Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'PC Anti-Spyware 2010'


  • Please log in to reply
17 replies to this topic

#1 Weeble93

Weeble93

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 08 August 2009 - 06:12 AM

My laptop has been infected with 'PC anti-spyware 2010'.
I've unsuccessfully tried to remove it by using online tutorials but i couldn't locate on my laptop.

Attached Files



BC AdBot (Login to Remove)

 


#2 Weeble93

Weeble93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 08 August 2009 - 11:11 AM

I didn't realise you offered a removal guide - (http://www.bleepingcomputer.com/virus-removal/remove-pc-antispyware-2010)
Would it be worth trying your method?

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:23 PM

Posted 09 August 2009 - 05:55 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 Weeble93

Weeble93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 11 August 2009 - 04:54 AM

Hi Sam,
Thankyou for the help so far...

Here are the results from the malwarebytes:

Malwarebytes' Anti-Malware 1.40
Database version: 2597
Windows 5.1.2600 Service Pack 3

11/08/2009 10:30:10
mbam-log-2009-08-11 (10-30-10).txt

Scan type: Quick Scan
Objects scanned: 99763
Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 4
Registry Keys Infected: 6
Registry Values Infected: 10
Registry Data Items Infected: 8
Folders Infected: 4
Files Infected: 59

Memory Processes Infected:
C:\Documents and Settings\Hannah\Local Settings\Temp\ztsinw.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\winamp.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\hs7f3uhduhfukde.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpyware Service (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Recover! (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Start Menu\Programs\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hs7f3uhduhfukde.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\Hannah\Local Settings\Temp\ztsinw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\rcvbm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\umoikchf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\1256268292.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\1534458766.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\2451460980.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\2948143292.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\2A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\612976192.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\notepad.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\services.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\hsf78sied.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\win.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\csrss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\msupd_2.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\system.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\4EOPP9KH\dnxuh[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\4EOPP9KH\bdarsj[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\5E4DH569\yykulyzqq[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\8236X3TU\Install[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\H1DW64WV\foypq[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\HEJYF7V3\bxuii[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\HEJYF7V3\yrnwkxyppq[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\HG7NP5OQ\yisfwkx[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\R9CZMKKX\installb[1].com (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Desktop\PC_Antispyware2010.lnk (Rogue.PCAntispy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Local Settings\Temp\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Hannah\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Hannah\Local Settings\Temp\winlogon.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Hannah\Cookies\jife.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hannah\Cookies\utiz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Here is my OTL Report:

