Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(thefeedonline, livefeed) infection....help


  • This topic is locked This topic is locked
22 replies to this topic

#1 faceman802

faceman802

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 27 September 2009 - 06:54 AM

I had the antivirus pro 2010 malware problem, downloaded malewarebytes and it seemed to remove that problem. Now i seem to be stuck with the "livefeed" problem where every link is directed to a site I dont want to go to and all the links are fronted with "thelivefeed.com, livefeedinc.com etc. etc.)


DDS (Ver_09-09-24.01) - NTFSx86
Run by Owner at 23:11:27.90 on Sat 09/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.432 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\HDAudPropShortcut.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\java.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: {97f6846e-4833-4cb5-8cae-4baca94ddab6} - kemuboti.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [calc] rundll32.exe c:\docume~1\owner\protect.dll,_IWMPEvents@0
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [SunKistEM] c:\program files\emachines bay reader\shwiconem.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [tidisupun] Rundll32.exe "c:\windows\system32\juyobosu.dll",a
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\scandisk.dll
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\vbTXrJZlZr.dll
Trusted Zone: plaxo.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235957442109
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Filter: text/html - {ff504403-22f0-47ee-bf10-2c13d3694a46} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: jakazegiw - {cdff20f0-3a8b-472e-bcbb-23818721734e} - c:\windows\system32\hilavabi.dll
SSODL: tubamiter - {8b83da6e-5d54-46b0-b56b-7633619adf48} - c:\windows\system32\juyobosu.dll
STS: tokatiluy: {cdff20f0-3a8b-472e-bcbb-23818721734e} - c:\windows\system32\hilavabi.dll
STS: kupuhivus: {8b83da6e-5d54-46b0-b56b-7633619adf48} - c:\windows\system32\juyobosu.dll
LSA: Notification Packages = scecli karirabo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\i0iz5vv8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\i0iz5vv8.default\extensions\gametap@gametap.com\plugins\npGameTapWebUpdater.dll
FF - plugin: c:\program files\gametap web player\bin\release\npGameTapWebPlayer.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 is-0OH4Mdrv;is-0OH4Mdrv;c:\windows\system32\drivers\84814866.sys [2009-7-17 148496]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-8-18 179984]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-8 214024]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-8 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-8 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-8 144704]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\verizon\verizon internet security suite\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-8 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-8 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-8 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-8 40552]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
S2 pwyjkzqmfnpnlj;pwyjkzqmfnpnlj;\??\c:\windows\system32\drivers\wvkgovcgpuzbj.sys --> c:\windows\system32\drivers\wvkgovcgpuzbj.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-8 34248]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2009-4-22 170736]

