1bf1}
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [iolo Personal Firewall] "c:\program files\iolo\system mechanic professional\personal firewall\ioloFW.exe"
mRun: [CPM1b126fec] Rundll32.exe "c:\windows\system32\dumavuja.dll",a
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
LSP: c:\program files\iolo\common\firewall\iFW_Xfilter.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\dumavuja.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dumavuja.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\dumavuja.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\t0hs3os6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {21B612A8-B90D-4B2A-BB2E-1BD06F8A8824} - c:\documents and settings\owner\local settings\application data\{21B612A8-B90D-4B2A-BB2E-1BD06F8A8824}

============= SERVICES / DRIVERS ===============

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2008-2-1 39424]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-8 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-8 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-8 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-8 55640]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2007-12-14 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2007-12-14 712048]
R2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner;c:\program files\mcafee\mcafee antispyware\Msssrv.exe [2004-10-19 90112]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; [x]
S3 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.0 pro\rcp_scheduler.exe [2007-8-28 553472]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-04-28 22:01 494,352 a------- c:\windows\system32\SHDOC401.DLL
2009-04-28 22:01 164,144 a------- c:\windows\system32\COMCT232.OCX
2009-04-28 22:01 53,248 a------- c:\windows\system32\ArmAccess.dll
2009-04-27 14:06 399,360 a------- c:\windows\system32\SET72.tmp
2009-04-27 14:06 399,360 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-27 14:06 283,648 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-27 14:06 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-27 14:06 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-04-27 14:06 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-04-27 14:06 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-27 14:06 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-27 14:06 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-27 14:06 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-27 14:06 616,960 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-27 14:05 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-27 13:09 208,744 a------- c:\windows\system32\muweb.dll
2009-04-24 10:54 1,409,390 ---sh--- c:\windows\system32\iwirudew.ini
2009-04-24 10:50 61,952 a---h--- c:\windows\system32\BIT11.tmp
2009-04-23 22:51 2,713 ---sh--- c:\windows\system32\vusumuje.dll
2009-04-23 22:51 2,713 ---sh--- c:\windows\system32\leramada.exe
2009-04-23 22:51 2,713 ---sh--- c:\windows\system32\bawapara.dll
2009-04-23 10:50 1,409,399 ---sh--- c:\windows\system32\eponumuz.ini
2009-04-22 22:48 1,408,306 ---sh--- c:\windows\system32\ojevuyol.ini
2009-04-22 10:49 1,408,293 ---sh--- c:\windows\system32\ovuvugod.ini
2009-04-21 12:35 5,357 ---sh--- c:\windows\system32\nilejonu.dll
2009-04-21 00:35 1,418,624 ---sh--- c:\windows\system32\esubareg.ini
2009-04-20 00:27 1,418,624 ---sh--- c:\windows\system32\uvefofob.ini
2009-04-19 12:28 1,418,624 ---sh--- c:\windows\system32\ojunases.ini
2009-04-19 00:22 1,418,624 ---sh--- c:\windows\system32\atitigib.ini
2009-04-18 10:02 1,418,611 ---sh--- c:\windows\system32\irebitam.ini
2009-04-17 22:02 1,418,624 ---sh--- c:\windows\system32\esezukig.ini
2009-04-17 09:55 1,418,613 ---sh--- c:\windows\system32\afitovuw.ini
2009-04-16 21:46 1,418,624 ---sh--- c:\windows\system32\utukozuk.ini
2009-04-16 09:45 121 ---sh--- c:\windows\system32\ipanolet.ini
2009-04-15 11:55 1,418,626 ---sh--- c:\windows\system32\obamekok.ini
2009-04-13 15:50 1,416,481 ---sh--- c:\windows\system32\iwovifoy.ini