OTL logfile created on: 11/08/2009 10:40:29 - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Hannah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 487.91 Mb Available Physical Memory | 48.10% Memory free
2.39 Gb Paging File | 1.94 Gb Available in Paging File | 81.42% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 55.27 Gb Free Space | 77.80% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.91 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAGGIE
Current User Name: Hannah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/09/17 14:25:44 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 13:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/18 18:39:53 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/08/26 21:51:00 | 16,851,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007/12/21 05:40:30 | 00,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2008/02/28 23:00:04 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2008/02/28 23:00:14 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/08/28 19:34:52 | 01,044,480 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/02/28 23:00:16 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2008/10/20 19:32:54 | 02,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/04/14 14:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/10/07 03:07:26 | 00,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/09/17 14:25:46 | 00,580,200 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/05/22 15:57:15 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2008/05/21 05:02:08 | 00,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/05/22 01:44:30 | 00,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/18 18:39:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/09/17 14:25:46 | 01,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/02/28 23:00:10 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
PRC - [2008/04/14 13:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/03 13:36:10 | 01,295,632 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/06/29 09:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/05/18 18:39:53 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/05/13 17:46:18 | 00,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2009/08/11 10:38:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/09/17 14:25:44 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 13:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/18 18:39:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/05/13 17:44:00 | 00,077,480 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/10/08 07:35:10 | 01,334,432 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\athw.sys -- (AR5416 [On_Demand | Running])
DRV - [2008/07/27 00:29:28 | 00,539,640 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2008/07/27 00:29:36 | 00,037,424 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])
DRV - [2008/07/29 16:59:08 | 00,879,832 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2008/07/29 16:59:02 | 00,156,816 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Running])
DRV - [2008/07/27 00:29:54 | 00,074,688 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
DRV - [2008/01/15 04:01:02 | 00,030,208 | ---- | M] (Samsung Electronics,.LTD) -- C:\WINDOWS\System32\drivers\SamsungEDS.sys -- (DNSeFilter [On_Demand | Running])
DRV - [2005/10/27 05:18:05 | 00,004,300 | ---- | M] () -- C:\WINDOWS\System32\MEMIO.SYS -- (DOSMEMIO [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2008/04/14 13:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/02/15 21:12:06 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2008/08/27 00:35:00 | 04,753,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/04/14 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/14 13:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/08/28 19:18:14 | 00,224,736 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/09/23 21:23:58 | 00,238,464 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\System32\Drivers\VMC326.sys -- (VMC326 [On_Demand | Running])
DRV - [2008/11/07 10:04:00 | 00,291,328 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...N&bmod=SMSN
IE - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\S-1-5-21-2433048879-4093510609-4069565401-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cru629.dat\Extensio.) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/12 20:26:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/11 10:38:57 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe
[2009/08/11 10:14:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hannah\Application Data\Malwarebytes
[2009/08/11 10:14:51 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/11 10:14:49 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/11 10:14:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/11 10:14:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/11 10:14:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/11 09:41:53 | 00,019,523 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\pofumete.reg
[2009/08/11 09:41:53 | 00,019,199 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\obihyv.reg
[2009/08/11 09:41:53 | 00,018,847 | ---- | C] () -- C:\WINDOWS\System32\yqejoha._dl
[2009/08/11 09:41:53 | 00,017,946 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tocyhy.dl
[2009/08/11 09:41:53 | 00,016,643 | ---- | C] () -- C:\WINDOWS\System32\dyfewuh.ban
[2009/08/11 09:41:53 | 00,016,052 | ---- | C] () -- C:\WINDOWS\System32\koler.dll
[2009/08/11 09:41:53 | 00,015,301 | ---- | C] () -- C:\Program Files\Common Files\kiqa.inf
[2009/08/11 09:41:53 | 00,012,716 | ---- | C] () -- C:\WINDOWS\venyb.com
[2009/08/11 09:41:53 | 00,012,034 | ---- | C] () -- C:\WINDOWS\System32\zosasityxo.ban
[2009/08/11 09:41:53 | 00,011,991 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\exivija.dl
[2009/08/11 09:41:53 | 00,011,900 | ---- | C] () -- C:\WINDOWS\popiroxufe.com
[2009/08/11 09:41:53 | 00,011,779 | ---- | C] () -- C:\WINDOWS\hovekefuje.pif
[2009/08/11 09:41:53 | 00,011,456 | ---- | C] () -- C:\WINDOWS\negur.vbs
[2009/08/11 09:41:53 | 00,011,405 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\omykis.dl
[2009/08/11 09:41:53 | 00,010,647 | ---- | C] () -- C:\WINDOWS\System32\obiwyfuba.dll
[2009/08/11 09:41:53 | 00,010,307 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ylufygy.com
[2009/08/11 09:41:53 | 00,010,244 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bovyso.inf
[2009/08/08 12:00:02 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\dds.scr
[2009/08/08 11:47:33 | 00,019,314 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\ysabuweda.dll
[2009/08/08 11:47:33 | 00,018,703 | ---- | C] () -- C:\WINDOWS\migo.dat
[2009/08/08 11:47:33 | 00,018,562 | ---- | C] () -- C:\Program Files\Common Files\cibysuketi.com
[2009/08/08 11:47:33 | 00,018,366 | ---- | C] () -- C:\WINDOWS\uhytite.dll
[2009/08/08 11:47:33 | 00,018,057 | ---- | C] () -- C:\WINDOWS\System32\zehyfaz.pif
[2009/08/08 11:47:33 | 00,017,943 | ---- | C] () -- C:\WINDOWS\odabiqyvov.reg
[2009/08/08 11:47:33 | 00,017,461 | ---- | C] () -- C:\WINDOWS\System32\yqetedahog.lib
[2009/08/08 11:47:33 | 00,016,094 | ---- | C] () -- C:\Program Files\Common Files\dily.dll
[2009/08/08 11:47:33 | 00,015,644 | ---- | C] () -- C:\Program Files\Common Files\epeloxa.bin
[2009/08/08 11:47:33 | 00,015,466 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\oxytekodez.db
[2009/08/08 11:47:33 | 00,015,416 | ---- | C] () -- C:\Program Files\Common Files\nugunah.dat
[2009/08/08 11:47:33 | 00,015,398 | ---- | C] () -- C:\Program Files\Common Files\wyjyq.pif
[2009/08/08 11:47:33 | 00,014,010 | ---- | C] () -- C:\WINDOWS\uvabow.lib
[2009/08/08 11:47:33 | 00,013,968 | ---- | C] () -- C:\WINDOWS\System32\risukuwu.com
[2009/08/08 11:47:33 | 00,013,829 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\avejemenek.lib
[2009/08/08 11:47:33 | 00,013,245 | ---- | C] () -- C:\WINDOWS\sumipina._sy
[2009/08/08 11:47:33 | 00,012,316 | ---- | C] () -- C:\WINDOWS\opom.vbs
[2009/08/08 11:47:33 | 00,012,301 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\acegyl.exe
[2009/08/08 11:47:33 | 00,012,158 | ---- | C] () -- C:\WINDOWS\covis.ban
[2009/08/08 11:47:33 | 00,010,865 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\anasi.dll
[2009/08/08 11:47:33 | 00,010,828 | ---- | C] () -- C:\WINDOWS\System32\ekapop.lib
[2009/08/08 11:47:33 | 00,010,706 | ---- | C] () -- C:\WINDOWS\tedocegu._sy
[2009/08/08 11:47:33 | 00,010,411 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ucyzycupib.sys
[2009/08/08 10:32:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/08 08:23:04 | 00,019,857 | ---- | C] () -- C:\WINDOWS\iloluv._dl
[2009/08/08 08:23:04 | 00,019,044 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\uhitycupy.pif
[2009/08/08 08:23:04 | 00,018,755 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\ipur.com
[2009/08/08 08:23:04 | 00,018,116 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\gilo._sy
[2009/08/08 08:23:04 | 00,018,009 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pufilafu._dl
[2009/08/08 08:23:04 | 00,017,737 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\fabuwu.com
[2009/08/08 08:23:04 | 00,017,256 | ---- | C] () -- C:\Program Files\Common Files\uhes.exe
[2009/08/08 08:23:04 | 00,016,971 | ---- | C] () -- C:\Program Files\Common Files\jolof.com
[2009/08/08 08:23:04 | 00,016,603 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\mafaqofyk.vbs
[2009/08/08 08:23:04 | 00,015,827 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fizid.scr
[2009/08/08 08:23:04 | 00,015,625 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\sewa._sy
[2009/08/08 08:23:04 | 00,015,257 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\ebibikehav.db
[2009/08/08 08:23:04 | 00,014,918 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\myco.dat
[2009/08/08 08:23:04 | 00,014,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gynaqy._sy
[2009/08/08 08:23:04 | 00,014,186 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\qyfonowaq.exe
[2009/08/08 08:23:04 | 00,013,989 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\xadyxufehi.inf
[2009/08/08 08:23:04 | 00,013,968 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\iloqatexe.bat
[2009/08/08 08:23:04 | 00,013,368 | ---- | C] () -- C:\Program Files\Common Files\yxis.inf
[2009/08/08 08:23:04 | 00,012,423 | ---- | C] () -- C:\WINDOWS\fyjy.ban
[2009/08/08 08:23:04 | 00,012,091 | ---- | C] () -- C:\WINDOWS\dotanaha.com
[2009/08/08 08:23:04 | 00,011,905 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fyvozopi.bin
[2009/08/08 08:23:04 | 00,011,414 | ---- | C] () -- C:\Program Files\Common Files\ikototy.sys
[2009/08/08 08:23:04 | 00,010,565 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xewilyvyxy.ban
[2009/08/08 08:23:04 | 00,010,107 | ---- | C] () -- C:\WINDOWS\System32\okotyticiz.lib
[2009/08/08 00:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
[2009/08/07 23:18:20 | 00,019,981 | ---- | C] () -- C:\Program Files\Common Files\erynytut.exe
[2009/08/07 23:18:20 | 00,018,644 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ydegexyn.exe
[2009/08/07 23:18:20 | 00,018,195 | ---- | C] () -- C:\WINDOWS\osuvo.pif
[2009/08/07 23:18:20 | 00,017,473 | ---- | C] () -- C:\WINDOWS\uboluli.db
[2009/08/07 23:18:20 | 00,017,332 | ---- | C] () -- C:\WINDOWS\System32\zaxarexoh.pif
[2009/08/07 23:18:20 | 00,016,059 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\zujizeqe.ban
[2009/08/07 23:18:20 | 00,016,023 | ---- | C] () -- C:\Program Files\Common Files\evoqohutew.inf
[2009/08/07 23:18:20 | 00,015,909 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\hoholynuh.sys
[2009/08/07 23:18:20 | 00,013,421 | ---- | C] () -- C:\WINDOWS\mute._dl
[2009/08/07 23:18:20 | 00,012,703 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\uqotawez.inf
[2009/08/07 23:18:20 | 00,012,654 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\nigyg.dl
[2009/08/07 23:18:20 | 00,012,641 | ---- | C] () -- C:\Program Files\Common Files\ahumibeky.scr
[2009/08/07 23:18:20 | 00,012,431 | ---- | C] () -- C:\WINDOWS\abuw.db
[2009/08/07 23:18:20 | 00,012,121 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\zipotiru.inf
[2009/08/07 23:18:20 | 00,011,391 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\mefy.db
[2009/08/07 23:18:20 | 00,011,320 | ---- | C] () -- C:\WINDOWS\opujekyha.reg
[2009/08/07 23:18:20 | 00,011,304 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qihy.scr
[2009/08/07 23:18:20 | 00,010,677 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\wygol.ban
[2009/08/07 23:18:20 | 00,010,661 | ---- | C] () -- C:\Program Files\Common Files\mojumazefe.bat
[2009/08/07 23:13:35 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2009/08/06 16:59:16 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/06 10:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/06 10:46:00 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/04/29 08:35:14 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Hannah_KBD.ini
[2009/03/18 20:27:21 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/12 20:37:53 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/02/12 20:37:53 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2009/02/12 20:37:51 | 00,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/02/12 20:37:51 | 00,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/02/12 20:37:51 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/02/12 20:37:51 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/02/12 20:37:51 | 00,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/02/12 20:37:51 | 00,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/02/12 20:37:51 | 00,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/02/12 20:37:51 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/02/12 20:37:51 | 00,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/02/12 20:37:51 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/02/12 20:37:51 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/02/12 20:37:51 | 00,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/02/12 20:37:51 | 00,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/02/12 20:37:51 | 00,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/02/12 20:37:51 | 00,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/02/12 20:37:51 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/02/12 20:37:51 | 00,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/02/12 20:35:41 | 00,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/02/12 20:35:41 | 00,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/02/12 20:32:23 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/02/12 20:29:56 | 00,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/02/12 19:06:19 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/02/12 19:05:46 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2009/02/12 19:05:43 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/09/17 14:20:08 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/08/11 10:38:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe
[2009/08/11 10:32:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/11 10:31:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/11 10:31:54 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/11 10:14:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/11 09:41:53 | 00,019,523 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\pofumete.reg
[2009/08/11 09:41:53 | 00,019,199 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\obihyv.reg
[2009/08/11 09:41:53 | 00,018,847 | ---- | M] () -- C:\WINDOWS\System32\yqejoha._dl
[2009/08/11 09:41:53 | 00,017,946 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\tocyhy.dl
[2009/08/11 09:41:53 | 00,016,643 | ---- | M] () -- C:\WINDOWS\System32\dyfewuh.ban
[2009/08/11 09:41:53 | 00,016,052 | ---- | M] () -- C:\WINDOWS\System32\koler.dll
[2009/08/11 09:41:53 | 00,015,301 | ---- | M] () -- C:\Program Files\Common Files\kiqa.inf
[2009/08/11 09:41:53 | 00,012,716 | ---- | M] () -- C:\WINDOWS\venyb.com
[2009/08/11 09:41:53 | 00,012,034 | ---- | M] () -- C:\WINDOWS\System32\zosasityxo.ban
[2009/08/11 09:41:53 | 00,011,991 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\exivija.dl
[2009/08/11 09:41:53 | 00,011,900 | ---- | M] () -- C:\WINDOWS\popiroxufe.com
[2009/08/11 09:41:53 | 00,011,779 | ---- | M] () -- C:\WINDOWS\hovekefuje.pif
[2009/08/11 09:41:53 | 00,011,456 | ---- | M] () -- C:\WINDOWS\negur.vbs
[2009/08/11 09:41:53 | 00,011,405 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\omykis.dl
[2009/08/11 09:41:53 | 00,010,647 | ---- | M] () -- C:\WINDOWS\System32\obiwyfuba.dll
[2009/08/11 09:41:53 | 00,010,307 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ylufygy.com
[2009/08/11 09:41:53 | 00,010,244 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\bovyso.inf
[2009/08/11 09:35:13 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/08 19:36:19 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/08 12:00:07 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\dds.scr
[2009/08/08 11:47:33 | 00,019,314 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\ysabuweda.dll
[2009/08/08 11:47:33 | 00,018,703 | ---- | M] () -- C:\WINDOWS\migo.dat
[2009/08/08 11:47:33 | 00,018,562 | ---- | M] () -- C:\Program Files\Common Files\cibysuketi.com
[2009/08/08 11:47:33 | 00,018,366 | ---- | M] () -- C:\WINDOWS\uhytite.dll
[2009/08/08 11:47:33 | 00,018,057 | ---- | M] () -- C:\WINDOWS\System32\zehyfaz.pif
[2009/08/08 11:47:33 | 00,017,943 | ---- | M] () -- C:\WINDOWS\odabiqyvov.reg
[2009/08/08 11:47:33 | 00,017,461 | ---- | M] () -- C:\WINDOWS\System32\yqetedahog.lib
[2009/08/08 11:47:33 | 00,016,094 | ---- | M] () -- C:\Program Files\Common Files\dily.dll
[2009/08/08 11:47:33 | 00,015,644 | ---- | M] () -- C:\Program Files\Common Files\epeloxa.bin
[2009/08/08 11:47:33 | 00,015,466 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\oxytekodez.db
[2009/08/08 11:47:33 | 00,015,416 | ---- | M] () -- C:\Program Files\Common Files\nugunah.dat
[2009/08/08 11:47:33 | 00,015,398 | ---- | M] () -- C:\Program Files\Common Files\wyjyq.pif
[2009/08/08 11:47:33 | 00,014,010 | ---- | M] () -- C:\WINDOWS\uvabow.lib
[2009/08/08 11:47:33 | 00,013,968 | ---- | M] () -- C:\WINDOWS\System32\risukuwu.com
[2009/08/08 11:47:33 | 00,013,829 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\avejemenek.lib
[2009/08/08 11:47:33 | 00,013,245 | ---- | M] () -- C:\WINDOWS\sumipina._sy
[2009/08/08 11:47:33 | 00,012,316 | ---- | M] () -- C:\WINDOWS\opom.vbs
[2009/08/08 11:47:33 | 00,012,301 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\acegyl.exe
[2009/08/08 11:47:33 | 00,012,158 | ---- | M] () -- C:\WINDOWS\covis.ban
[2009/08/08 11:47:33 | 00,010,865 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\anasi.dll
[2009/08/08 11:47:33 | 00,010,828 | ---- | M] () -- C:\WINDOWS\System32\ekapop.lib
[2009/08/08 11:47:33 | 00,010,706 | ---- | M] () -- C:\WINDOWS\tedocegu._sy
[2009/08/08 11:47:33 | 00,010,411 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ucyzycupib.sys
[2009/08/08 10:00:03 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/08 08:23:04 | 00,019,857 | ---- | M] () -- C:\WINDOWS\iloluv._dl
[2009/08/08 08:23:04 | 00,019,044 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\uhitycupy.pif
[2009/08/08 08:23:04 | 00,018,755 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\ipur.com
[2009/08/08 08:23:04 | 00,018,116 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\gilo._sy
[2009/08/08 08:23:04 | 00,018,009 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pufilafu._dl
[2009/08/08 08:23:04 | 00,017,737 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\fabuwu.com
[2009/08/08 08:23:04 | 00,017,256 | ---- | M] () -- C:\Program Files\Common Files\uhes.exe
[2009/08/08 08:23:04 | 00,016,971 | ---- | M] () -- C:\Program Files\Common Files\jolof.com
[2009/08/08 08:23:04 | 00,016,603 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\mafaqofyk.vbs
[2009/08/08 08:23:04 | 00,015,827 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fizid.scr
[2009/08/08 08:23:04 | 00,015,625 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\sewa._sy
[2009/08/08 08:23:04 | 00,015,257 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\ebibikehav.db
[2009/08/08 08:23:04 | 00,014,918 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\myco.dat
[2009/08/08 08:23:04 | 00,014,753 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gynaqy._sy
[2009/08/08 08:23:04 | 00,014,186 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\qyfonowaq.exe
[2009/08/08 08:23:04 | 00,013,989 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\xadyxufehi.inf
[2009/08/08 08:23:04 | 00,013,968 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\iloqatexe.bat
[2009/08/08 08:23:04 | 00,013,368 | ---- | M] () -- C:\Program Files\Common Files\yxis.inf
[2009/08/08 08:23:04 | 00,012,423 | ---- | M] () -- C:\WINDOWS\fyjy.ban
[2009/08/08 08:23:04 | 00,012,091 | ---- | M] () -- C:\WINDOWS\dotanaha.com
[2009/08/08 08:23:04 | 00,011,905 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fyvozopi.bin
[2009/08/08 08:23:04 | 00,011,414 | ---- | M] () -- C:\Program Files\Common Files\ikototy.sys
[2009/08/08 08:23:04 | 00,010,565 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xewilyvyxy.ban
[2009/08/08 08:23:04 | 00,010,107 | ---- | M] () -- C:\WINDOWS\System32\okotyticiz.lib
[2009/08/07 23:18:20 | 00,019,981 | ---- | M] () -- C:\Program Files\Common Files\erynytut.exe
[2009/08/07 23:18:20 | 00,018,644 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ydegexyn.exe
[2009/08/07 23:18:20 | 00,018,195 | ---- | M] () -- C:\WINDOWS\osuvo.pif
[2009/08/07 23:18:20 | 00,017,473 | ---- | M] () -- C:\WINDOWS\uboluli.db
[2009/08/07 23:18:20 | 00,017,332 | ---- | M] () -- C:\WINDOWS\System32\zaxarexoh.pif
[2009/08/07 23:18:20 | 00,016,059 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\zujizeqe.ban
[2009/08/07 23:18:20 | 00,016,023 | ---- | M] () -- C:\Program Files\Common Files\evoqohutew.inf
[2009/08/07 23:18:20 | 00,015,909 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\hoholynuh.sys
[2009/08/07 23:18:20 | 00,013,421 | ---- | M] () -- C:\WINDOWS\mute._dl
[2009/08/07 23:18:20 | 00,012,703 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\uqotawez.inf
[2009/08/07 23:18:20 | 00,012,654 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\nigyg.dl
[2009/08/07 23:18:20 | 00,012,641 | ---- | M] () -- C:\Program Files\Common Files\ahumibeky.scr
[2009/08/07 23:18:20 | 00,012,431 | ---- | M] () -- C:\WINDOWS\abuw.db
[2009/08/07 23:18:20 | 00,012,121 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\zipotiru.inf
[2009/08/07 23:18:20 | 00,011,391 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\mefy.db
[2009/08/07 23:18:20 | 00,011,320 | ---- | M] () -- C:\WINDOWS\opujekyha.reg
[2009/08/07 23:18:20 | 00,011,304 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\qihy.scr
[2009/08/07 23:18:20 | 00,010,677 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\wygol.ban
[2009/08/07 23:18:20 | 00,010,661 | ---- | M] () -- C:\Program Files\Common Files\mojumazefe.bat
[2009/08/07 23:13:35 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2009/08/07 15:16:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/19 14:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 14:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 14:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 14:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/16 08:37:46 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