=============== Created Last 30 ================

2009-09-26 21:55 0 a------- c:\windows\system32\491.exe
2009-09-26 20:55 0 a------- c:\windows\system32\9961.exe
2009-09-26 19:55 0 a------- c:\windows\system32\16827.exe
2009-09-26 18:55 0 a------- c:\windows\system32\23281.exe
2009-09-26 17:55 0 a------- c:\windows\system32\28145.exe
2009-09-26 16:55 0 a------- c:\windows\system32\5705.exe
2009-09-26 16:11 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-26 16:11 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-26 16:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-26 15:55 0 a------- c:\windows\system32\24464.exe
2009-09-26 13:54 0 a------- c:\windows\system32\29358.exe
2009-09-26 06:47 744 a------- c:\windows\system32\wininit.dll
2009-09-26 06:45 22,528 -------- c:\documents and settings\owner\protect.dll
2009-09-26 06:45 22,528 a--sh--- c:\windows\system32\calc.dll
2009-09-26 05:46 0 a------- c:\windows\system32\26962.exe
2009-09-26 04:46 129,024 a------- c:\windows\system32\vbTXrJZlZr.dll
2009-09-26 03:46 0 a------- c:\windows\system32\11478.exe
2009-09-26 02:46 0 a------- c:\windows\system32\15724.exe
2009-09-26 01:46 0 a------- c:\windows\system32\19169.exe
2009-09-26 00:46 0 a------- c:\windows\system32\26500.exe
2009-09-25 23:46 0 a------- c:\windows\system32\6334.exe
2009-09-25 22:46 0 a------- c:\windows\system32\18467.exe
2009-09-25 21:49 108 a------- c:\windows\system32\temp32.bat
2009-09-25 21:48 11,846 a------- c:\windows\system32\enehe.scr
2009-09-25 21:48 19,479 a------- c:\docume~1\alluse~1\applic~1\adyfyky.vbs
2009-09-25 21:48 17,767 a------- c:\windows\iwyf._dl
2009-09-25 21:48 17,240 a------- c:\windows\system32\ojejyv.dat
2009-09-25 21:48 16,516 a------- c:\program files\common files\irecegeh.reg
2009-09-25 21:48 15,741 a------- c:\windows\enuq.scr
2009-09-25 21:48 15,573 a------- c:\windows\ypem.dl
2009-09-25 21:48 12,719 a------- c:\windows\system32\nohywunar.ban
2009-09-25 21:48 11,093 a------- c:\windows\system32\sinyxeq._sy
2009-09-25 21:48 16,303 a------- c:\windows\zupakojofi.bin
2009-09-25 21:48 14,862 a------- c:\docume~1\owner\applic~1\rumuvac.dat
2009-09-25 21:48 10,938 a------- c:\windows\ovet.ban
2009-09-25 21:48 15,405 a------- c:\docume~1\alluse~1\applic~1\uwupasi.dat
2009-09-25 21:48 15,249 a------- c:\docume~1\owner\applic~1\myri.scr
2009-09-25 21:01 0 a------- c:\windows\system32\41.exe
2009-09-25 21:01 19,241 a------- c:\docume~1\alluse~1\applic~1\onegujobur.scr
2009-09-25 21:01 18,131 a------- c:\windows\ijokavini.exe
2009-09-25 21:01 18,064 a------- c:\windows\yjocawy.vbs
2009-09-25 21:01 17,739 a------- c:\windows\sofoqyviri.pif
2009-09-25 21:01 15,585 a------- c:\windows\acasuvuty.bin
2009-09-25 21:01 13,418 a------- c:\windows\system32\owebeh._dl
2009-09-25 21:01 11,225 a------- c:\docume~1\alluse~1\applic~1\kegi.bat
2009-09-25 21:01 10,705 a------- c:\docume~1\alluse~1\applic~1\navocidib.sys
2009-09-25 21:01 14,780 a------- c:\windows\cewere.lib
2009-09-25 21:01 13,341 a------- c:\windows\system32\jygeku.vbs
2009-09-21 15:59 <DIR> --d----- C:\wnted
2009-09-21 09:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-09-21 09:03 <DIR> --d----- c:\program files\McAfee Security Scan
2009-09-15 16:34 54,156 a---h--- c:\windows\QTFont.qfn
2009-09-15 16:34 1,409 a------- c:\windows\QTFont.for
2009-09-08 10:59 0 a------- c:\windows\ativpsrm.bin
2009-09-08 10:17 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-09-08 10:14 <DIR> --d----- C:\ATI
2009-09-08 09:19 13,031 a------- c:\windows\system32\Config.MPF
2009-09-08 09:17 <DIR> --d----- c:\program files\SiteAdvisor
2009-09-08 09:11 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-09-08 09:11 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-09-08 09:11 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-09-08 09:11 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-09-08 09:09 <DIR> --d----- c:\program files\common files\McAfee
2009-09-08 09:09 <DIR> --d----- c:\program files\McAfee.com
2009-09-08 09:08 <DIR> --d----- c:\program files\McAfee
2009-09-08 09:05 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-09-08 09:05 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-09-07 19:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Linksys
2009-09-07 17:46 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{35ACA973-70F0-495F-9092-74A130711865}
2009-09-07 17:41 <DIR> --d----- c:\program files\Linksys
2009-09-07 17:40 <DIR> --d----- c:\program files\WebEx
2009-09-07 17:40 23,984 a------- c:\windows\system32\drivers\pnarp.sys
2009-09-07 17:39 25,264 a------- c:\windows\system32\drivers\purendis.sys
2009-09-07 17:39 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-09-07 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-09-07 17:37 939,368 a----r-- c:\windows\system32\myflash.ocx
2009-09-07 10:28 1,264 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-09-05 20:45 16 a------- c:\windows\system32\drivers\fidbox.dat.szfi
2009-09-05 20:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-09-05 20:36 <DIR> --d----- c:\program files\common files\iS3
2009-09-05 20:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-09-05 20:33 19,530 a------- c:\windows\kykekem.ban
2009-09-05 20:33 17,087 a------- c:\windows\ovosi.sys
2009-09-05 20:33 16,875 a------- c:\windows\system32\fuxykyre.ban
2009-09-05 20:33 16,440 a------- c:\windows\ocopycal._sy
2009-09-05 20:33 15,988 a------- c:\windows\system32\somem.pif
2009-09-05 20:33 14,320 a------- c:\program files\common files\otib.bin
2009-09-05 20:33 12,657 a------- c:\windows\ledo.dl
2009-09-05 20:33 11,979 a------- c:\windows\mycyqyhaqe.vbs
2009-09-05 20:33 11,544 a------- c:\windows\geqabobug.dat
2009-09-05 20:33 15,606 a------- c:\windows\ruroquvof._dl
2009-09-05 14:25 16,945 a------- c:\windows\yrerejyro.vbs
2009-09-05 14:25 11,999 a------- c:\program files\common files\rufo.sys
2009-09-05 14:25 18,240 a------- c:\docume~1\owner\applic~1\lokefubil.reg
2009-09-05 14:25 16,775 a------- c:\windows\ahexavode.exe
2009-09-05 14:25 14,044 a------- c:\program files\common files\kafuly.dll
2009-09-05 14:25 11,610 a------- c:\windows\putyfavu.inf
2009-09-05 14:25 11,239 a------- c:\windows\system32\fuboqovo.db
2009-09-05 14:25 14,022 a------- c:\windows\kyme.dl
2009-09-05 14:25 13,637 a------- c:\windows\nerisef.dat
2009-09-05 14:25 12,439 a------- c:\docume~1\owner\applic~1\execudem.bat
2009-09-05 14:25 10,931 a------- c:\windows\gecy.sys
2009-09-05 14:25 18,761 a------- c:\windows\system32\ywujihixi.com
2009-09-05 14:25 17,932 a------- c:\windows\cinemap.dat
2009-09-05 14:25 14,551 a------- c:\windows\syjyky.vbs
2009-09-05 14:25 11,314 a------- c:\docume~1\alluse~1\applic~1\xigup.dat
2009-09-05 14:13 18,928 a------- c:\windows\nezi.inf
2009-09-05 14:13 18,037 a------- c:\program files\common files\xixemuqox.sys
2009-09-05 14:13 17,611 a------- c:\program files\common files\pynajunos.vbs
2009-09-05 14:13 16,879 a------- c:\program files\common files\voveq.com
2009-09-05 14:13 16,181 a------- c:\windows\vabo.sys
2009-09-05 14:13 15,816 a------- c:\windows\xofym.lib
2009-09-05 14:13 15,702 a------- c:\program files\common files\erygefe.reg
2009-09-05 14:13 15,239 a------- c:\docume~1\alluse~1\applic~1\eduhy.bin
2009-09-05 14:13 15,195 a------- c:\windows\yrygegu.bin
2009-09-05 14:13 14,063 a------- c:\windows\erapy.ban
2009-09-05 14:13 13,320 a------- c:\windows\epyguxaso.reg
2009-09-05 14:13 12,931 a------- c:\windows\donysa.vbs
2009-09-05 14:13 12,809 a------- c:\windows\ibequbire.db
2009-09-05 14:13 10,550 a------- c:\windows\system32\oriwyqiqud.dll
2009-09-02 16:09 <DIR> --d----- c:\program files\Shared
2009-09-01 19:12 1,945,600 -------- c:\windows\NuNinst.exe
2009-09-01 19:12 51,547 -------- c:\windows\NuNinst.cfg
2009-09-01 19:12 91,136 a------- c:\windows\system32\drivers\InCDfs.sys
2009-09-01 19:12 28,544 a------- c:\windows\system32\drivers\InCDpass.sys
2009-09-01 19:12 5,760 a------- c:\windows\system32\drivers\InCDrec.sys
2009-09-01 19:12 <DIR> --d----- c:\windows\InCD
2009-08-31 20:07 20 a------- c:\windows\system32\SYSTEM