==================== Find3M ====================

2009-04-27 11:18 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-24 10:54 103,936 a------- c:\windows\system32\dumavuja.dll
2009-04-24 10:54 99,840 a--sh--- c:\windows\system32\weduriwi.dll
2009-04-23 10:50 62,976 a--sh--- c:\windows\system32\merunime.exe
2009-04-22 22:48 64,000 a--sh--- c:\windows\system32\dotevumo.exe
2009-04-22 22:48 100,352 -------- c:\windows\system32\loyuvejo.dll
2009-04-22 10:49 70,144 a--sh--- c:\windows\system32\funugipi.dll
2009-04-22 10:48 109,056 a--sh--- c:\windows\system32\bohemuko.dll
2009-04-22 10:48 62,976 a--sh--- c:\windows\system32\jijivafo.exe
2009-04-21 00:34 109,056 a--sh--- c:\windows\system32\hudivika.dll
2009-04-21 00:34 63,488 a--sh--- c:\windows\system32\vikefuto.exe
2009-04-20 12:35 109,056 a--sh--- c:\windows\system32\kalerazo.dll
2009-04-20 12:35 63,488 a--sh--- c:\windows\system32\ramuzovi.exe
2009-04-20 00:27 63,488 a--sh--- c:\windows\system32\wiludubu.exe
2009-04-20 00:27 109,056 a--sh--- c:\windows\system32\volorume.dll.vir
2009-04-19 12:27 99,328 -------- c:\windows\system32\sesanujo.dll
2009-04-19 12:27 109,056 a--sh--- c:\windows\system32\ruvoziyi.dll
2009-04-19 12:27 63,488 a--sh--- c:\windows\system32\kozodobe.exe
2009-04-19 00:22 99,328 -------- c:\windows\system32\bigitita.dll
2009-04-19 00:22 63,488 a--sh--- c:\windows\system32\pinapoyo.exe
2009-04-18 10:02 99,328 -------- c:\windows\system32\matiberi.dll
2009-04-18 10:02 109,056 a--sh--- c:\windows\system32\ronuruso.dll
2009-04-18 10:02 63,488 a--sh--- c:\windows\system32\vopereso.exe
2009-04-17 22:02 63,488 a--sh--- c:\windows\system32\saweguku.exe
2009-04-17 22:02 99,328 -------- c:\windows\system32\gikuzese.dll
2009-04-17 09:55 108,544 a--sh--- c:\windows\system32\sekanawo.dll
2009-04-17 09:54 63,488 a--sh--- c:\windows\system32\hozegupo.exe
2009-04-16 21:45 109,056 a--sh--- c:\windows\system32\tadezuzu.dll
2009-04-16 21:45 101,888 -------- c:\windows\system32\kuzokutu.dll
2009-04-16 09:44 109,056 a--sh--- c:\windows\system32\pidezabi.dll
2009-04-16 09:44 102,400 a--sh--- c:\windows\system32\telonapi.dll
2009-04-15 11:55 99,840 -------- c:\windows\system32\kokemabo.dll
2009-04-15 11:55 108,032 a--sh--- c:\windows\system32\mupafeve.dll
2009-04-14 10:48 70,144 a--sh--- c:\windows\system32\lewiyidi.dll
2009-04-14 10:47 109,568 a--sh--- c:\windows\system32\sayawoha.dll
2009-04-13 13:57 107,520 a--sh--- c:\windows\system32\lasefoye.dll.vir
2009-04-13 01:57 109,056 a--sh--- c:\windows\system32\bawawaza.dll
2009-04-13 01:57 63,488 a--sh--- c:\windows\system32\vonibusa.exe
2009-04-12 13:23 109,568 a--sh--- c:\windows\system32\kofemube.dll
2009-04-12 13:23 64,000 a--sh--- c:\windows\system32\zesedovi.exe
2009-04-12 01:22 109,568 a--sh--- c:\windows\system32\pebigamu.dll
2009-04-12 01:22 62,976 a--sh--- c:\windows\system32\tifunalo.exe
2009-04-11 12:15 109,056 a--sh--- c:\windows\system32\wokawewo.dll
2009-04-11 12:15 62,464 a--sh--- c:\windows\system32\tazodavi.exe
2009-03-25 16:44 936,288 a------- c:\windows\system32\Incinerator.dll
2009-03-06 07:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-17 11:31 28,672 a------- c:\windows\system32\iolobtdfg.exe
2009-02-17 11:26 8,192 a------- c:\windows\system32\smrgdf.exe
2009-02-09 03:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 03:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 03:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 03:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2007-08-29 16:23 81,920 a------- c:\docume~1\owner\applic~1\ezpinst.exe
2007-08-29 16:23 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2009-01-17 22:02 14,336 a--sh--- c:\windows\system32\vodarowo.dll
2009-01-12 01:23 71,168 a--sh--- c:\windows\system32\vuseyiju.dll.vir

============= FINISH: 12:34:58.46 ===============
DDS log

#3 Shadowlord6343

Shadowlord6343
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 09 May 2009 - 02:41 PM

As you can see, I have my work cut out for me. I seem to have several infections and unfortunately, since this is an Emachines 'Puter, I don't have an XP install disk but rather the 5 disk system restore disks that never seem to be able to run all the way to the end b/4 locking up.

If I can fix all this, I should be well on my way to being very computer literate LOL!
=================
Hello

Please note: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 09 May 2009 - 10:15 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:31 AM

Posted 10 May 2009 - 12:04 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Shadowlord6343

Shadowlord6343
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 10 May 2009 - 01:31 PM

Here is the Log from the Malwarebytes scan:

Malwarebytes' Anti-Malware 1.36
Database version: 2104
Windows 5.1.2600 Service Pack 2

5/10/2009 11:18:48 AM
mbam-log-2009-05-10 (11-18-48).txt

Scan type: Quick Scan
Objects scanned: 103108
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 14
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 53

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\dumavuja.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm1b126fec (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dumavuja.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Owner\Application Data\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegSweep\Log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegSweep\Registry Backups (Rogue.RegSweep) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\bigitita.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atitigib.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gikuzese.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\esezukig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kokemabo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obamekok.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuzokutu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utukozuk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\loyuvejo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ojevuyol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\matiberi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irebitam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sesanujo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ojunases.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\telonapi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipanolet.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\weduriwi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iwirudew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dumavuja.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\BIT11.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hozegupo.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hudivika.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jijivafo.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pinapoyo.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ramuzovi.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\saweguku.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ronuruso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tazodavi.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vikefuto.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vodarowo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\volorume.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vonibusa.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vopereso.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiludubu.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kozodobe.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvoziyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kalerazo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8S9CCQUU\ekueefs[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegSweep\Errors.stg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegSweep\Results.stg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegSweep\Log\2007 Jun 10 - 06_58_08 PM.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegSweep\Log\2007 Jun 10 - 06_58_10 PM.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegSweep\Registry Backups\2007-06-10_19-00-09.reg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegSweep\Registry Backups\2007-06-10_19-00-33.reg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lewiyidi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\funugipi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lasefoye.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuseyiju.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pidezabi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tadezuzu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.