OTL 'extras.txt':


OTL Extras logfile created on: 11/08/2009 10:40:29 - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Hannah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 487.91 Mb Available Physical Memory | 48.10% Memory free
2.39 Gb Paging File | 1.94 Gb Available in Paging File | 81.42% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 55.27 Gb Free Space | 77.80% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.91 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAGGIE
Current User Name: Hannah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"LimeWire" = LimeWire 5.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2433048879-4093510609-4069565401-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/06/2009 16:01:14 | Computer Name = MAGGIE | Source = MsiInstaller | ID = 11904
Description = Product: 4oD -- Error 1904.Module C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
failed to register. HRESULT -2147220473. Contact your support personnel.

Error - 06/07/2009 15:57:41 | Computer Name = MAGGIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting
module avgtbapi.dll, version 8.5.0.268, fault address 0x0004b223.

Error - 15/07/2009 03:11:27 | Computer Name = MAGGIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting
module avgssie.dll, version 8.5.0.310, fault address 0x00004ec9.

Error - 20/07/2009 11:12:53 | Computer Name = MAGGIE | Source = Application Error | ID = 1000
Description = Faulting application btstac~1.exe, version 5.1.0.6100, faulting module
btstac~1.exe, version 5.1.0.6100, fault address 0x00098094.

Error - 20/07/2009 18:32:08 | Computer Name = MAGGIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting
module unknown, version 0.0.0.0, fault address 0xb00d840f.

Error - 25/07/2009 16:43:31 | Computer Name = MAGGIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting
module avgssie.dll, version 8.5.0.392, fault address 0x00004ec9.

Error - 27/07/2009 16:20:22 | Computer Name = MAGGIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting
module mshtml.dll, version 7.0.6000.16850, fault address 0x000b2823.

Error - 04/08/2009 07:34:50 | Computer Name = MAGGIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x0021810a.

Error - 06/08/2009 11:54:49 | Computer Name = MAGGIE | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 08/08/2009 06:29:46 | Computer Name = MAGGIE | Source = Application Hang | ID = 1002
Description = Hanging application _iu14D2N.tmp, version 51.49.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 08/08/2009 04:40:51 | Computer Name = MAGGIE | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%1053

Error - 08/08/2009 05:10:04 | Computer Name = MAGGIE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Panda Process Protection
Service service to connect.

Error - 08/08/2009 05:10:04 | Computer Name = MAGGIE | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%1053

Error - 08/08/2009 05:17:16 | Computer Name = MAGGIE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Panda Process Protection
Service service to connect.

Error - 08/08/2009 05:17:16 | Computer Name = MAGGIE | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%1053

Error - 08/08/2009 06:09:43 | Computer Name = MAGGIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the sdCoreService service.

Error - 08/08/2009 07:48:04 | Computer Name = MAGGIE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Panda Process Protection
Service service to connect.

Error - 08/08/2009 07:48:04 | Computer Name = MAGGIE | Source = Service Control Manager | ID = 7000
Description = The Panda Process Protection Service service failed to start due to
the following error: %%1053

Error - 11/08/2009 05:30:57 | Computer Name = MAGGIE | Source = Service Control Manager | ID = 7034
Description = The Marvell Yukon Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/08/2009 05:32:15 | Computer Name = MAGGIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:23 PM

Posted 11 August 2009 - 01:14 PM

Whew, you've got some nasty stuff there.


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


==================



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-2433048879-4093510609-4069565401-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - AppInit_DLLs: (cru629.dat\Extensio.) - File not found
    
    
    :Files
    C:\Documents and Settings\Hannah\Local Settings\Application Data\pofumete.reg
    C:\Documents and Settings\Hannah\Local Settings\Application Data\obihyv.reg
    C:\WINDOWS\System32\yqejoha._dl
    C:\Documents and Settings\All Users\Application Data\tocyhy.dl
    C:\WINDOWS\System32\dyfewuh.ban
    C:\WINDOWS\System32\koler.dll
    C:\Program Files\Common Files\kiqa.inf
    C:\WINDOWS\venyb.com
    C:\WINDOWS\System32\zosasityxo.ban
    C:\Documents and Settings\All Users\Documents\exivija.dl
    C:\WINDOWS\popiroxufe.com
    C:\WINDOWS\hovekefuje.pif
    C:\WINDOWS\negur.vbs
    C:\Documents and Settings\All Users\Documents\omykis.dl
    C:\WINDOWS\System32\obiwyfuba.dll
    C:\Documents and Settings\All Users\Application Data\ylufygy.com
    C:\Documents and Settings\All Users\Documents\bovyso.inf
    C:\Documents and Settings\Hannah\Desktop\dds.scr
    C:\Documents and Settings\Hannah\Local Settings\Application Data\ysabuweda.dll
    C:\WINDOWS\migo.dat
    C:\Program Files\Common Files\cibysuketi.com
    C:\WINDOWS\uhytite.dll
    C:\WINDOWS\System32\zehyfaz.pif
    C:\WINDOWS\odabiqyvov.reg
    C:\WINDOWS\System32\yqetedahog.lib
    C:\Program Files\Common Files\dily.dll
    C:\Program Files\Common Files\epeloxa.bin
    C:\Documents and Settings\Hannah\Application Data\oxytekodez.db
    C:\Program Files\Common Files\nugunah.dat
    C:\Program Files\Common Files\wyjyq.pif
    C:\WINDOWS\uvabow.lib
    C:\WINDOWS\System32\risukuwu.com
    C:\Documents and Settings\All Users\Documents\avejemenek.lib
    C:\WINDOWS\sumipina._sy
    C:\WINDOWS\opom.vbs
    C:\Documents and Settings\All Users\Application Data\acegyl.exe
    C:\WINDOWS\covis.ban
    C:\Documents and Settings\All Users\Documents\anasi.dll
    C:\WINDOWS\System32\ekapop.lib
    C:\WINDOWS\tedocegu._sy
    C:\Documents and Settings\All Users\Documents\ucyzycupib.sys
    C:\WINDOWS\iloluv._dl
    C:\Documents and Settings\Hannah\Local Settings\Application Data\uhitycupy.pif
    C:\Documents and Settings\Hannah\Application Data\ipur.com
    C:\Documents and Settings\Hannah\Local Settings\Application Data\gilo._sy
    C:\Documents and Settings\All Users\Documents\pufilafu._dl
    C:\Documents and Settings\Hannah\Local Settings\Application Data\fabuwu.com
    C:\Program Files\Common Files\uhes.exe
    C:\Program Files\Common Files\jolof.com
    C:\Documents and Settings\Hannah\Application Data\mafaqofyk.vbs
    C:\Documents and Settings\All Users\Application Data\fizid.scr
    C:\Documents and Settings\Hannah\Local Settings\Application Data\sewa._sy
    C:\Documents and Settings\Hannah\Local Settings\Application Data\ebibikehav.db
    C:\Documents and Settings\All Users\Application Data\myco.dat
    C:\Documents and Settings\All Users\Application Data\gynaqy._sy
    C:\Documents and Settings\Hannah\Local Settings\Application Data\qyfonowaq.exe
    C:\Documents and Settings\All Users\Documents\xadyxufehi.inf
    C:\Documents and Settings\Hannah\Application Data\iloqatexe.bat
    C:\Program Files\Common Files\yxis.inf
    C:\WINDOWS\fyjy.ban
    C:\WINDOWS\dotanaha.com
    C:\Documents and Settings\All Users\Documents\fyvozopi.bin
    C:\Program Files\Common Files\ikototy.sys
    C:\Documents and Settings\All Users\Application Data\xewilyvyxy.ban
    C:\WINDOWS\System32\okotyticiz.lib
    C:\Program Files\Common Files\erynytut.exe
    C:\Documents and Settings\All Users\Application Data\ydegexyn.exe
    C:\WINDOWS\osuvo.pif
    C:\WINDOWS\uboluli.db
    C:\WINDOWS\System32\zaxarexoh.pif
    C:\Documents and Settings\Hannah\Application Data\zujizeqe.ban
    C:\Program Files\Common Files\evoqohutew.inf
    C:\Documents and Settings\Hannah\Local Settings\Application Data\hoholynuh.sys
    C:\WINDOWS\mute._dl
    C:\Documents and Settings\Hannah\Application Data\uqotawez.inf
    C:\Documents and Settings\All Users\Documents\nigyg.dl
    C:\Program Files\Common Files\ahumibeky.scr
    C:\WINDOWS\abuw.db
    C:\Documents and Settings\Hannah\Local Settings\Application Data\zipotiru.inf
    C:\Documents and Settings\Hannah\Application Data\mefy.db
    C:\WINDOWS\opujekyha.reg
    C:\Documents and Settings\All Users\Documents\qihy.scr
    C:\Documents and Settings\Hannah\Application Data\wygol.ban
    C:\Program Files\Common Files\mojumazefe.bat
    C:\p2hhr.bat
    