==================== Find3M ====================

2009-09-26 23:11 180,834,336 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-26 23:10 1,724,704 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-09-26 23:02 162,596 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-09-26 23:02 2,120,060 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-26 21:00 88,064 a--sh--- c:\windows\system32\juyobosu.dll
2009-09-26 21:00 44,970 a--sh--- c:\windows\system32\vukoguha.exe
2009-09-26 21:00 37,376 a--sh--- c:\windows\system32\wevejaga.dll
2009-09-25 21:48 12,094 a------- c:\program files\common files\eceveq._dl
2009-09-25 21:01 15,806 a------- c:\program files\common files\gilupiv.db
2009-09-25 21:01 12,978 a------- c:\program files\common files\vewu.lib
2009-09-25 21:01 10,914 a------- c:\program files\common files\doho.inf
2009-09-25 21:01 10,109 a------- c:\program files\common files\fimus.lib
2009-09-05 14:25 11,073 a------- c:\program files\common files\osah.db
2009-09-05 14:13 16,110 a------- c:\program files\common files\ivinitanog.inf
2009-09-05 14:13 13,719 a------- c:\program files\common files\wuzaxyk.inf
2009-08-25 22:57 262,144 a------- C:\ntuser.dat
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-21 11:55 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-07-21 11:54 325,120 a------- c:\windows\system32\ati2dvag.dll
2009-07-21 11:44 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-07-21 11:44 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-07-21 11:43 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-07-21 11:43 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-07-21 11:43 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-07-21 11:42 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-07-21 11:40 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-07-21 11:35 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-07-21 11:32 11,845,632 a------- c:\windows\system32\atioglxx.dll
2009-07-21 11:32 3,818,272 a------- c:\windows\system32\ati3duag.dll
2009-07-21 11:17 2,670,720 a------- c:\windows\system32\ativvaxx.dll
2009-07-21 11:17 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-07-21 11:17 887,724 a------- c:\windows\system32\ativva6x.dat
2009-07-21 11:01 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-07-21 10:57 475,136 a------- c:\windows\system32\atikvmag.dll
2009-07-21 10:55 126,976 a------- c:\windows\system32\atiadlxx.dll
2009-07-21 10:54 17,408 a------- c:\windows\system32\atitvo32.dll
2009-07-21 10:53 45,056 a------- c:\windows\system32\aticalrt.dll
2009-07-21 10:53 45,056 a------- c:\windows\system32\aticalcl.dll
2009-07-21 10:52 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-07-21 10:52 3,227,648 a------- c:\windows\system32\aticaldd.dll
2009-07-21 10:48 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-14 00:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-29 10:30 256,712 a------- c:\windows\system32\Prounstl.exe
2009-04-15 14:56 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041520090416\index.dat

============= FINISH: 23:12:46.60 ===============


Thanks for any help I can get on this issue

BC AdBot (Login to Remove)

 


#2 faceman802

faceman802
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 30 September 2009 - 04:12 PM

3 days, 123 views and no help?? hmmm might have to take my problem elsewhere i guess

#3 faceman802

faceman802
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 01 October 2009 - 05:13 PM

sorry for the impatience. I've deleted the verizon internet security suite as ive been informed it's redundant to mcafee and I'm also putting my root repeal scan results here since I thought I posted them, but was told I didn't. sorry for the inconvenience

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/26 23:24
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE4D8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7D73000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal2.sys
Address: 0xF72DF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Program Files\Yahoo! Games\Bejeweled Twist\BejeweledTwist.exe:{8780C002-2FC7-8736-7FBA-1B1E972FB45E}
Status: Visible to the Windows API, but not on disk.

Path: c:\windows\system32\drivers\fidbox.dat
Status: Size mismatch (API: 180846624, Raw: 180842528)

Path: c:\documents and settings\all users\application data\pure networks\log\logfile.nmsrvc_exe.txt
Status: Size mismatch (API: 36388, Raw: 35792)

Path: c:\program files\verizon\verizon internet security suite\safeconnect\malwareprofile\temp\10372.mpdb
Status: Allocation size mismatch (API: 4096, Raw: 584)

Path: c:\program files\verizon\verizon internet security suite\safeconnect\malwareprofile\temp\26280.mpdb
Status: Allocation size mismatch (API: 4096, Raw: 584)

Path: c:\program files\verizon\verizon internet security suite\safeconnect\malwareprofile\temp\59.mpdb
Status: Allocation size mismatch (API: 4096, Raw: 616)

Path: c:\program files\verizon\verizon internet security suite\safeconnect\malwareprofile\temp\2287.mpdb
Status: Allocation size mismatch (API: 4096, Raw: 592)

Path: c:\program files\verizon\verizon internet security suite\safeconnect\malwareprofile\temp\95.mpdb
Status: Allocation size mismatch (API: 4096, Raw: 600)

Path: c:\program files\verizon\verizon internet security suite\safeconnect\malwareprofile\temp\30443.mpdb
Status: Allocation size mismatch (API: 4096, Raw: 592)

Path: c:\program files\verizon\verizon internet security suite\safeconnect\malwareprofile\temp\37065.mpdb
Status: Allocation size mismatch (API: 4096, Raw: 592)

Path: c:\program files\verizon\verizon internet security suite\safeconnect\malwareprofile\temp\38093.mpdb
Status: Allocation size mismatch (API: 4096, Raw: 584)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xec0158b0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50c930

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50caa0

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50d540

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50d190

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50de20

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50cd60

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50b2a0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xec0158e0

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50d370

#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50dad0

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50ddd0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50e150

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50e770

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee512160

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee509ec0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50dd80

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50b600

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xec015990

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xec015a30

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xec015ad0

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50b4d0

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50ae70

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xec015450

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xec0153c0

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xec015400

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50ad70

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50e550

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50ae20

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50a300

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xec015340

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee50e5a0

==EOF==

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:53 PM

Posted 14 October 2009 - 05:46 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 faceman802

faceman802
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 14 October 2009 - 04:10 PM

I went to download that file from the mirror you posted and get a popup message saying "This download has been reported as unsafe" the file you are downloading has been reported to be unsafe. the download website contains links to viruses and other software that can harm your computer or reveal your personal information." obviously i dont want to download this file after reading this. is this file safe?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:53 PM

Posted 14 October 2009 - 04:23 PM

Hi,

what kind of popup was it? Do you know which program created it?

geekstogo.com is another very reknown malware removal forum and the author of OTL.exe is well known throughout the malware community. I've been using that tool for a long time know including about a dozen times today, without any troubles. There is virtually no chance, that the download is infected.