Thank you for taking the time to help me.
Several files could not be removed as you suspected. I was not surprised either as HJT was unable to remove these files either, but the Puter is already running a bit better. I can start up the machine w/o having to disable to antivirus. b/4 running MBytes Dumavuja would keep trying to access the computer until I disabled the antivirus just to get windows loaded. That is no longer happening ( for the moment ) Hoepfully we'll be able to get rid of the remainder of the infections as easily.

Thanks for your time Buckeye. I will run the Osit program and post the log next.
BRB

#6 Shadowlord6343

Shadowlord6343
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 10 May 2009 - 01:39 PM

Here is the OTlistIt2 Log as requested:

OTListIt logfile created on: 5/10/2009 11:36:25 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 556.96 Mb Available Physical Memory | 54.47% Memory free
3.53 Gb Paging File | 3.14 Gb Available in Paging File | 88.93% Paging File free
Paging file location(s): C:\pagefile.sys 2688 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.21 Gb Total Space | 158.80 Gb Free Space | 69.89% Space Free | Partition Type: NTFS
Drive D: | 5.67 Gb Total Space | 2.73 Gb Free Space | 48.11% Space Free | Partition Type: FAT32
Drive E: | 699.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 186.30 Gb Total Space | 186.23 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: OWNER-FF6C31BB0
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/27 17:22:48 | 00,164,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/08/27 17:22:42 | 00,197,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/04/27 11:18:56 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2004/05/17 19:30:04 | 00,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2006/11/17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/10/07 08:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/03/13 10:04:26 | 01,320,800 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
PRC - [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/02/06 18:16:54 | 00,712,048 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe
PRC - [2004/10/19 02:00:00 | 00,090,112 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
PRC - [2007/04/19 13:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/11/25 19:27:42 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2009/04/28 11:57:08 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/10 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009/05/10 11:07:21 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AcrSch2Svc [Auto | Stopped])
SRV - [2009/04/27 11:18:56 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/02/21 21:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2004/08/27 17:22:42 | 00,197,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2004/08/27 17:22:48 | 00,078,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2004/08/27 17:22:48 | 00,164,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/03/23 18:37:26 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2004/08/10 12:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/02/06 18:16:54 | 00,712,048 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloFileInfoList [Auto | Running])
SRV - [2009/02/06 18:16:54 | 00,712,048 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloSystemService [Auto | Running])
SRV - File not found -- -- (ISSVC [On_Demand | Stopped])
SRV - [2004/10/19 02:00:00 | 00,090,112 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe -- (McAfeeAntiSpyware [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - File not found -- -- (mcupdmgr.exe [On_Demand | Stopped])
SRV - [2004/08/10 11:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/04/19 13:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/11/25 19:27:42 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2007/08/28 11:14:06 | 00,553,472 | ---- | M] (ReaSoft) -- C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe -- (rcp_service [On_Demand | Stopped])
SRV - [2004/08/27 16:02:54 | 00,206,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2004/08/10 12:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/12/04 17:11:46 | 04,025,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2001/08/17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Stopped])
DRV - [2004/08/04 06:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Stopped])
DRV - [2001/08/17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Stopped])
DRV - [2001/08/17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Stopped])
DRV - [2006/02/21 21:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/04/27 11:18:56 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/04/27 11:18:56 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2006/10/18 03:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2006/10/18 03:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2001/08/17 20:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Stopped])
DRV - [2001/08/17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Stopped])
DRV - [2006/12/31 11:45:35 | 00,018,816 | ---- | M] (RIF) -- C:\WINDOWS\System32\DRIVERS\dvd43llh.sys -- (dvd43llh [On_Demand | Running])
DRV - [2006/07/24 18:51:34 | 00,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk [System | Running])
DRV - [2004/06/17 15:56:22 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2004/06/17 15:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Stopped])
DRV - [2001/08/17 13:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys -- (mxnic [On_Demand | Stopped])
DRV - [2007/04/19 13:26:00 | 03,988,384 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007/06/25 16:21:33 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2004/08/10 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/10/18 03:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Stopped])
DRV - [2001/08/17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Stopped])
DRV - [2001/08/17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Stopped])
DRV - [2004/04/13 21:14:12 | 00,070,144 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2004/08/04 06:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Stopped])
DRV - [2001/08/17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Stopped])
DRV - [2009/02/13 11:50:02 | 00,028,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2004/11/15 18:41:54 | 00,036,804 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Running])
DRV - [2001/08/17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Stopped])
DRV - [2001/08/17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Stopped])
DRV - [2004/08/26 08:03:38 | 00,104,144 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2004/08/27 16:02:28 | 00,266,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Stopped])
DRV - [2001/08/17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Stopped])
DRV - [2005/10/09 01:05:00 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2001/08/17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Stopped])
DRV - [2004/08/10 12:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
DRV - [2003/01/10 14:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2004/06/17 15:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/10/02 12:41:12 | 00,039,424 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\xpacket.sys -- (XPacket [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\S-1-5-21-4018948230-1661406992-471557457-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:3.0.3
FF - prefs.js..extensions.enabledItems: {21B612A8-B90D-4B2A-BB2E-1BD06F8A8824}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{21B612A8-B90D-4B2A-BB2E-1BD06F8A8824}: C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{21B612A8-B90D-4B2A-BB2E-1BD06F8A8824} [2008/12/20 16:55:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 07:53:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 11:57:13 | 00,000,000 | ---D | M]