    
    
    
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Weeble93

Weeble93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 21 August 2009 - 12:07 PM

Sorry about late reply - just got back from holiday.
When i turned my laptop back on i discovered that the PC Anti-Spyware 2010 has re-infected my laptop.
Should i carry on with the 2nd step, or go right back to the beginning?
What would you recommend?

Thanks

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:23 PM

Posted 21 August 2009 - 01:01 PM

It was never really gone. Go ahead and proceed with the last set of instructions I posted for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Weeble93

Weeble93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 25 August 2009 - 05:01 AM

'Results from the fix' :
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2433048879-4093510609-4069565401-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2433048879-4093510609-4069565401-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\ALCMTR.EXE moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:cru629.dat\Extensio. scheduled to be deleted on reboot.
========== FILES ==========
C:\Documents and Settings\Hannah\Local Settings\Application Data\pofumete.reg moved successfully.
C:\Documents and Settings\Hannah\Local Settings\Application Data\obihyv.reg moved successfully.
C:\WINDOWS\System32\yqejoha._dl moved successfully.
C:\Documents and Settings\All Users\Application Data\tocyhy.dl moved successfully.
C:\WINDOWS\System32\dyfewuh.ban moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\koler.dll
C:\WINDOWS\System32\koler.dll NOT unregistered.
C:\WINDOWS\System32\koler.dll moved successfully.
C:\Program Files\Common Files\kiqa.inf moved successfully.
C:\WINDOWS\venyb.com moved successfully.
C:\WINDOWS\System32\zosasityxo.ban moved successfully.
C:\Documents and Settings\All Users\Documents\exivija.dl moved successfully.
C:\WINDOWS\popiroxufe.com moved successfully.
C:\WINDOWS\hovekefuje.pif moved successfully.
C:\WINDOWS\negur.vbs moved successfully.
C:\Documents and Settings\All Users\Documents\omykis.dl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\obiwyfuba.dll
C:\WINDOWS\System32\obiwyfuba.dll NOT unregistered.
C:\WINDOWS\System32\obiwyfuba.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\ylufygy.com moved successfully.
C:\Documents and Settings\All Users\Documents\bovyso.inf moved successfully.
C:\Documents and Settings\Hannah\Desktop\dds.scr moved successfully.
LoadLibrary failed for C:\Documents and Settings\Hannah\Local Settings\Application Data\ysabuweda.dll
C:\Documents and Settings\Hannah\Local Settings\Application Data\ysabuweda.dll NOT unregistered.
C:\Documents and Settings\Hannah\Local Settings\Application Data\ysabuweda.dll moved successfully.
C:\WINDOWS\migo.dat moved successfully.
C:\Program Files\Common Files\cibysuketi.com moved successfully.
LoadLibrary failed for C:\WINDOWS\uhytite.dll
C:\WINDOWS\uhytite.dll NOT unregistered.
C:\WINDOWS\uhytite.dll moved successfully.
C:\WINDOWS\System32\zehyfaz.pif moved successfully.
C:\WINDOWS\odabiqyvov.reg moved successfully.
C:\WINDOWS\System32\yqetedahog.lib moved successfully.
LoadLibrary failed for C:\Program Files\Common Files\dily.dll
C:\Program Files\Common Files\dily.dll NOT unregistered.
C:\Program Files\Common Files\dily.dll moved successfully.
C:\Program Files\Common Files\epeloxa.bin moved successfully.
C:\Documents and Settings\Hannah\Application Data\oxytekodez.db moved successfully.
C:\Program Files\Common Files\nugunah.dat moved successfully.
C:\Program Files\Common Files\wyjyq.pif moved successfully.
C:\WINDOWS\uvabow.lib moved successfully.
C:\WINDOWS\System32\risukuwu.com moved successfully.
C:\Documents and Settings\All Users\Documents\avejemenek.lib moved successfully.
C:\WINDOWS\sumipina._sy moved successfully.
C:\WINDOWS\opom.vbs moved successfully.
C:\Documents and Settings\All Users\Application Data\acegyl.exe moved successfully.
C:\WINDOWS\covis.ban moved successfully.
LoadLibrary failed for C:\Documents and Settings\All Users\Documents\anasi.dll
C:\Documents and Settings\All Users\Documents\anasi.dll NOT unregistered.
C:\Documents and Settings\All Users\Documents\anasi.dll moved successfully.
C:\WINDOWS\System32\ekapop.lib moved successfully.
C:\WINDOWS\tedocegu._sy moved successfully.
C:\Documents and Settings\All Users\Documents\ucyzycupib.sys moved successfully.
C:\WINDOWS\iloluv._dl moved successfully.
C:\Documents and Settings\Hannah\Local Settings\Application Data\uhitycupy.pif moved successfully.
C:\Documents and Settings\Hannah\Application Data\ipur.com moved successfully.
C:\Documents and Settings\Hannah\Local Settings\Application Data\gilo._sy moved successfully.
C:\Documents and Settings\All Users\Documents\pufilafu._dl moved successfully.
C:\Documents and Settings\Hannah\Local Settings\Application Data\fabuwu.com moved successfully.
C:\Program Files\Common Files\uhes.exe moved successfully.
C:\Program Files\Common Files\jolof.com moved successfully.
C:\Documents and Settings\Hannah\Application Data\mafaqofyk.vbs moved successfully.
C:\Documents and Settings\All Users\Application Data\fizid.scr moved successfully.
C:\Documents and Settings\Hannah\Local Settings\Application Data\sewa._sy moved successfully.
C:\Documents and Settings\Hannah\Local Settings\Application Data\ebibikehav.db moved successfully.
C:\Documents and Settings\All Users\Application Data\myco.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\gynaqy._sy moved successfully.
C:\Documents and Settings\Hannah\Local Settings\Application Data\qyfonowaq.exe moved successfully.
C:\Documents and Settings\All Users\Documents\xadyxufehi.inf moved successfully.
C:\Documents and Settings\Hannah\Application Data\iloqatexe.bat moved successfully.
C:\Program Files\Common Files\yxis.inf moved successfully.
C:\WINDOWS\fyjy.ban moved successfully.
C:\WINDOWS\dotanaha.com moved successfully.
C:\Documents and Settings\All Users\Documents\fyvozopi.bin moved successfully.
C:\Program Files\Common Files\ikototy.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\xewilyvyxy.ban moved successfully.
C:\WINDOWS\System32\okotyticiz.lib moved successfully.
C:\Program Files\Common Files\erynytut.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ydegexyn.exe moved successfully.
C:\WINDOWS\osuvo.pif moved successfully.
C:\WINDOWS\uboluli.db moved successfully.
C:\WINDOWS\System32\zaxarexoh.pif moved successfully.
C:\Documents and Settings\Hannah\Application Data\zujizeqe.ban moved successfully.
C:\Program Files\Common Files\evoqohutew.inf moved successfully.
C:\Documents and Settings\Hannah\Local Settings\Application Data\hoholynuh.sys moved successfully.
C:\WINDOWS\mute._dl moved successfully.
C:\Documents and Settings\Hannah\Application Data\uqotawez.inf moved successfully.
C:\Documents and Settings\All Users\Documents\nigyg.dl moved successfully.
C:\Program Files\Common Files\ahumibeky.scr moved successfully.
C:\WINDOWS\abuw.db moved successfully.
C:\Documents and Settings\Hannah\Local Settings\Application Data\zipotiru.inf moved successfully.
C:\Documents and Settings\Hannah\Application Data\mefy.db moved successfully.
C:\WINDOWS\opujekyha.reg moved successfully.
C:\Documents and Settings\All Users\Documents\qihy.scr moved successfully.
C:\Documents and Settings\Hannah\Application Data\wygol.ban moved successfully.
C:\Program Files\Common Files\mojumazefe.bat moved successfully.
C:\p2hhr.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Hannah
->Temp folder emptied: 636463717 bytes
->Temporary Internet Files folder emptied: 362442660 bytes
->Java cache emptied: 19859629 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 4196539 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 18482337 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 993.26 mb


OTL by OldTimer - Version 3.0.10.5 log created on 08252009_104311

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:cru629.dat\Extensio. scheduled to be deleted on reboot.