If, despite this, you still don't want to use OTL, please let me know. I'll post you the instructions for an alternative tool.

regards _temp_

Edited by _temp_, 14 October 2009 - 04:24 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 faceman802

faceman802
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 15 October 2009 - 03:55 PM

OTL REPORT

OTL logfile created on: 10/15/2009 4:47:21 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 276.44 Mb Available Physical Memory | 27.03% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 73.98 Gb Free Space | 39.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DONTINAKEKE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/15 16:46:22 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2009/09/28 17:57:53 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/28 17:57:52 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/21 09:00:36 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/12 14:19:31 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2009/07/27 20:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
PRC - [2009/07/21 11:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/07/10 14:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/10 14:57:18 | 01,553,920 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/02/06 18:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/12/12 18:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/11/13 15:43:49 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/05/26 16:46:48 | 01,151,090 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/03/17 19:10:40 | 00,061,952 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\HDAudPropShortcut.exe
PRC - [2004/03/11 19:18:54 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\eMachines Bay Reader\shwiconem.exe
PRC - [2003/07/29 22:06:32 | 00,515,584 | ---- | M] (Chicony) -- C:\WINDOWS\zHotkey.exe
PRC - [2003/03/31 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/09/28 17:57:52 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/08/12 14:19:31 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/21 11:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/07/21 10:40:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/07/08 15:15:04 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/02/06 18:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - [2008/12/12 18:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2008/11/13 15:43:49 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
SRV - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Disabled | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2004/05/26 16:46:48 | 01,151,090 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2004/03/18 17:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/09/08 21:06:44 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2009/09/08 21:06:37 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2009/07/21 12:30:48 | 03,565,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2009/07/16 00:34:42 | 00,024,576 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\GameTap Web Player\bin\release\X4HSX32.Sys -- (X4HSX32 [Auto | Running])
DRV - [2009/07/08 13:44:20 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/07/08 13:44:20 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/07/08 13:44:20 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2009/07/08 13:44:20 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/07/08 13:43:46 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/07/03 10:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2009/06/24 01:54:16 | 00,030,880 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2008/12/12 18:05:20 | 00,025,264 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2008/12/12 18:05:18 | 00,023,984 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2008/07/08 15:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\84814866.sys -- (is-0OH4Mdrv [System | Running])
DRV - [2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/11/16 12:55:00 | 00,165,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/03/08 17:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
DRV - [2005/07/08 00:55:01 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2005/07/08 00:55:01 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2005/07/08 00:55:01 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2004/06/06 15:09:10 | 00,730,653 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2004/05/26 16:49:10 | 00,028,544 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2004/05/26 16:48:54 | 00,091,136 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2004/03/22 15:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt39.sys -- (SunkFilt39 [On_Demand | Stopped])
DRV - [2004/03/22 15:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Running])
DRV - [2004/03/17 19:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2004/01/16 18:21:48 | 00,012,970 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2003/11/13 22:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/13 22:18:36 | 00,679,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/11/13 22:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002/02/15 14:37:38 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2002/02/15 14:15:50 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msnmember.msn.com/
IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 24 BC 94 D2 9A C9 01 [binary data]
IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\S-1-5-21-3572605277-2274713198-2331508255-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\S-1-5-21-3572605277-2274713198-2331508255-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: GameTap@gametap.com:4.0.80.1588
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 23:15:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/09/10 05:54:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/01 21:17:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/21 09:00:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/22 05:42:26 | 00,000,000 | ---D | M]

[2009/08/10 22:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009/04/06 17:16:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/10 22:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/10/15 16:43:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\i0iz5vv8.default\extensions
[2009/07/15 16:06:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\i0iz5vv8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/28 14:43:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\i0iz5vv8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/16 14:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\i0iz5vv8.default\extensions\GameTap@gametap.com
[2009/10/14 16:26:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/21 09:00:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/07 17:39:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/04/07 16:37:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/08 10:57:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/21 09:00:35 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/21 09:00:35 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/21 09:00:38 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/20 17:22:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/20 17:22:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/20 17:22:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/20 17:22:22 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/20 17:22:22 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/20 17:22:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/20 17:22:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {97f6846e-4833-4cb5-8cae-4baca94ddab6} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe (Chicony)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found
O4 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3572605277-2274713198-2331508255-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1235957442109 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.250.0.12 71.242.0.12 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: jakazegiw - {cdff20f0-3a8b-472e-bcbb-23818721734e} - CLSID or File not found.
O21 - SSODL: tubamiter - {8b83da6e-5d54-46b0-b56b-7633619adf48} - C:\WINDOWS\System32\juyobosu.dll File not found
O22 - SharedTaskScheduler: {8b83da6e-5d54-46b0-b56b-7633619adf48} - kupuhivus - C:\WINDOWS\System32\juyobosu.dll File not found
O22 - SharedTaskScheduler: {cdff20f0-3a8b-472e-bcbb-23818721734e} - tokatiluy - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/15 13:59:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2009/09/28 17:56:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/28 17:56:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/09/21 09:03:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/10/01 19:51:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/10/01 19:54:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Motive
[2009/10/01 20:05:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2009/09/20 11:41:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/10/01 20:01:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft
[2009/10/01 19:51:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2009/10/13 09:35:31 | 00,000,000 | ---D | C] -- C:\Program Files\iXi Tools
[2009/09/28 17:56:35 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/09/26 16:10:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/21 09:03:13 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/10/06 11:11:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/06 11:15:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/10/06 11:14:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/10/14 16:19:40 | 25,198,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/13 09:38:35 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/09/28 17:58:33 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/09/26 16:11:07 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/26 16:11:00 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/21 15:59:49 | 00,000,000 | ---D | C] -- C:\wnted