[2008/08/26 13:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/08/26 13:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/10 10:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\t0hs3os6.default\extensions
[2009/04/14 13:50:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\t0hs3os6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/24 08:33:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\t0hs3os6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/06/21 09:16:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\t0hs3os6.default\extensions\{DD99D76F-5129-4fd3-A2DC-AB41D6FBCF98}
[2008/07/21 10:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\t0hs3os6.default\extensions\en-US@dictionaries.addons.mozilla.org
[2008/05/30 09:14:43 | 00,001,162 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\t0hs3os6.default\searchplugins\dictionarycom.xml
[2008/08/03 20:34:39 | 00,001,173 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\t0hs3os6.default\searchplugins\referencecom---encyclopedia.xml
[2008/05/30 09:14:44 | 00,001,151 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\t0hs3os6.default\searchplugins\thesauruscom.xml
[2009/05/10 10:30:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 11:57:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/23 08:49:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/04/28 11:57:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 11:57:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/04 09:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/04 09:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/04 09:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 19:18:32 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/04 09:45:46 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/04 09:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/04 09:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (726 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [CHotkey] zHotkey.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/13 10:20:25 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/09 00:24:26 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/10 11:07:20 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/10 11:05:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/05/10 11:05:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/10 11:05:25 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/10 11:05:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/10 11:05:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/10 11:05:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/10 11:04:01 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/05/09 12:33:13 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/04/28 23:41:53 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stinger1001546.opt
[2009/04/28 22:01:34 | 00,494,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SHDOC401.DLL
[2009/04/28 22:01:34 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX
[2009/04/28 22:01:34 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2009/04/28 22:01:34 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PC Doc Pro 4.2.lnk
[2009/04/28 22:00:32 | 03,928,448 | ---- | C] (NeuroSoft Corp. ) -- C:\Documents and Settings\Owner\Desktop\pcdocpro.exe
[2009/04/27 21:34:51 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/27 14:06:37 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/27 14:06:37 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/27 14:06:37 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/27 14:06:37 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/27 14:06:37 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/27 14:06:36 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/27 14:06:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/27 14:06:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/27 14:06:35 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/27 14:06:35 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/27 14:05:52 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/27 13:09:55 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/04/25 15:13:37 | 73,290,9568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ubuntu-9.04-desktop-i386.iso
[2009/04/23 22:51:16 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vusumuje.dll
[2009/04/23 22:51:16 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\leramada.exe
[2009/04/23 22:51:16 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\bawapara.dll
[2009/04/23 10:50:25 | 01,409,399 | -HS- | C] () -- C:\WINDOWS\System32\eponumuz.ini
[2009/04/22 10:49:09 | 01,408,293 | -HS- | C] () -- C:\WINDOWS\System32\ovuvugod.ini
[2009/04/21 12:35:54 | 00,005,357 | -HS- | C] () -- C:\WINDOWS\System32\nilejonu.dll
[2009/04/21 00:35:00 | 01,418,624 | -HS- | C] () -- C:\WINDOWS\System32\esubareg.ini
[2009/04/20 00:27:58 | 01,418,624 | -HS- | C] () -- C:\WINDOWS\System32\uvefofob.ini
[2009/04/17 09:55:08 | 01,418,613 | -HS- | C] () -- C:\WINDOWS\System32\afitovuw.ini
[2009/04/13 15:50:07 | 01,416,481 | -HS- | C] () -- C:\WINDOWS\System32\iwovifoy.ini
[2009/04/13 14:15:04 | 03,534,855 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Owner\Desktop\stinger1001546.exe
[2008/09/19 20:00:25 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2008/09/19 20:00:14 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2008/09/19 20:00:07 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2008/03/13 19:16:18 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/01 14:49:45 | 00,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/05/01 14:49:45 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/04/29 16:33:08 | 00,000,021 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/02/12 12:50:11 | 00,151,040 | ---- | C] () -- C:\WINDOWS\System32\wimadll.dll
[2007/02/12 11:25:43 | 00,000,059 | ---- | C] () -- C:\WINDOWS\Burn and Go Nitro.ini
[2007/01/22 12:56:39 | 00,000,784 | ---- | C] () -- C:\WINDOWS\VIEWER.INI