New OTL log:

OTL logfile created on: 25/08/2009 10:55:45 - Run 2
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Hannah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 507.66 Mb Available Physical Memory | 50.05% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.25% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 56.11 Gb Free Space | 78.98% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.91 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAGGIE
Current User Name: Hannah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/09/17 14:25:44 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 13:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/18 18:39:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/14 13:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2009/05/18 18:39:53 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/08/26 21:51:00 | 16,851,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007/12/21 05:40:30 | 00,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2008/02/28 23:00:04 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2008/02/28 23:00:14 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/08/28 19:34:52 | 01,044,480 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/02/28 23:00:16 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2008/10/20 19:32:54 | 02,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008/10/07 03:07:26 | 00,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/08/24 20:59:08 | 00,595,113 | ---- | M] () -- C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
PRC - [2008/04/14 14:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/02/28 23:00:10 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
PRC - [2008/09/17 14:25:46 | 00,580,200 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/05/21 05:02:08 | 00,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
PRC - [2009/05/22 15:57:15 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2008/05/22 01:44:30 | 00,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
PRC - [2008/09/17 14:25:46 | 01,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/06/29 09:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/05/13 17:46:18 | 00,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2009/08/11 10:38:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/09/17 14:25:44 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/08/21 17:55:24 | 00,052,224 | ---- | M] () -- C:\Program Files\DDnsFilter\DDnsFilter.dll -- (ddnsfilter [Auto | Start_Pending])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - File not found -- -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 13:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/18 18:39:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/05/13 17:44:00 | 00,077,480 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/10/08 07:35:10 | 01,334,432 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\athw.sys -- (AR5416 [On_Demand | Running])
DRV - [2009/08/13 22:00:52 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
DRV - [2008/07/27 00:29:28 | 00,539,640 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2008/07/27 00:29:36 | 00,037,424 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])
DRV - [2008/07/29 16:59:08 | 00,879,832 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2008/07/29 16:59:02 | 00,156,816 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Running])
DRV - [2008/07/27 00:29:54 | 00,074,688 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
DRV - [2008/01/15 04:01:02 | 00,030,208 | ---- | M] (Samsung Electronics,.LTD) -- C:\WINDOWS\System32\drivers\SamsungEDS.sys -- (DNSeFilter [On_Demand | Running])
DRV - [2009/08/21 17:55:24 | 00,038,016 | ---- | M] (DnsFilter) -- C:\WINDOWS\System32\drivers\DnsFilter.sys -- (DnsFilter [System | Running])
DRV - [2005/10/27 05:18:05 | 00,004,300 | ---- | M] () -- C:\WINDOWS\System32\MEMIO.SYS -- (DOSMEMIO [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2008/04/14 13:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/02/15 21:12:06 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2008/08/27 00:35:00 | 04,753,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/04/14 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/14 13:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/08/28 19:18:14 | 00,224,736 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/09/23 21:23:58 | 00,238,464 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\System32\Drivers\VMC326.sys -- (VMC326 [On_Demand | Running])
DRV - [2008/11/07 10:04:00 | 00,291,328 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...N&bmod=SMSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/12 09:22:04 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe ()
O4 - HKLM..\Run: [PC Antispyware 2010] C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [sysldtray] C:\windows\ld12.exe ()
O4 - HKCU..\Run: [braviax] C:\WINDOWS\System32\braviax.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Hannah\Desktop\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cru629.dat\Extensio.) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/12 20:26:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/25 10:43:12 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/25 10:40:58 | 00,001,941 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\1251193237739-integrated.jnlp
[2009/08/25 10:32:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hannah\Desktop\JavaRa
[2009/08/25 10:31:01 | 00,071,798 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\JavaRa.zip
[2009/08/25 10:29:38 | 00,019,432 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\makepe.dat
[2009/08/25 10:29:38 | 00,019,125 | ---- | C] () -- C:\WINDOWS\System32\wunuxyz.sys
[2009/08/25 10:29:38 | 00,019,040 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\xonyzi.inf
[2009/08/25 10:29:38 | 00,018,899 | ---- | C] () -- C:\WINDOWS\ikiqari.vbs
[2009/08/25 10:29:38 | 00,018,448 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\mojype.bin
[2009/08/25 10:29:38 | 00,017,138 | ---- | C] () -- C:\WINDOWS\System32\vitop.inf
[2009/08/25 10:29:38 | 00,016,487 | ---- | C] () -- C:\Program Files\Common Files\qyma.com
[2009/08/25 10:29:38 | 00,015,357 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\yfozodok._sy
[2009/08/25 10:29:38 | 00,015,017 | ---- | C] () -- C:\WINDOWS\System32\uqowug.dll
[2009/08/25 10:29:38 | 00,014,887 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\alehije.scr
[2009/08/25 10:29:38 | 00,014,782 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\ykyti.sys
[2009/08/25 10:29:38 | 00,014,311 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\simem.scr
[2009/08/25 10:29:38 | 00,013,794 | ---- | C] () -- C:\WINDOWS\System32\ecyb.ban
[2009/08/25 10:29:38 | 00,013,675 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ysekitabyt.sys
[2009/08/25 10:29:38 | 00,011,944 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\uwyhuvowax.sys
[2009/08/25 10:29:38 | 00,010,737 | ---- | C] () -- C:\WINDOWS\System32\jyperanog.bat
[2009/08/25 10:29:38 | 00,010,575 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ifemevyjol._dl
[2009/08/25 10:29:38 | 00,010,087 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ewyz.pif
[2009/08/25 10:29:21 | 00,001,686 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\PC_Antispyware2010.lnk
[2009/08/25 10:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\PC_Antispyware2010
[2009/08/24 22:01:28 | 00,012,854 | ---- | C] () -- C:\Program Files\Common Files\mapibi.com
[2009/08/21 17:55:24 | 00,038,016 | ---- | C] (DnsFilter) -- C:\WINDOWS\System32\drivers\DnsFilter.sys
[2009/08/21 17:55:24 | 00,000,000 | ---D | C] -- C:\Program Files\DDnsFilter
[2009/08/14 20:22:14 | 00,019,580 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\gizetusosi.reg
[2009/08/14 20:22:14 | 00,018,922 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\edenapy.bat
[2009/08/14 20:22:14 | 00,018,783 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\efabo.dll
[2009/08/14 20:22:14 | 00,018,512 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tymodyzyre.db
[2009/08/14 20:22:14 | 00,018,272 | ---- | C] () -- C:\Program Files\Common Files\dulazi.scr
[2009/08/14 20:22:14 | 00,017,511 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypojifus.inf
[2009/08/14 20:22:14 | 00,017,333 | ---- | C] () -- C:\WINDOWS\josutilofa.scr
[2009/08/14 20:22:14 | 00,016,895 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\utum.pif
[2009/08/14 20:22:14 | 00,016,358 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oxel.com
[2009/08/14 20:22:14 | 00,016,325 | ---- | C] () -- C:\WINDOWS\yviwycisox.dl
[2009/08/14 20:22:14 | 00,016,259 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pazocera.exe
[2009/08/14 20:22:14 | 00,015,545 | ---- | C] () -- C:\Program Files\Common Files\bici.bat
[2009/08/14 20:22:14 | 00,015,463 | ---- | C] () -- C:\WINDOWS\System32\apib.pif
[2009/08/14 20:22:14 | 00,015,460 | ---- | C] () -- C:\WINDOWS\System32\tyjulol.exe
[2009/08/14 20:22:14 | 00,015,149 | ---- | C] () -- C:\Program Files\Common Files\ilogedo.vbs
[2009/08/14 20:22:14 | 00,014,817 | ---- | C] () -- C:\WINDOWS\System32\jinikaleh.vbs
[2009/08/14 20:22:14 | 00,014,796 | ---- | C] () -- C:\WINDOWS\namyvew._dl
[2009/08/14 20:22:14 | 00,013,901 | ---- | C] () -- C:\WINDOWS\egizy.inf
[2009/08/14 20:22:14 | 00,013,218 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\ovaje.dl
[2009/08/14 20:22:14 | 00,012,934 | ---- | C] () -- C:\Program Files\Common Files\ogafos.scr
[2009/08/14 20:22:14 | 00,012,826 | ---- | C] () -- C:\WINDOWS\System32\ygylofyka.bat
[2009/08/14 20:22:14 | 00,012,737 | ---- | C] () -- C:\WINDOWS\jivecocyt.reg
[2009/08/14 20:22:14 | 00,012,267 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\izivo._sy
[2009/08/14 20:22:14 | 00,011,983 | ---- | C] () -- C:\WINDOWS\ohakysagox.inf
[2009/08/14 20:22:14 | 00,011,810 | ---- | C] () -- C:\WINDOWS\kybumy.db
[2009/08/14 20:22:14 | 00,011,683 | ---- | C] () -- C:\Program Files\Common Files\cunycili.vbs
[2009/08/14 20:22:14 | 00,011,658 | ---- | C] () -- C:\WINDOWS\sirujuz.dat
[2009/08/14 20:22:14 | 00,011,047 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\fybyq.dll
[2009/08/14 20:22:14 | 00,010,196 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cotid.lib
[2009/08/13 22:06:46 | 00,018,430 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\lasapavu.pif
[2009/08/13 22:06:46 | 00,016,351 | ---- | C] () -- C:\Program Files\Common Files\isyfoqe.com
[2009/08/13 22:06:46 | 00,015,617 | ---- | C] () -- C:\Program Files\Common Files\qirolexot.dat
[2009/08/13 22:06:46 | 00,013,919 | ---- | C] () -- C:\WINDOWS\System32\adigocinud.lib
[2009/08/13 22:06:46 | 00,013,056 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\rajehyt.inf
[2009/08/13 22:06:46 | 00,011,272 | ---- | C] () -- C:\WINDOWS\System32\iwyziqize.com
[2009/08/13 22:06:46 | 00,010,930 | ---- | C] () -- C:\WINDOWS\imisicefy.sys
[2009/08/13 22:06:45 | 00,019,914 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\yhajel.dat
[2009/08/13 22:06:45 | 00,019,861 | ---- | C] () -- C:\WINDOWS\ximesuceqi.reg
[2009/08/13 22:06:45 | 00,019,110 | ---- | C] () -- C:\WINDOWS\ovivynuhub.bin
[2009/08/13 22:06:45 | 00,017,242 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\itisa.bat
[2009/08/13 22:06:45 | 00,016,163 | ---- | C] () -- C:\WINDOWS\System32\diligedav.bat
[2009/08/13 22:06:45 | 00,015,224 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\hudifi.ban
[2009/08/13 22:06:45 | 00,014,682 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tafalydu.exe
[2009/08/13 22:06:45 | 00,014,613 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\ofim.db
[2009/08/13 22:06:45 | 00,014,490 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\izupubyge._dl
[2009/08/13 22:06:45 | 00,014,034 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\oqebupikaf.dl
[2009/08/13 22:06:45 | 00,013,944 | ---- | C] () -- C:\WINDOWS\mehagu.pif
[2009/08/13 22:06:45 | 00,013,737 | ---- | C] () -- C:\WINDOWS\hiwykofyju.dl
[2009/08/13 22:06:45 | 00,012,587 | ---- | C] () -- C:\Program Files\Common Files\ymewudu.bin
[2009/08/13 22:06:45 | 00,012,222 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ucekivyrej.dl
[2009/08/13 22:06:45 | 00,012,206 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\tydujakum.dll
[2009/08/13 22:06:45 | 00,011,674 | ---- | C] () -- C:\Program Files\Common Files\yjavowarap.dll
[2009/08/13 22:06:45 | 00,010,806 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\zehymebij.bat
[2009/08/13 22:06:45 | 00,010,684 | ---- | C] () -- C:\WINDOWS\System32\sakihoj.lib
[2009/08/13 22:06:45 | 00,010,459 | ---- | C] () -- C:\WINDOWS\xuna.dl
[2009/08/13 22:06:45 | 00,010,071 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\iqyko.scr
[2009/08/13 22:06:29 | 00,348,329 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_scui.cpl
[2009/08/13 22:03:08 | 00,011,264 | ---- | C] () -- C:\WINDOWS\braviax.exe
[2009/08/13 22:03:08 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\cru629.dat
[2009/08/13 22:03:08 | 00,006,144 | ---- | C] () -- C:\WINDOWS\cru629.dat
[2009/08/13 22:01:54 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101464949.fx
[2009/08/13 22:01:53 | 00,000,002 | ---- | C] () -- C:\WINDOWS\010112010146120114.fx