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/15 16:52:21 | 32,709,0208 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/15 16:25:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/10/15 16:17:21 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/15 06:38:28 | 00,005,853 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/15 06:37:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/15 06:37:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/15 06:37:11 | 10,724,80256 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/15 06:34:33 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/15 00:21:39 | 03,782,516 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/10/14 16:28:53 | 00,488,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 16:28:53 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 16:28:53 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 16:24:13 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 16:22:50 | 00,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/14 16:16:42 | 00,000,744 | ---- | M] () -- C:\WINDOWS\System32\wininit.dll
[2009/10/13 08:52:36 | 00,000,542 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/13 08:52:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/13 08:52:36 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/10/12 17:59:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/10 23:29:47 | 00,001,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2009/10/10 23:03:14 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\toy cleaning list.wps
[2009/10/10 22:28:09 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\staff schedule.wps
[2009/10/08 20:04:40 | 00,001,022 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Verizon Help and Support.lnk
[2009/10/02 11:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 20:03:52 | 00,001,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Click for Verizon Wi-Fi Setup.lnk
[2009/10/01 20:03:48 | 00,001,845 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Verizon Webmail.lnk
[2009/10/01 20:03:43 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Search.lnk
[2009/10/01 20:03:43 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Home.lnk
[2009/10/01 17:59:28 | 01,779,488 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/10/01 17:59:28 | 00,167,684 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/10/01 17:34:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/28 17:58:18 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/09/28 17:56:43 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/28 17:47:47 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Computer.lnk
[2009/09/27 20:47:08 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/26 22:23:26 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\vupipifi
[2009/09/26 22:01:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/09/26 21:55:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2009/09/26 21:01:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/09/26 21:00:55 | 00,044,970 | -HS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vukoguha.exe
[2009/09/26 20:55:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2009/09/26 19:55:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2009/09/26 18:55:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2009/09/26 17:55:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2009/09/26 16:55:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2009/09/26 16:11:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/26 15:55:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2009/09/26 14:54:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2009/09/26 13:54:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2009/09/26 12:54:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2009/09/26 11:54:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/09/26 10:54:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/09/26 09:54:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/09/26 08:54:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/09/25 21:49:00 | 00,000,108 | ---- | M] () -- C:\WINDOWS\System32\temp32.bat
[2009/09/25 21:48:19 | 00,017,953 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\vinonyd.exe
[2009/09/25 21:48:19 | 00,012,041 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xysywu.dl
[2009/09/25 21:48:19 | 00,011,846 | ---- | M] () -- C:\WINDOWS\System32\enehe.scr
[2009/09/25 21:48:18 | 00,019,479 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\adyfyky.vbs
[2009/09/25 21:48:18 | 00,017,767 | ---- | M] () -- C:\WINDOWS\iwyf._dl
[2009/09/25 21:48:18 | 00,017,240 | ---- | M] () -- C:\WINDOWS\System32\ojejyv.dat
[2009/09/25 21:48:18 | 00,016,516 | ---- | M] () -- C:\Program Files\Common Files\irecegeh.reg
[2009/09/25 21:48:18 | 00,015,741 | ---- | M] () -- C:\WINDOWS\enuq.scr
[2009/09/25 21:48:18 | 00,015,573 | ---- | M] () -- C:\WINDOWS\ypem.dl
[2009/09/25 21:48:18 | 00,012,719 | ---- | M] () -- C:\WINDOWS\System32\nohywunar.ban
[2009/09/25 21:48:18 | 00,011,093 | ---- | M] () -- C:\WINDOWS\System32\sinyxeq._sy
[2009/09/25 21:48:17 | 00,016,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\yfiban.db
[2009/09/25 21:48:17 | 00,016,303 | ---- | M] () -- C:\WINDOWS\zupakojofi.bin
[2009/09/25 21:48:17 | 00,014,862 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\rumuvac.dat
[2009/09/25 21:48:17 | 00,012,094 | ---- | M] () -- C:\Program Files\Common Files\eceveq._dl
[2009/09/25 21:48:17 | 00,010,938 | ---- | M] () -- C:\WINDOWS\ovet.ban
[2009/09/25 21:48:16 | 00,018,732 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\binibix.inf
[2009/09/25 21:48:16 | 00,015,405 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\uwupasi.dat
[2009/09/25 21:48:16 | 00,015,249 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\myri.scr
[2009/09/25 21:01:12 | 00,019,271 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ymut.bat
[2009/09/25 21:01:12 | 00,019,241 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\onegujobur.scr
[2009/09/25 21:01:12 | 00,018,703 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ycyry.scr
[2009/09/25 21:01:12 | 00,018,640 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\omususegog.dat
[2009/09/25 21:01:12 | 00,018,131 | ---- | M] () -- C:\WINDOWS\ijokavini.exe
[2009/09/25 21:01:12 | 00,018,064 | ---- | M] () -- C:\WINDOWS\yjocawy.vbs
[2009/09/25 21:01:12 | 00,017,739 | ---- | M] () -- C:\WINDOWS\sofoqyviri.pif
[2009/09/25 21:01:12 | 00,015,806 | ---- | M] () -- C:\Program Files\Common Files\gilupiv.db
[2009/09/25 21:01:12 | 00,015,688 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\acojuxaby.com
[2009/09/25 21:01:12 | 00,015,585 | ---- | M] () -- C:\WINDOWS\acasuvuty.bin
[2009/09/25 21:01:12 | 00,015,500 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\yhixinudip.pif
[2009/09/25 21:01:12 | 00,015,182 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\yjyk.pif
[2009/09/25 21:01:12 | 00,014,979 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\kizut.dll
[2009/09/25 21:01:12 | 00,013,418 | ---- | M] () -- C:\WINDOWS\System32\owebeh._dl
[2009/09/25 21:01:12 | 00,012,978 | ---- | M] () -- C:\Program Files\Common Files\vewu.lib
[2009/09/25 21:01:12 | 00,012,421 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\owefezutyv.db
[2009/09/25 21:01:12 | 00,011,402 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\jopu.bin
[2009/09/25 21:01:12 | 00,011,225 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kegi.bat
[2009/09/25 21:01:12 | 00,010,914 | ---- | M] () -- C:\Program Files\Common Files\doho.inf
[2009/09/25 21:01:12 | 00,010,705 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\navocidib.sys
[2009/09/25 21:01:12 | 00,010,241 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kovar.lib
[2009/09/25 21:01:12 | 00,010,109 | ---- | M] () -- C:\Program Files\Common Files\fimus.lib
[2009/09/25 21:01:11 | 00,014,780 | ---- | M] () -- C:\WINDOWS\cewere.lib
[2009/09/25 21:01:11 | 00,013,341 | ---- | M] () -- C:\WINDOWS\System32\jygeku.vbs
[2009/09/21 16:48:29 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\burnerror.wps
[2009/09/21 09:03:14 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan.lnk
[2009/09/21 09:03:14 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