[2007/01/21 19:28:50 | 00,936,288 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2006/11/28 20:54:56 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/27 22:20:17 | 00,000,086 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/11/25 21:16:37 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/25 20:50:13 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2006/11/25 20:49:57 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/11/25 19:29:45 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/11/25 19:29:45 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/11/01 16:18:34 | 00,006,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2006/08/11 21:45:20 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:10 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 21:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 21:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 21:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 21:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 21:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/13 12:02:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/13 09:57:05 | 00,001,344 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/04/13 09:57:05 | 00,000,495 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/04/13 09:56:11 | 00,000,968 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/04/13 09:56:08 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/04/13 09:55:59 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2005/04/13 09:55:48 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2005/04/13 09:55:31 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(3).dll
[1999/07/05 03:00:00 | 00,074,999 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/10 11:37:00 | 00,000,476 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-FF6C31BB0-Owner).job
[2009/05/10 11:35:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{07552356-DCCD-4F2E-B270-25CECBE80B98}.job
[2009/05/10 11:33:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (NT AUTHORITY-SYSTEM).job
[2009/05/10 11:20:45 | 00,088,713 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/10 11:20:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/10 11:20:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/05/10 11:20:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/10 11:20:37 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/10 11:07:21 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/10 11:05:41 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/10 11:05:25 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/10 11:04:14 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/05/09 14:02:21 | 00,000,726 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/09 13:25:28 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/09 12:33:13 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/05/09 10:26:29 | 00,000,968 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/09 10:26:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/09 10:26:29 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/05/01 21:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McAfee AntiSpyware.job
[2009/04/28 23:41:53 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stinger1001546.opt
[2009/04/28 22:01:34 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PC Doc Pro 4.2.lnk
[2009/04/28 22:00:51 | 03,928,448 | ---- | M] (NeuroSoft Corp. ) -- C:\Documents and Settings\Owner\Desktop\pcdocpro.exe
[2009/04/27 21:38:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/27 21:36:35 | 00,479,642 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/27 21:36:35 | 00,407,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/27 21:36:35 | 00,064,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/27 11:18:56 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/04/27 11:18:56 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/04/25 16:28:39 | 73,290,9568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ubuntu-9.04-desktop-i386.iso
[2009/04/24 11:00:56 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\dokajeva
[2009/04/24 10:54:59 | 01,409,399 | -HS- | M] () -- C:\WINDOWS\System32\eponumuz.ini
[2009/04/23 22:51:16 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vusumuje.dll
[2009/04/23 22:51:16 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\leramada.exe
[2009/04/23 22:51:16 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\bawapara.dll
[2009/04/23 10:50:22 | 00,062,976 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\merunime.exe
[2009/04/22 22:48:49 | 00,064,000 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\dotevumo.exe
[2009/04/22 11:10:20 | 01,408,293 | -HS- | M] () -- C:\WINDOWS\System32\ovuvugod.ini
[2009/04/22 10:48:48 | 00,109,056 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\bohemuko.dll
[2009/04/21 12:35:54 | 00,005,357 | -HS- | M] () -- C:\WINDOWS\System32\nilejonu.dll
[2009/04/21 11:20:59 | 01,418,624 | -HS- | M] () -- C:\WINDOWS\System32\esubareg.ini
[2009/04/21 00:34:50 | 01,418,624 | -HS- | M] () -- C:\WINDOWS\System32\uvefofob.ini
[2009/04/17 09:55:19 | 01,418,613 | -HS- | M] () -- C:\WINDOWS\System32\afitovuw.ini
[2009/04/17 09:55:01 | 00,108,544 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\sekanawo.dll
[2009/04/15 11:55:15 | 00,108,032 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\mupafeve.dll
[2009/04/15 11:09:35 | 01,416,481 | -HS- | M] () -- C:\WINDOWS\System32\iwovifoy.ini
[2009/04/14 10:47:47 | 00,109,568 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\sayawoha.dll
[2009/04/13 14:15:23 | 03,534,855 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Owner\Desktop\stinger1001546.exe
[2009/04/12 13:23:01 | 00,109,568 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\kofemube.dll
[2009/04/12 13:23:01 | 00,064,000 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\zesedovi.exe
[2009/04/12 01:22:46 | 00,109,568 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\pebigamu.dll
[2009/04/12 01:22:45 | 00,062,976 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\tifunalo.exe
[2009/04/11 12:15:38 | 00,109,056 | -HS- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\wokawewo.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:810FAD5F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:31 AM