[2009/08/13 22:01:05 | 00,191,131 | ---- | C] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/13 22:00:53 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/13 22:00:53 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/13 22:00:52 | 00,051,200 | ---- | C] () -- C:\WINDOWS\ld12.exe
[2009/08/13 22:00:52 | 00,000,247 | ---- | C] () -- C:\WINDOWS\prxid93ps.dat
[2009/08/13 22:00:51 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/12 09:24:35 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/12 09:21:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/12 09:20:59 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/12 09:20:51 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/12 09:20:24 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/12 09:20:24 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/12 09:20:24 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/12 09:20:24 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/12 09:20:24 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/12 09:20:24 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/12 09:20:24 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/11 10:38:57 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe
[2009/08/11 10:14:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hannah\Application Data\Malwarebytes
[2009/08/11 10:14:51 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/11 10:14:49 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/11 10:14:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/11 10:14:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/11 10:14:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/08 10:32:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/08 00:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
[2009/08/06 10:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/06 10:46:00 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/04/29 08:35:14 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Hannah_KBD.ini
[2009/03/18 20:27:21 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/12 20:37:53 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/02/12 20:37:53 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2009/02/12 20:37:51 | 00,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/02/12 20:37:51 | 00,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/02/12 20:37:51 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/02/12 20:37:51 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/02/12 20:37:51 | 00,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/02/12 20:37:51 | 00,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/02/12 20:37:51 | 00,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/02/12 20:37:51 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/02/12 20:37:51 | 00,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/02/12 20:37:51 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/02/12 20:37:51 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/02/12 20:37:51 | 00,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/02/12 20:37:51 | 00,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/02/12 20:37:51 | 00,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/02/12 20:37:51 | 00,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/02/12 20:37:51 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/02/12 20:37:51 | 00,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/02/12 20:35:41 | 00,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/02/12 20:35:41 | 00,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/02/12 20:32:23 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/02/12 20:29:56 | 00,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/02/12 19:06:19 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/02/12 19:05:46 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2009/02/12 19:05:43 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/09/17 14:20:08 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[2009/08/25 10:48:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/25 10:48:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/25 10:48:20 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/25 10:48:18 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/25 10:48:18 | 00,011,264 | ---- | M] () -- C:\WINDOWS\braviax.exe
[2009/08/25 10:48:18 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat
[2009/08/25 10:48:18 | 00,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat
[2009/08/25 10:40:58 | 00,001,941 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\1251193237739-integrated.jnlp
[2009/08/25 10:31:02 | 00,071,798 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\JavaRa.zip
[2009/08/25 10:29:38 | 00,019,432 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\makepe.dat
[2009/08/25 10:29:38 | 00,019,125 | ---- | M] () -- C:\WINDOWS\System32\wunuxyz.sys
[2009/08/25 10:29:38 | 00,019,040 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\xonyzi.inf
[2009/08/25 10:29:38 | 00,018,899 | ---- | M] () -- C:\WINDOWS\ikiqari.vbs
[2009/08/25 10:29:38 | 00,018,448 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\mojype.bin
[2009/08/25 10:29:38 | 00,017,138 | ---- | M] () -- C:\WINDOWS\System32\vitop.inf
[2009/08/25 10:29:38 | 00,016,487 | ---- | M] () -- C:\Program Files\Common Files\qyma.com
[2009/08/25 10:29:38 | 00,015,357 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\yfozodok._sy
[2009/08/25 10:29:38 | 00,015,017 | ---- | M] () -- C:\WINDOWS\System32\uqowug.dll
[2009/08/25 10:29:38 | 00,014,887 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\alehije.scr
[2009/08/25 10:29:38 | 00,014,782 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\ykyti.sys
[2009/08/25 10:29:38 | 00,014,311 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\simem.scr
[2009/08/25 10:29:38 | 00,013,794 | ---- | M] () -- C:\WINDOWS\System32\ecyb.ban
[2009/08/25 10:29:38 | 00,013,675 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ysekitabyt.sys
[2009/08/25 10:29:38 | 00,011,944 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\uwyhuvowax.sys
[2009/08/25 10:29:38 | 00,010,737 | ---- | M] () -- C:\WINDOWS\System32\jyperanog.bat
[2009/08/25 10:29:38 | 00,010,575 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ifemevyjol._dl
[2009/08/25 10:29:38 | 00,010,087 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ewyz.pif
[2009/08/25 10:29:21 | 00,001,686 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\PC_Antispyware2010.lnk
[2009/08/24 22:01:28 | 00,012,854 | ---- | M] () -- C:\Program Files\Common Files\mapibi.com
[2009/08/24 22:00:39 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/24 20:59:12 | 00,348,329 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\_scui.cpl
[2009/08/21 17:55:24 | 00,038,016 | ---- | M] (DnsFilter) -- C:\WINDOWS\System32\drivers\DnsFilter.sys
[2009/08/14 20:22:40 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/14 20:22:14 | 00,019,580 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\gizetusosi.reg
[2009/08/14 20:22:14 | 00,018,922 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\edenapy.bat
[2009/08/14 20:22:14 | 00,018,783 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\efabo.dll
[2009/08/14 20:22:14 | 00,018,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\tymodyzyre.db
[2009/08/14 20:22:14 | 00,018,272 | ---- | M] () -- C:\Program Files\Common Files\dulazi.scr
[2009/08/14 20:22:14 | 00,017,511 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ypojifus.inf
[2009/08/14 20:22:14 | 00,017,333 | ---- | M] () -- C:\WINDOWS\josutilofa.scr
[2009/08/14 20:22:14 | 00,016,895 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\utum.pif
[2009/08/14 20:22:14 | 00,016,358 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\oxel.com
[2009/08/14 20:22:14 | 00,016,325 | ---- | M] () -- C:\WINDOWS\yviwycisox.dl
[2009/08/14 20:22:14 | 00,016,259 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pazocera.exe
[2009/08/14 20:22:14 | 00,015,545 | ---- | M] () -- C:\Program Files\Common Files\bici.bat
[2009/08/14 20:22:14 | 00,015,463 | ---- | M] () -- C:\WINDOWS\System32\apib.pif
[2009/08/14 20:22:14 | 00,015,460 | ---- | M] () -- C:\WINDOWS\System32\tyjulol.exe
[2009/08/14 20:22:14 | 00,015,149 | ---- | M] () -- C:\Program Files\Common Files\ilogedo.vbs
[2009/08/14 20:22:14 | 00,014,817 | ---- | M] () -- C:\WINDOWS\System32\jinikaleh.vbs
[2009/08/14 20:22:14 | 00,014,796 | ---- | M] () -- C:\WINDOWS\namyvew._dl
[2009/08/14 20:22:14 | 00,013,901 | ---- | M] () -- C:\WINDOWS\egizy.inf
[2009/08/14 20:22:14 | 00,013,218 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\ovaje.dl
[2009/08/14 20:22:14 | 00,012,934 | ---- | M] () -- C:\Program Files\Common Files\ogafos.scr
[2009/08/14 20:22:14 | 00,012,826 | ---- | M] () -- C:\WINDOWS\System32\ygylofyka.bat
[2009/08/14 20:22:14 | 00,012,737 | ---- | M] () -- C:\WINDOWS\jivecocyt.reg
[2009/08/14 20:22:14 | 00,012,267 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\izivo._sy
[2009/08/14 20:22:14 | 00,011,983 | ---- | M] () -- C:\WINDOWS\ohakysagox.inf
[2009/08/14 20:22:14 | 00,011,810 | ---- | M] () -- C:\WINDOWS\kybumy.db
[2009/08/14 20:22:14 | 00,011,683 | ---- | M] () -- C:\Program Files\Common Files\cunycili.vbs
[2009/08/14 20:22:14 | 00,011,658 | ---- | M] () -- C:\WINDOWS\sirujuz.dat
[2009/08/14 20:22:14 | 00,011,047 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\fybyq.dll
[2009/08/14 20:22:14 | 00,010,196 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cotid.lib
[2009/08/13 22:06:46 | 00,019,861 | ---- | M] () -- C:\WINDOWS\ximesuceqi.reg
[2009/08/13 22:06:46 | 00,018,430 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\lasapavu.pif
[2009/08/13 22:06:46 | 00,016,351 | ---- | M] () -- C:\Program Files\Common Files\isyfoqe.com
[2009/08/13 22:06:46 | 00,015,617 | ---- | M] () -- C:\Program Files\Common Files\qirolexot.dat
[2009/08/13 22:06:46 | 00,013,919 | ---- | M] () -- C:\WINDOWS\System32\adigocinud.lib
[2009/08/13 22:06:46 | 00,013,056 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\rajehyt.inf
[2009/08/13 22:06:46 | 00,011,272 | ---- | M] () -- C:\WINDOWS\System32\iwyziqize.com
[2009/08/13 22:06:46 | 00,010,930 | ---- | M] () -- C:\WINDOWS\imisicefy.sys
[2009/08/13 22:06:45 | 00,019,914 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\yhajel.dat
[2009/08/13 22:06:45 | 00,019,110 | ---- | M] () -- C:\WINDOWS\ovivynuhub.bin
[2009/08/13 22:06:45 | 00,017,242 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\itisa.bat
[2009/08/13 22:06:45 | 00,016,163 | ---- | M] () -- C:\WINDOWS\System32\diligedav.bat
[2009/08/13 22:06:45 | 00,015,224 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\hudifi.ban
[2009/08/13 22:06:45 | 00,014,682 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\tafalydu.exe
[2009/08/13 22:06:45 | 00,014,613 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\ofim.db
[2009/08/13 22:06:45 | 00,014,490 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\izupubyge._dl
[2009/08/13 22:06:45 | 00,014,034 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\oqebupikaf.dl
[2009/08/13 22:06:45 | 00,013,944 | ---- | M] () -- C:\WINDOWS\mehagu.pif
[2009/08/13 22:06:45 | 00,013,737 | ---- | M] () -- C:\WINDOWS\hiwykofyju.dl
[2009/08/13 22:06:45 | 00,012,587 | ---- | M] () -- C:\Program Files\Common Files\ymewudu.bin
[2009/08/13 22:06:45 | 00,012,222 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ucekivyrej.dl
[2009/08/13 22:06:45 | 00,012,206 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\tydujakum.dll
[2009/08/13 22:06:45 | 00,011,674 | ---- | M] () -- C:\Program Files\Common Files\yjavowarap.dll
[2009/08/13 22:06:45 | 00,010,806 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\zehymebij.bat
[2009/08/13 22:06:45 | 00,010,684 | ---- | M] () -- C:\WINDOWS\System32\sakihoj.lib
[2009/08/13 22:06:45 | 00,010,459 | ---- | M] () -- C:\WINDOWS\xuna.dl
[2009/08/13 22:06:45 | 00,010,071 | ---- | M] () -- C:\Documents and Settings\Hannah\Application Data\iqyko.scr
[2009/08/13 22:05:47 | 00,012,328 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 22:01:54 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101464949.fx
[2009/08/13 22:01:53 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146120114.fx
[2009/08/13 22:01:12 | 00,191,131 | ---- | M] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/13 22:00:52 | 00,051,200 | ---- | M] () -- C:\WINDOWS\ld12.exe
[2009/08/13 22:00:52 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/13 22:00:52 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/13 22:00:52 | 00,000,247 | ---- | M] () -- C:\WINDOWS\prxid93ps.dat
[2009/08/13 09:32:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/12 09:33:09 | 00,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/12 09:25:41 | 00,488,776 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/12 09:25:41 | 00,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/12 09:25:41 | 00,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/11 10:38:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe
[2009/08/11 10:14:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/08 10:00:03 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/07 15:16:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/27 23:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:23 PM