========== Files - No Company Name ==========
[2009/10/15 06:37:11 | 10,724,80256 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/15 06:34:33 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/14 16:22:50 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/10 23:03:13 | 00,011,264 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\toy cleaning list.wps
[2009/10/01 20:09:56 | 00,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2009/10/01 20:03:52 | 00,001,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Click for Verizon Wi-Fi Setup.lnk
[2009/10/01 20:03:48 | 00,001,845 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Verizon Webmail.lnk
[2009/10/01 20:03:43 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Search.lnk
[2009/10/01 20:03:43 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Home.lnk
[2009/10/01 19:53:00 | 00,001,022 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Verizon Help and Support.lnk
[2009/09/28 18:29:58 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/09/28 17:58:47 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/28 17:56:43 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/28 17:47:47 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\My Computer.lnk
[2009/09/26 21:55:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2009/09/26 20:55:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2009/09/26 19:55:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2009/09/26 18:55:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/09/26 17:55:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/09/26 16:55:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/09/26 16:11:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/26 15:55:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/09/26 13:54:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/09/26 06:47:31 | 00,000,744 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll
[2009/09/26 05:46:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/09/26 03:46:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/09/26 02:46:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/09/26 01:46:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/09/26 00:46:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/09/25 23:46:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/09/25 22:46:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/09/25 21:49:00 | 00,000,108 | ---- | C] () -- C:\WINDOWS\System32\temp32.bat
[2009/09/25 21:48:19 | 00,017,953 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\vinonyd.exe
[2009/09/25 21:48:19 | 00,012,041 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xysywu.dl
[2009/09/25 21:48:19 | 00,011,846 | ---- | C] () -- C:\WINDOWS\System32\enehe.scr
[2009/09/25 21:48:18 | 00,019,479 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\adyfyky.vbs
[2009/09/25 21:48:18 | 00,017,767 | ---- | C] () -- C:\WINDOWS\iwyf._dl
[2009/09/25 21:48:18 | 00,017,240 | ---- | C] () -- C:\WINDOWS\System32\ojejyv.dat
[2009/09/25 21:48:18 | 00,016,516 | ---- | C] () -- C:\Program Files\Common Files\irecegeh.reg
[2009/09/25 21:48:18 | 00,015,741 | ---- | C] () -- C:\WINDOWS\enuq.scr
[2009/09/25 21:48:18 | 00,015,573 | ---- | C] () -- C:\WINDOWS\ypem.dl
[2009/09/25 21:48:18 | 00,012,719 | ---- | C] () -- C:\WINDOWS\System32\nohywunar.ban
[2009/09/25 21:48:18 | 00,011,093 | ---- | C] () -- C:\WINDOWS\System32\sinyxeq._sy
[2009/09/25 21:48:17 | 00,016,512 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\yfiban.db
[2009/09/25 21:48:17 | 00,016,303 | ---- | C] () -- C:\WINDOWS\zupakojofi.bin
[2009/09/25 21:48:17 | 00,014,862 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\rumuvac.dat
[2009/09/25 21:48:17 | 00,012,094 | ---- | C] () -- C:\Program Files\Common Files\eceveq._dl
[2009/09/25 21:48:17 | 00,010,938 | ---- | C] () -- C:\WINDOWS\ovet.ban
[2009/09/25 21:48:16 | 00,018,732 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\binibix.inf
[2009/09/25 21:48:16 | 00,015,405 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uwupasi.dat
[2009/09/25 21:48:16 | 00,015,249 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\myri.scr
[2009/09/25 21:01:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/09/25 21:01:12 | 00,019,271 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ymut.bat
[2009/09/25 21:01:12 | 00,019,241 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\onegujobur.scr
[2009/09/25 21:01:12 | 00,018,703 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ycyry.scr
[2009/09/25 21:01:12 | 00,018,640 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\omususegog.dat
[2009/09/25 21:01:12 | 00,018,131 | ---- | C] () -- C:\WINDOWS\ijokavini.exe
[2009/09/25 21:01:12 | 00,018,064 | ---- | C] () -- C:\WINDOWS\yjocawy.vbs
[2009/09/25 21:01:12 | 00,017,739 | ---- | C] () -- C:\WINDOWS\sofoqyviri.pif
[2009/09/25 21:01:12 | 00,015,806 | ---- | C] () -- C:\Program Files\Common Files\gilupiv.db
[2009/09/25 21:01:12 | 00,015,688 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\acojuxaby.com
[2009/09/25 21:01:12 | 00,015,585 | ---- | C] () -- C:\WINDOWS\acasuvuty.bin
[2009/09/25 21:01:12 | 00,015,500 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\yhixinudip.pif
[2009/09/25 21:01:12 | 00,015,182 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\yjyk.pif
[2009/09/25 21:01:12 | 00,014,979 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\kizut.dll
[2009/09/25 21:01:12 | 00,013,418 | ---- | C] () -- C:\WINDOWS\System32\owebeh._dl
[2009/09/25 21:01:12 | 00,012,978 | ---- | C] () -- C:\Program Files\Common Files\vewu.lib
[2009/09/25 21:01:12 | 00,012,421 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owefezutyv.db
[2009/09/25 21:01:12 | 00,011,402 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\jopu.bin
[2009/09/25 21:01:12 | 00,011,225 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kegi.bat
[2009/09/25 21:01:12 | 00,010,914 | ---- | C] () -- C:\Program Files\Common Files\doho.inf
[2009/09/25 21:01:12 | 00,010,705 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\navocidib.sys
[2009/09/25 21:01:12 | 00,010,241 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kovar.lib
[2009/09/25 21:01:12 | 00,010,109 | ---- | C] () -- C:\Program Files\Common Files\fimus.lib
[2009/09/25 21:01:11 | 00,014,780 | ---- | C] () -- C:\WINDOWS\cewere.lib
[2009/09/25 21:01:11 | 00,013,341 | ---- | C] () -- C:\WINDOWS\System32\jygeku.vbs
[2009/09/25 20:54:56 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\iniasd.txt
[2009/09/21 16:48:29 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\burnerror.wps
[2009/09/21 09:03:14 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan.lnk
[2009/09/21 09:03:14 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/09/05 20:33:20 | 00,017,087 | ---- | C] () -- C:\WINDOWS\ovosi.sys
[2009/09/05 20:33:20 | 00,016,619 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ruhis.dl
[2009/09/05 20:33:20 | 00,014,320 | ---- | C] () -- C:\Program Files\Common Files\otib.bin
[2009/09/05 20:33:20 | 00,013,276 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ogazop.lib
[2009/09/05 20:33:20 | 00,012,972 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ilofysyhef.dat
[2009/09/05 20:33:20 | 00,012,626 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\azefijop.sys
[2009/09/05 20:33:20 | 00,010,617 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\izan.db
[2009/09/05 20:33:20 | 00,010,582 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\udadig.lib
[2009/09/05 14:25:19 | 00,015,911 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\izysyg.lib
[2009/09/05 14:25:19 | 00,011,999 | ---- | C] () -- C:\Program Files\Common Files\rufo.sys
[2009/09/05 14:25:18 | 00,018,240 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\lokefubil.reg
[2009/09/05 14:25:18 | 00,014,044 | ---- | C] () -- C:\Program Files\Common Files\kafuly.dll
[2009/09/05 14:25:18 | 00,011,073 | ---- | C] () -- C:\Program Files\Common Files\osah.db
[2009/09/05 14:25:17 | 00,018,522 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\omig.lib
[2009/09/05 14:25:17 | 00,017,212 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ifad.sys
[2009/09/05 14:25:17 | 00,012,439 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\execudem.bat
[2009/09/05 14:25:17 | 00,010,931 | ---- | C] () -- C:\WINDOWS\gecy.sys
[2009/09/05 14:25:15 | 00,016,736 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\onydyreja._dl
[2009/09/05 14:25:15 | 00,011,314 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xigup.dat
[2009/09/05 14:13:53 | 00,019,467 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\lije._dl
[2009/09/05 14:13:53 | 00,018,087 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\sezu.inf
[2009/09/05 14:13:53 | 00,018,037 | ---- | C] () -- C:\Program Files\Common Files\xixemuqox.sys
[2009/09/05 14:13:53 | 00,017,611 | ---- | C] () -- C:\Program Files\Common Files\pynajunos.vbs
[2009/09/05 14:13:53 | 00,017,284 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\acicufo._dl
[2009/09/05 14:13:53 | 00,016,879 | ---- | C] () -- C:\Program Files\Common Files\voveq.com
[2009/09/05 14:13:53 | 00,016,181 | ---- | C] () -- C:\WINDOWS\vabo.sys
[2009/09/05 14:13:53 | 00,016,110 | ---- | C] () -- C:\Program Files\Common Files\ivinitanog.inf
[2009/09/05 14:13:53 | 00,015,702 | ---- | C] () -- C:\Program Files\Common Files\erygefe.reg
[2009/09/05 14:13:53 | 00,015,239 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\eduhy.bin
[2009/09/05 14:13:53 | 00,013,719 | ---- | C] () -- C:\Program Files\Common Files\wuzaxyk.inf
[2009/09/05 14:13:53 | 00,012,869 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\sipihyg._sy
[2009/09/05 14:13:53 | 00,012,421 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\juku.lib
[2009/09/05 14:13:53 | 00,011,654 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\rybur.db
[2009/09/05 14:13:53 | 00,011,620 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\harogazen.sys
[2009/09/05 14:13:53 | 00,010,550 | ---- | C] () -- C:\WINDOWS\System32\oriwyqiqud.dll
[2009/09/05 14:13:53 | 00,010,242 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\bosizir._sy
[2009/05/09 00:39:20 | 04,553,244 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/03/07 17:22:05 | 00,000,399 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/03/03 18:44:22 | 00,011,264 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/02 14:28:08 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/02 09:48:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/03/01 14:28:45 | 00,076,896 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/02/05 14:28:20 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\setup.txt
[2002/02/15 15:53:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/02/15 14:06:33 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/02/15 14:05:15 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2002/02/15 14:05:15 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2002/02/15 14:01:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2002/02/15 12:51:26 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/02/15 12:51:26 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2002/02/15 12:51:16 | 00,000,542 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/02/15 12:51:14 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/02/15 05:54:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== Files - Unicode (All) ==========
[2009/08/18 17:45:20 | 00,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/08/18 17:45:20 | 00,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
< End of report >