Posted 10 May 2009 - 06:16 PM

We are making progress, but have much to do still.

I see an issue where it appears that you are running two antivirus programs - Norton and Avira. This can cause it's own set of issues and could complicate our process. It's never recommended to run more than one antivirus program. Please uninstall one of them so that you continue with only one active antivirus.



Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-4018948230-1661406992-471557457-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
    
    :Files
    C:\WINDOWS\System32\vusumuje.dll
    C:\WINDOWS\System32\leramada.exe
    C:\WINDOWS\System32\bawapara.dll
    C:\WINDOWS\System32\eponumuz.ini
    C:\WINDOWS\System32\ovuvugod.ini
    C:\WINDOWS\System32\nilejonu.dll
    C:\WINDOWS\System32\esubareg.ini
    C:\WINDOWS\System32\uvefofob.ini
    C:\WINDOWS\System32\afitovuw.ini
    C:\WINDOWS\System32\iwovifoy.ini
    C:\WINDOWS\System32\eponumuz.ini
    C:\WINDOWS\System32\merunime.exe
    C:\WINDOWS\System32\dotevumo.exe
    C:\WINDOWS\System32\bohemuko.dll
    C:\WINDOWS\System32\nilejonu.dll
    C:\WINDOWS\System32\esubareg.ini
    C:\WINDOWS\System32\uvefofob.ini
    C:\WINDOWS\System32\afitovuw.ini
    C:\WINDOWS\System32\sekanawo.dll
    C:\WINDOWS\System32\mupafeve.dll
    C:\WINDOWS\System32\iwovifoy.ini
    C:\WINDOWS\System32\sayawoha.dll
    C:\WINDOWS\System32\kofemube.dll
    C:\WINDOWS\System32\zesedovi.exe
    C:\WINDOWS\System32\pebigamu.dll
    C:\WINDOWS\System32\tifunalo.exe
    C:\WINDOWS\System32\wokawewo.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

================


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Shadowlord6343

Shadowlord6343
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 11 May 2009 - 03:50 PM

I will get right on running the other scans you mentioned. I only had a question about the Norton Antivirus. I don't know how to find/remove it. I can't find it in the programs file and while it comes up when I run add/remove pro but says that to remove it it has to be removed through MSI setup.
Any idea on how to proceed on that? I'm thinking that Norton either came w/ the machine or is something that came as an add-on w/ yahoo. I am trying to find more out. will post any progress. SHOuld I run those scans in the meantime or deal w/ the dual anti-virus problem first?

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:31 AM

Posted 11 May 2009 - 03:57 PM

Let's get rid of Norton. I'm concerned about a conflict when we start removing those other files.

Download and run the Norton Removal Tool.
http://service1.symantec.com/Support/tsgen...005033108162039

Once Norton is gone, proceed with the other steps.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Shadowlord6343

Shadowlord6343
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 11 May 2009 - 04:11 PM

Oops! If I wait, it takes a while to get a response. If I do something, responses come right away! :thumbup2:

Here is the results after running the OSit fix:
========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-4018948230-1661406992-471557457-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-4018948230-1661406992-471557457-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-4018948230-1661406992-471557457-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\vusumuje.dll not found.
File\Folder C:\WINDOWS\System32\leramada.exe not found.
File\Folder C:\WINDOWS\System32\bawapara.dll not found.
File\Folder C:\WINDOWS\System32\eponumuz.ini not found.
File\Folder C:\WINDOWS\System32\ovuvugod.ini not found.
File\Folder C:\WINDOWS\System32\nilejonu.dll not found.
File\Folder C:\WINDOWS\System32\esubareg.ini not found.
File\Folder C:\WINDOWS\System32\uvefofob.ini not found.
File\Folder C:\WINDOWS\System32\afitovuw.ini not found.
File\Folder C:\WINDOWS\System32\iwovifoy.ini not found.
File\Folder C:\WINDOWS\System32\eponumuz.ini not found.
File\Folder C:\WINDOWS\System32\merunime.exe not found.
File\Folder C:\WINDOWS\System32\dotevumo.exe not found.
File\Folder C:\WINDOWS\System32\bohemuko.dll not found.
File\Folder C:\WINDOWS\System32\nilejonu.dll not found.
File\Folder C:\WINDOWS\System32\esubareg.ini not found.
File\Folder C:\WINDOWS\System32\uvefofob.ini not found.
File\Folder C:\WINDOWS\System32\afitovuw.ini not found.
File\Folder C:\WINDOWS\System32\sekanawo.dll not found.
File\Folder C:\WINDOWS\System32\mupafeve.dll not found.
File\Folder C:\WINDOWS\System32\iwovifoy.ini not found.
File\Folder C:\WINDOWS\System32\sayawoha.dll not found.
File\Folder C:\WINDOWS\System32\kofemube.dll not found.
File\Folder C:\WINDOWS\System32\zesedovi.exe not found.
File\Folder C:\WINDOWS\System32\pebigamu.dll not found.
File\Folder C:\WINDOWS\System32\tifunalo.exe not found.
File\Folder C:\WINDOWS\System32\wokawewo.dll not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\etilqs_rhGuajtmeW4N0nL5lzW1 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DF5E9E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\fb_1148.lck scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.6 log created on 05112009_140256

Files moved on Reboot...
File C:\Documents and Settings\Owner\Local Settings\Temp\etilqs_rhGuajtmeW4N0nL5lzW1 not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\~DF5E9E.tmp not found!
File C:\WINDOWS\temp\fb_1148.lck not found!

Registry entries deleted on Reboot...

And I will re-run scan as requested as soon as I go to the URL provided to deal w/ the Norton Issue.
Thank you very much for your help Buckeye!