Posted 25 August 2009 - 10:19 AM

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Weeble93

Weeble93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 26 August 2009 - 05:04 AM

ComboFix log:

ComboFix 09-08-25.04 - Hannah 26/08/2009 10:44.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.518 [GMT 1:00]
Running from: c:\documents and settings\Hannah\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
PEV Error: CacheFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\alehije.scr
c:\documents and settings\All Users\Application Data\cotid.lib
c:\documents and settings\All Users\Application Data\himifugy.com
c:\documents and settings\All Users\Application Data\ifemevyjol._dl
c:\documents and settings\All Users\Application Data\izivo._sy
c:\documents and settings\All Users\Application Data\oxel.com
c:\documents and settings\All Users\Application Data\tafalydu.exe
c:\documents and settings\All Users\Application Data\ucekivyrej.dl
c:\documents and settings\All Users\Application Data\ypojifus.inf
c:\documents and settings\All Users\Documents\efabo.dll
c:\documents and settings\All Users\Documents\ewyz.pif
c:\documents and settings\All Users\Documents\itisa.bat
c:\documents and settings\All Users\Documents\mojype.bin
c:\documents and settings\All Users\Documents\pazocera.exe
c:\documents and settings\All Users\Documents\tydujakum.dll
c:\documents and settings\All Users\Documents\ysekitabyt.sys
c:\documents and settings\Hannah\Application Data\edenapy.bat
c:\documents and settings\Hannah\Application Data\gizetusosi.reg
c:\documents and settings\Hannah\Application Data\iqyko.scr
c:\documents and settings\Hannah\Application Data\lasapavu.pif
c:\documents and settings\Hannah\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
c:\documents and settings\Hannah\Application Data\oqebupikaf.dl
c:\documents and settings\Hannah\Application Data\ovaje.dl
c:\documents and settings\Hannah\Application Data\simem.scr
c:\documents and settings\Hannah\Application Data\uwyhuvowax.sys
c:\documents and settings\Hannah\Application Data\xonyzi.inf
c:\documents and settings\Hannah\Application Data\ykyti.sys
c:\documents and settings\Hannah\Cookies\adubik.scr
c:\documents and settings\Hannah\Cookies\afujecosep.bin
c:\documents and settings\Hannah\Cookies\amobidukyg.vbs
c:\documents and settings\Hannah\Cookies\eravivobom.bin
c:\documents and settings\Hannah\Cookies\ivetorike.sys
c:\documents and settings\Hannah\Cookies\naxyp._dl
c:\documents and settings\Hannah\Cookies\ojafemodud.scr
c:\documents and settings\Hannah\Cookies\unojy.pif
c:\documents and settings\Hannah\Cookies\wuwomije.dat
c:\documents and settings\Hannah\Desktop\PC_Antispyware2010.lnk
c:\documents and settings\Hannah\Local Settings\Application Data\fybyq.dll
c:\documents and settings\Hannah\Local Settings\Application Data\hudifi.ban
c:\documents and settings\Hannah\Local Settings\Application Data\izupubyge._dl
c:\documents and settings\Hannah\Local Settings\Application Data\rajehyt.inf
c:\documents and settings\Hannah\Local Settings\Application Data\utum.pif
c:\documents and settings\Hannah\Local Settings\Application Data\zehymebij.bat
c:\documents and settings\Hannah\Start Menu\Programs\PC_Antispyware2010
c:\documents and settings\Hannah\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk
c:\documents and settings\Hannah\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk
c:\program files\Common Files\bici.bat
c:\program files\Common Files\cunycili.vbs
c:\program files\Common Files\dulazi.scr
c:\program files\Common Files\ilogedo.vbs
c:\program files\Common Files\isyfoqe.com
c:\program files\Common Files\mapibi.com
c:\program files\Common Files\ogafos.scr
c:\program files\Common Files\qyma.com
c:\program files\Common Files\yjavowarap.dll
c:\program files\Common Files\ymewudu.bin
c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\program files\PC_Antispyware2010\wscui.cpl
c:\recycler\S-1-5-21-1960408961-682003330-842925246-1003
c:\recycler\S-1-5-21-931196064-335735689-1684122734-1005
c:\windows\010112010146120114.fx
c:\windows\0101120101464949.fx
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\egizy.inf
c:\windows\hiwykofyju.dl
c:\windows\ikiqari.vbs
c:\windows\imisicefy.sys
c:\windows\Installer\a213.msi
c:\windows\jivecocyt.reg
c:\windows\josutilofa.scr
c:\windows\ld12.exe
c:\windows\mehagu.pif
c:\windows\msetup
c:\windows\msetup\MSetup.exe
c:\windows\namyvew._dl
c:\windows\ohakysagox.inf
c:\windows\ovivynuhub.bin
c:\windows\prxid93ps.dat
c:\windows\system32\_scui.cpl
c:\windows\system32\apib.pif
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\diligedav.bat
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\drivers\DnsFilter.sys
c:\windows\system32\ecyb.ban
c:\windows\system32\jinikaleh.vbs
c:\windows\system32\jyperanog.bat
c:\windows\system32\tyjulol.exe
c:\windows\system32\uqowug.dll
c:\windows\system32\vitop.inf
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\wunuxyz.sys
c:\windows\system32\ygylofyka.bat
c:\windows\ximesuceqi.reg
c:\windows\xuna.dl
c:\windows\yviwycisox.dl

c:\windows\system32\drivers\beep.sys . . . is infected!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX
-------\Legacy_ddnsfilter
-------\Legacy_DnsFilter
-------\Service_ddnsfilter
-------\Service_DnsFilter