EXTRAS REPORT

OTL Extras logfile created on: 10/15/2009 4:47:22 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 276.44 Mb Available Physical Memory | 27.03% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 73.98 Gb Free Space | 39.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DONTINAKEKE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup -- (Kaspersky Lab)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe" = C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe:*:Enabled:GameTap Web Player -- (Metaboli)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\McAfee\VirusScan\mcvsshld.exe" = C:\Program Files\McAfee\VirusScan\mcvsshld.exe:*:Enabled:mcvsshld -- (McAfee, Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{258749E2-3A46-42B1-9A01-BF977AA06FAC}" = RPS CRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{713AB069-D22F-4C15-89F0-0FEE92D9AD47}" = PS7600
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{8C525C3E-00C9-4A77-9F76-D22939DB53C0}" = Picaboo 2.5
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{923CAE62-30C9-425E-B4ED-F5E9C09C5C4A}" = TurboTax 2008 wnjiper
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AAA8CA88-8A22-43D1-867F-ABD7944C9815}" = Intel® Network Connections 14.3.0.0
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BigFix" = BigFix
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"LimeWire" = LimeWire 5.2.13
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.24
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TurboTax 2008" = TurboTax 2008
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon.MCCInstall" = Verizon Online Support Center
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3572605277-2274713198-2331508255-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2009 3:55:46 PM | Computer Name = DONTINAKEKE | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.0.0.433
Exception
Code : 0XC0000005 Exception Address : 0X774FD376 Exception Parameters :
2 Param 1 = 0X00000001 Param 2 = 0X00000005 More information :

Error - 10/2/2009 4:44:39 PM | Computer Name = DONTINAKEKE | Source = Application Error | ID = 1000
Description = Faulting application msn.exe, version 9.60.53.2200, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/6/2009 7:30:47 AM | Computer Name = DONTINAKEKE | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8064.206, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2009 11:07:33 AM | Computer Name = DONTINAKEKE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Mail -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2762. The arguments are: , ,

Error - 10/6/2009 11:07:37 AM | Computer Name = DONTINAKEKE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 10/6/2009 11:07:37 AM | Computer Name = DONTINAKEKE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 10/13/2009 12:21:20 AM | Computer Name = DONTINAKEKE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/14/2009 7:02:38 AM | Computer Name = DONTINAKEKE | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 10.0.0.525, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/14/2009 7:03:38 AM | Computer Name = DONTINAKEKE | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 10.0.0.525, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/14/2009 7:03:46 AM | Computer Name = DONTINAKEKE | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 10.0.0.525, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/15/2009 6:33:04 AM | Computer Name = DONTINAKEKE | Source = Service Control Manager | ID = 7001
Description = The Logical Disk Manager Administrative Service service depends on
the Logical Disk Manager service which failed to start because of the following
error: %%1058

Error - 10/15/2009 6:33:04 AM | Computer Name = DONTINAKEKE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 10/15/2009 6:33:04 AM | Computer Name = DONTINAKEKE | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 10/15/2009 6:33:07 AM | Computer Name = DONTINAKEKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 10/15/2009 6:38:04 AM | Computer Name = DONTINAKEKE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/15/2009 6:38:04 AM | Computer Name = DONTINAKEKE | Source = Service Control Manager | ID = 7001
Description = The Logical Disk Manager Administrative Service service depends on
the Logical Disk Manager service which failed to start because of the following
error: %%1058

Error - 10/15/2009 6:38:04 AM | Computer Name = DONTINAKEKE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 10/15/2009 6:38:04 AM | Computer Name = DONTINAKEKE | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 10/15/2009 6:38:17 AM | Computer Name = DONTINAKEKE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/15/2009 6:38:17 AM | Computer Name = DONTINAKEKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >



Thanks for the help

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:53 PM

Posted 16 October 2009 - 06:34 AM

Hi,

could you please reply to my last question? Do you know which program warned you against downloading OTL?