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:31 AM

Posted 11 May 2009 - 04:15 PM

Just catching me at the right time today. :thumbup2:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Shadowlord6343

Shadowlord6343
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 11 May 2009 - 04:26 PM

Norton Removed and here is the new OSit Scan.

OTListIt logfile created on: 5/11/2009 2:23:16 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 679.54 Mb Available Physical Memory | 66.46% Memory free
3.53 Gb Paging File | 3.23 Gb Available in Paging File | 91.66% Paging File free
Paging file location(s): C:\pagefile.sys 2688 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.21 Gb Total Space | 158.92 Gb Free Space | 69.95% Space Free | Partition Type: NTFS
Drive D: | 5.67 Gb Total Space | 2.73 Gb Free Space | 48.11% Space Free | Partition Type: FAT32
Drive E: | 699.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 186.30 Gb Total Space | 186.23 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: OWNER-FF6C31BB0
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/04/27 11:18:56 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2004/05/17 19:30:04 | 00,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2006/11/17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/10/07 08:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/03/13 10:04:26 | 01,320,800 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
PRC - [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/02/06 18:16:54 | 00,712,048 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe
PRC - [2004/10/19 02:00:00 | 00,090,112 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
PRC - [2007/04/19 13:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/11/25 19:27:42 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2009/05/10 11:07:21 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AcrSch2Svc [Auto | Stopped])
SRV - [2009/04/27 11:18:56 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/02/21 21:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/03/23 18:37:26 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2004/08/10 12:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/02/06 18:16:54 | 00,712,048 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloFileInfoList [Auto | Running])
SRV - [2009/02/06 18:16:54 | 00,712,048 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloSystemService [Auto | Running])
SRV - [2004/10/19 02:00:00 | 00,090,112 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe -- (McAfeeAntiSpyware [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - File not found -- -- (mcupdmgr.exe [On_Demand | Stopped])
SRV - [2004/08/10 11:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/04/19 13:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/11/25 19:27:42 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2007/08/28 11:14:06 | 00,553,472 | ---- | M] (ReaSoft) -- C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe -- (rcp_service [On_Demand | Stopped])
SRV - [2004/08/10 12:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/12/04 17:11:46 | 04,025,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2001/08/17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/04 06:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2006/02/21 21:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/04/27 11:18:56 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/04/27 11:18:56 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2006/10/18 03:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2006/10/18 03:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2001/08/17 20:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2006/12/31 11:45:35 | 00,018,816 | ---- | M] (RIF) -- C:\WINDOWS\System32\DRIVERS\dvd43llh.sys -- (dvd43llh [On_Demand | Running])
DRV - [2006/07/24 18:51:34 | 00,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk [System | Running])
DRV - [2004/06/17 15:56:22 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2004/06/17 15:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2001/08/17 13:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys -- (mxnic [On_Demand | Stopped])
DRV - [2007/04/19 13:26:00 | 03,988,384 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007/06/25 16:21:33 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2004/08/10 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/10/18 03:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2004/04/13 21:14:12 | 00,070,144 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2004/08/04 06:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2009/02/13 11:50:02 | 00,028,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2004/11/15 18:41:54 | 00,036,804 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Running])
DRV - [2001/08/17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2005/10/09 01:05:00 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2001/08/17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2004/08/10 12:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
DRV - [2003/01/10 14:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2004/06/17 15:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/10/02 12:41:12 | 00,039,424 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\xpacket.sys -- (XPacket [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:3.0.3
FF - prefs.js..extensions.enabledItems: {21B612A8-B90D-4B2A-BB2E-1BD06F8A8824}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{21B612A8-B90D-4B2A-BB2E-1BD06F8A8824}: C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{21B612A8-B90D-4B2A-BB2E-1BD06F8A8824} [2008/12/20 16:55:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 07:53:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 11:57:13 | 00,000,000 | ---D | M]