((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-25 09:43 . 2009-08-25 09:43 -------- d-----w- C:\_OTL
2009-08-14 19:22 . 2009-08-14 19:22 11658 ----a-w- c:\windows\sirujuz.dat
2009-08-13 21:06 . 2009-08-13 21:06 15617 ----a-w- c:\program files\Common Files\qirolexot.dat
2009-08-13 21:06 . 2009-08-13 21:06 11272 ----a-w- c:\windows\system32\iwyziqize.com
2009-08-13 21:06 . 2009-08-13 21:06 19914 ----a-w- c:\documents and settings\Hannah\Local Settings\Application Data\yhajel.dat
2009-08-13 21:00 . 2008-04-14 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-12 08:21 . 2009-08-12 08:21 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-12 08:20 . 2009-08-12 08:20 -------- d-----w- c:\program files\MSBuild
2009-08-12 08:20 . 2009-08-12 08:20 -------- d-----w- c:\program files\Reference Assemblies
2009-08-12 08:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-12 08:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-12 08:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-12 08:20 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-12 08:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-12 08:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-12 08:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-11 09:14 . 2009-08-11 09:14 -------- d-----w- c:\documents and settings\Hannah\Application Data\Malwarebytes
2009-08-11 09:14 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 09:14 . 2009-08-11 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 09:14 . 2009-08-11 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-11 09:14 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 09:32 . 2009-08-08 10:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-07 23:19 . 2009-08-07 23:19 -------- d-----w- c:\program files\Common Files\Panda Security
2009-08-06 09:46 . 2009-08-06 09:47 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-06 09:46 . 2009-08-06 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-06 09:46 . 2009-08-06 15:47 -------- d-----w- c:\program files\NOS
2009-07-31 20:11 . 2009-07-07 08:23 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-31 20:11 . 2009-07-07 08:23 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-07-31 20:11 . 2009-07-07 08:23 1471768 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-31 20:11 . 2009-07-07 08:23 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 09:53 . 2009-06-07 14:28 -------- d-----w- c:\documents and settings\Hannah\Application Data\LimeWire
2009-08-25 09:32 . 2009-02-12 19:29 -------- d-----w- c:\program files\Java
2009-08-13 21:05 . 2009-05-05 04:27 12328 ----a-w- c:\documents and settings\Hannah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 10:38 . 2009-02-12 19:35 -------- d-----w- c:\program files\Google
2009-08-08 08:08 . 2009-07-07 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-07 23:19 . 2009-02-12 19:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2009-02-12 18:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-18 08:07 . 2009-07-18 08:08 2301720 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-18 08:07 . 2009-07-18 08:08 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-18 08:07 . 2009-07-18 08:08 1111320 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll
2009-07-18 08:07 . 2009-07-18 08:08 2291480 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgfwui.dll
2009-07-17 19:01 . 2009-02-12 18:05 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 11:21 . 2009-02-12 18:05 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 08:27 . 2009-07-08 08:27 692504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcsrvx.exe
2009-07-08 08:27 . 2009-07-08 08:27 382744 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgclitx.dll
2009-07-08 08:27 . 2009-07-08 08:27 417560 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcclix.dll
2009-07-08 08:27 . 2009-07-08 08:27 69912 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcrlpx.dll
2009-07-08 08:27 . 2009-07-08 08:27 2053912 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-07 08:24 . 2009-07-07 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-07 08:24 . 2009-07-31 20:27 11952 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-07-07 08:24 . 2009-07-31 20:27 335752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-07 08:24 . 2009-07-31 20:27 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-07-07 07:35 . 2009-07-07 07:35 -------- d-----w- c:\documents and settings\Hannah\Application Data\AVG8
2009-07-02 17:44 . 2009-05-05 03:19 -------- d-----w- c:\documents and settings\Hannah\Application Data\Apple Computer
2009-06-29 16:12 . 2009-02-12 18:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-02-12 18:05 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2009-02-12 18:05 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-27 10:01 . 2009-06-27 10:01 -------- d-----w- c:\documents and settings\Hannah\Application Data\Move Networks
2009-06-27 10:01 . 2009-06-27 10:01 34062 ----a-w- c:\documents and settings\Hannah\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-16 14:36 . 2009-02-12 18:05 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2009-02-12 18:05 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2009-02-12 18:05 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2009-02-12 18:05 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2009-02-12 19:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2009-02-12 18:05 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2009-02-12 18:05 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-26 16851456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Hannah\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [12/02/2009 20:29 4300]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 04:01 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [12/02/2009 20:33 238464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 10:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1656)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Samsung\MagicKBD\MagicKBD.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-26 10:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-26 09:56

Pre-Run: 60,196,499,456 bytes free
Post-Run: 60,136,947,712 bytes free

325 --- E O F --- 2009-08-13 21:07

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:23 PM

Posted 26 August 2009 - 10:28 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

NetSvc::
ddnsfilter

File::
c:\documents and settings\Hannah\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\windows\sirujuz.dat
c:\program files\Common Files\qirolexot.dat
c:\windows\system32\iwyziqize.com
c:\documents and settings\Hannah\Local Settings\Application Data\yhajel.dat

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Weeble93

Weeble93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 28 August 2009 - 06:09 AM

results from combo-fix:

ComboFix 09-08-25.04 - Hannah 28/08/2009 12:00.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.542 [GMT 1:00]
Running from: c:\documents and settings\Hannah\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Hannah\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Hannah\Local Settings\Application Data\yhajel.dat"
"c:\documents and settings\Hannah\Start Menu\Programs\Startup\LimeWire On Startup.lnk"
"c:\program files\Common Files\qirolexot.dat"
"c:\windows\sirujuz.dat"
"c:\windows\system32\iwyziqize.com"
.
PEV Error: CacheFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Hannah\Local Settings\Application Data\yhajel.dat
c:\documents and settings\Hannah\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\program files\Common Files\qirolexot.dat
c:\windows\sirujuz.dat
c:\windows\system32\iwyziqize.com

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-25 09:43 . 2009-08-25 09:43 -------- d-----w- C:\_OTL
2009-08-13 21:00 . 2008-04-14 12:00 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-08-12 08:21 . 2009-08-12 08:21 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-12 08:20 . 2009-08-12 08:20 -------- d-----w- c:\program files\MSBuild
2009-08-12 08:20 . 2009-08-12 08:20 -------- d-----w- c:\program files\Reference Assemblies
2009-08-12 08:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-12 08:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-12 08:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-12 08:20 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-12 08:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-12 08:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-12 08:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-11 09:14 . 2009-08-11 09:14 -------- d-----w- c:\documents and settings\Hannah\Application Data\Malwarebytes
2009-08-11 09:14 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 09:14 . 2009-08-11 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 09:14 . 2009-08-11 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-11 09:14 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 09:32 . 2009-08-08 10:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-07 23:19 . 2009-08-07 23:19 -------- d-----w- c:\program files\Common Files\Panda Security
2009-08-06 09:46 . 2009-08-06 09:47 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-06 09:46 . 2009-08-06 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-06 09:46 . 2009-08-06 15:47 -------- d-----w- c:\program files\NOS
2009-07-31 20:11 . 2009-07-07 08:23 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-31 20:11 . 2009-07-07 08:23 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-07-31 20:11 . 2009-07-07 08:23 1471768 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-31 20:11 . 2009-07-07 08:23 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 10:57 . 2009-06-07 14:28 -------- d-----w- c:\documents and settings\Hannah\Application Data\LimeWire
2009-08-25 09:32 . 2009-02-12 19:29 -------- d-----w- c:\program files\Java
2009-08-13 21:05 . 2009-05-05 04:27 12328 ----a-w- c:\documents and settings\Hannah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 10:38 . 2009-02-12 19:35 -------- d-----w- c:\program files\Google
2009-08-08 08:08 . 2009-07-07 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-07 23:19 . 2009-02-12 19:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2009-02-12 18:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-18 08:07 . 2009-07-18 08:08 2301720 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-18 08:07 . 2009-07-18 08:08 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-18 08:07 . 2009-07-18 08:08 1111320 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll
2009-07-18 08:07 . 2009-07-18 08:08 2291480 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgfwui.dll
2009-07-17 19:01 . 2009-02-12 18:05 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 11:21 . 2009-02-12 18:05 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 08:27 . 2009-07-08 08:27 692504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcsrvx.exe
2009-07-08 08:27 . 2009-07-08 08:27 382744 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgclitx.dll
2009-07-08 08:27 . 2009-07-08 08:27 417560 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcclix.dll
2009-07-08 08:27 . 2009-07-08 08:27 69912 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcrlpx.dll
2009-07-08 08:27 . 2009-07-08 08:27 2053912 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-07 08:24 . 2009-07-07 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-07 08:24 . 2009-07-31 20:27 11952 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-07-07 08:24 . 2009-07-31 20:27 335752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-07 08:24 . 2009-07-31 20:27 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-07-07 07:35 . 2009-07-07 07:35 -------- d-----w- c:\documents and settings\Hannah\Application Data\AVG8
2009-07-02 17:44 . 2009-05-05 03:19 -------- d-----w- c:\documents and settings\Hannah\Application Data\Apple Computer
2009-06-29 16:12 . 2009-02-12 18:05 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-02-12 18:05 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2009-02-12 18:05 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-27 10:01 . 2009-06-27 10:01 34062 ----a-w- c:\documents and settings\Hannah\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-16 14:36 . 2009-02-12 18:05 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2009-02-12 18:05 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2009-02-12 18:05 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2009-02-12 18:05 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2009-02-12 19:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2009-02-12 18:05 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2009-02-12 18:05 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-26_09.52.41 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-26 16851456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [12/02/2009 20:29 4300]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 04:01 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [12/02/2009 20:33 238464]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 12:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-28 12:06
ComboFix-quarantined-files.txt 2009-08-28 11:06
ComboFix2.txt 2009-08-26 09:56

Pre-Run: 60,098,232,320 bytes free
Post-Run: 60,045,893,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

172 --- E O F --- 2009-08-13 21:07

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:23 PM

Posted 28 August 2009 - 10:14 AM

Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Weeble93

Weeble93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 28 August 2009 - 01:48 PM

Malwarebytes scan results:

Malwarebytes' Anti-Malware 1.40
Database version: 2710
Windows 5.1.2600 Service Pack 3

28/08/2009 19:43:05
mbam-log-2009-08-28 (19-43-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119308
Time elapsed: 17 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Program Files\DDnsFilter\DDnsFilter.dll.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\htmlayout.dll.vir (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe.vir (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\Uninstall.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\wscui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\braviax.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\ld12.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\DnsFilter.sys.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

#15 Weeble93

Weeble93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 28 August 2009 - 01:51 PM

plus, would you recommend adding some anti-virus software?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users