[2008/08/26 13:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/08/26 13:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/11 10:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\t0hs3os6.default\extensions
[2009/04/14 13:50:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\t0hs3os6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/24 08:33:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\t0hs3os6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/06/21 09:16:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\t0hs3os6.default\extensions\{DD99D76F-5129-4fd3-A2DC-AB41D6FBCF98}
[2008/07/21 10:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\t0hs3os6.default\extensions\en-US@dictionaries.addons.mozilla.org
[2008/05/30 09:14:43 | 00,001,162 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\t0hs3os6.default\searchplugins\dictionarycom.xml
[2008/08/03 20:34:39 | 00,001,173 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\t0hs3os6.default\searchplugins\referencecom---encyclopedia.xml
[2008/05/30 09:14:44 | 00,001,151 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\t0hs3os6.default\searchplugins\thesauruscom.xml
[2009/05/11 10:52:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 11:57:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/23 08:49:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/04/28 11:57:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 11:57:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/04 09:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/04 09:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/04 09:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 19:18:32 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/04 09:45:46 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/04 09:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/04 09:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (726 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CHotkey] zHotkey.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/13 10:20:25 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/09 00:24:26 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/11 14:13:20 | 03,063,218 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2009/05/11 13:57:16 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/10 11:07:20 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/10 11:05:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/05/10 11:05:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/10 11:05:25 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/10 11:05:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/10 11:05:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/10 11:05:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/10 11:04:01 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/05/09 12:33:13 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/04/28 23:41:53 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stinger1001546.opt
[2009/04/28 22:01:34 | 00,494,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SHDOC401.DLL
[2009/04/28 22:01:34 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX
[2009/04/28 22:01:34 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2009/04/28 22:01:34 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PC Doc Pro 4.2.lnk
[2009/04/28 22:00:32 | 03,928,448 | ---- | C] (NeuroSoft Corp. ) -- C:\Documents and Settings\Owner\Desktop\pcdocpro.exe
[2009/04/27 21:34:51 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/27 14:06:37 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/27 14:06:37 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/27 14:06:37 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/27 14:06:37 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/27 14:06:37 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/27 14:06:36 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/27 14:06:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/27 14:06:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/27 14:06:35 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/27 14:06:35 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/27 14:05:52 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/27 13:09:55 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/04/25 15:13:37 | 73,290,9568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ubuntu-9.04-desktop-i386.iso
[2009/04/13 14:15:04 | 03,534,855 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Owner\Desktop\stinger1001546.exe
[2008/09/19 20:00:25 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2008/09/19 20:00:14 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2008/09/19 20:00:07 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2008/03/13 19:16:18 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/01 14:49:45 | 00,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/05/01 14:49:45 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/04/29 16:33:08 | 00,000,021 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/02/12 12:50:11 | 00,151,040 | ---- | C] () -- C:\WINDOWS\System32\wimadll.dll
[2007/02/12 11:25:43 | 00,000,059 | ---- | C] () -- C:\WINDOWS\Burn and Go Nitro.ini
[2007/01/22 12:56:39 | 00,000,784 | ---- | C] () -- C:\WINDOWS\VIEWER.INI
[2007/01/21 19:28:50 | 00,936,288 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2006/11/28 20:54:56 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/27 22:20:17 | 00,000,086 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/11/25 21:16:37 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/25 20:50:13 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2006/11/25 20:49:57 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/11/25 19:29:45 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/11/25 19:29:45 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/11/01 16:18:34 | 00,006,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2006/08/11 21:45:20 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:10 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 21:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 21:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 21:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 21:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 21:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/13 12:02:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/13 09:57:05 | 00,001,344 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/04/13 09:57:05 | 00,000,495 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/04/13 09:56:11 | 00,000,968 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/04/13 09:56:08 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/04/13 09:55:59 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2005/04/13 09:55:48 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2005/04/13 09:55:31 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(3).dll
[1999/07/05 03:00:00 | 00,074,999 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/11 14:25:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{07552356-DCCD-4F2E-B270-25CECBE80B98}.job
[2009/05/11 14:23:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (NT AUTHORITY-SYSTEM).job
[2009/05/11 14:22:00 | 00,000,476 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-FF6C31BB0-Owner).job
[2009/05/11 14:16:38 | 00,088,713 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/11 14:16:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/11 14:16:35 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/05/11 14:16:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 14:16:32 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/11 14:13:42 | 03,063,218 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2009/05/10 11:07:21 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/10 11:05:41 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/10 11:05:25 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/10 11:04:14 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/05/09 14:02:21 | 00,000,726 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/09 13:25:28 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/09 12:33:13 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/05/09 10:26:29 | 00,000,968 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/09 10:26:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/09 10:26:29 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/05/01 21:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McAfee AntiSpyware.job
[2009/04/28 23:41:53 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stinger1001546.opt
[2009/04/28 22:01:34 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PC Doc Pro 4.2.lnk
[2009/04/28 22:00:51 | 03,928,448 | ---- | M] (NeuroSoft Corp. ) -- C:\Documents and Settings\Owner\Desktop\pcdocpro.exe
[2009/04/27 21:38:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/27 21:36:35 | 00,479,642 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/27 21:36:35 | 00,407,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/27 21:36:35 | 00,064,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/27 11:18:56 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/04/27 11:18:56 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/04/25 16:28:39 | 73,290,9568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ubuntu-9.04-desktop-i386.iso
[2009/04/24 11:00:56 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\dokajeva
[2009/04/13 14:15:23 | 03,534,855 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Owner\Desktop\stinger1001546.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:810FAD5F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:31 AM

Posted 11 May 2009 - 04:32 PM

Looking good! :thumbup2:

Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Let me know how your computer is behaving now. Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Shadowlord6343

Shadowlord6343
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 11 May 2009 - 04:38 PM

Hi Buckeye,
So far, the computer seems to be running better. It doesn't alert to a million viruses upon start up anymore an is a bit faster as well.
The only problems so far is that the JavaRa program doesn't seem to be able to connect to the webpage to get updates. ( after removing all older versions ) Should I have IE open when I try this? I normally use firefox.
Anyways, Should I run the Kaspersky program first or go straight to the instructions in your last post.
The malwarebytes scan?

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:31 AM

Posted 11 May 2009 - 04:44 PM

As long as JavaRa removed all the old versions of java, you can go to this page and download the current version.

http://java.sun.com/javase/downloads/index.jsp

You want JRE 6 Update 13


Skip Kaspersky and just do the Malwarebytes scan after you get the java installed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users