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 faceman802

faceman802
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 17 October 2009 - 05:56 AM

there was no program name or distinguishing charatcteristic of the window, it just looked like a generic "windows" type warning kind of like the one you posted in the "combo fix" reply where the computer might warn me about not having windows recovery. there was a space on t to report this software as safe. and actually when i went to download the software to use when i decided to use it, the message never popped up. ill be doing the combo fix download either sat night or sunday but it may take me till tue to actually do it. me and my wife lke to spend the weekends exclusively with our twin girls and that leaves out most other activities. dont think im ignoring your request if it takes me a couple of days. thanks

#10 faceman802

faceman802
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 19 October 2009 - 04:12 PM

downloaded and ran combo fix on my computer. here is the log after it did what it does



ComboFix 09-10-19.01 - Owner 10/19/2009 16:41.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.460 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\adyfyky.vbs
c:\documents and settings\All Users\Application Data\kegi.bat
c:\documents and settings\All Users\Application Data\kovar.lib
c:\documents and settings\All Users\Application Data\navocidib.sys
c:\documents and settings\All Users\Application Data\onegujobur.scr
c:\documents and settings\All Users\Application Data\xysywu.dl
c:\documents and settings\All Users\Documents\jopu.bin
c:\documents and settings\All Users\Documents\kizut.dll
c:\documents and settings\All Users\Documents\kyzop.inf
c:\documents and settings\All Users\Documents\luwavozo.reg
c:\documents and settings\All Users\Documents\rakuzybi.inf
c:\documents and settings\Owner\Application Data\binibix.inf
c:\documents and settings\Owner\Application Data\execudem.bat
c:\documents and settings\Owner\Application Data\iniasd.txt
c:\documents and settings\Owner\Application Data\lokefubil.reg
c:\documents and settings\Owner\Application Data\myri.scr
c:\documents and settings\Owner\Cookies\ezax.ban
c:\documents and settings\Owner\Cookies\ikofutot.pif
c:\documents and settings\Owner\Cookies\lynyhe.pif
c:\documents and settings\Owner\Cookies\odoqyr.bat
c:\documents and settings\Owner\Cookies\ogetumyfok.com
c:\documents and settings\Owner\Cookies\ohowaz.reg
c:\documents and settings\Owner\Cookies\onytybe.ban
c:\documents and settings\Owner\Cookies\pyjiwojyr.pif
c:\documents and settings\Owner\Cookies\qefu.com
c:\documents and settings\Owner\Cookies\umefi.reg
c:\documents and settings\Owner\Cookies\unisi.inf
c:\documents and settings\Owner\Cookies\uwyxywohan.com
c:\documents and settings\Owner\Cookies\yhynagudil.inf
c:\documents and settings\Owner\Local Settings\Application Data\acojuxaby.com
c:\documents and settings\Owner\Local Settings\Application Data\sezu.inf
c:\documents and settings\Owner\Local Settings\Application Data\vinonyd.exe
c:\documents and settings\Owner\Local Settings\Application Data\ycyry.scr
c:\documents and settings\Owner\Local Settings\Application Data\yhixinudip.pif
c:\documents and settings\Owner\Local Settings\Application Data\yjyk.pif
c:\documents and settings\Owner\Local Settings\Application Data\ymut.bat
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\acekysi.inf
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\bemenojojo.bin
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\eginy._dl
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\feki.scr
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\finacijopy.ban
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\garycobi.inf
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\hylikad.pif
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\kujiku.inf
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\myjofuvas.inf
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\nofejyzite._sy
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\orub.sys
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\orynixo.scr
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\uhen.vbs
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\utequvu.db
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\vicy.dat
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ygicugew.inf
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ysekas.scr
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\yvad.inf
c:\program files\Common Files\doho.inf
c:\program files\Common Files\eceveq._dl
c:\program files\Common Files\erygefe.reg
c:\program files\Common Files\irecegeh.reg
c:\program files\Common Files\ivinitanog.inf
c:\program files\Common Files\pynajunos.vbs
c:\program files\Common Files\wuzaxyk.inf
c:\program files\Shared
c:\recycler\S-1-5-21-0846239897-7346209932-750584257-3303
c:\recycler\S-1-5-21-108238629-2543261533-15658814-1003
c:\recycler\S-1-5-21-1237417076-4124189201-3592717025-1003
c:\recycler\S-1-5-21-1721341099-3708994434-4238310092-1003
c:\recycler\S-1-5-21-1935193532-3380928342-1166660273-1003
c:\recycler\S-1-5-21-1960408961-2049760794-839522115-1003
c:\recycler\S-1-5-21-220650388-3502263770-1871395884-1003
c:\recycler\S-1-5-21-369970505-783447879-1513832709-1003
c:\recycler\S-1-5-21-4036989668-434027977-1680690991-1003
c:\recycler\S-1-5-21-5430557659-7326644363-742594915-3010
c:\recycler\S-1-5-21-729851438-799874365-1875046073-1003
c:\recycler\S-1-5-21-7672626223-9322455209-877027130-4472
c:\recycler\S-1-5-21-8186791229-5795075160-405618126-0494
c:\windows\acasuvuty.bin
c:\windows\ahexavode.exe
c:\windows\donysa.vbs
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
c:\windows\enuq.scr
c:\windows\epyguxaso.reg
c:\windows\ijokavini.exe
c:\windows\iwyf._dl
c:\windows\mycyqyhaqe.vbs
c:\windows\nezi.inf
c:\windows\ocopycal._sy
c:\windows\ovet.ban
c:\windows\putyfavu.inf
c:\windows\sofoqyviri.pif
c:\windows\syjyky.vbs
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\41.exe
c:\windows\system32\491.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\enehe.scr
c:\windows\system32\jygeku.vbs
c:\windows\system32\nohywunar.ban
c:\windows\system32\owebeh._dl
c:\windows\system32\sinyxeq._sy
c:\windows\yjocawy.vbs
c:\windows\ypem.dl
c:\windows\yrerejyro.vbs
c:\windows\zupakojofi.bin

.
((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-15 10:34 . 2009-10-17 12:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-14 20:53 . 2009-10-14 20:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-13 13:35 . 2009-10-13 13:35 -------- d-----w- c:\program files\iXi Tools
2009-10-06 15:15 . 2009-10-07 11:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-06 15:14 . 2009-10-06 15:14 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-06 15:11 . 2009-10-06 15:11 -------- d-----w- c:\program files\Microsoft
2009-10-02 00:05 . 2009-10-02 00:08 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller
2009-10-02 00:01 . 2009-10-02 00:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft
2009-10-01 23:54 . 2009-10-01 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Motive
2009-10-01 23:51 . 2009-10-01 23:53 -------- d-----w- c:\program files\Common Files\Motive
2009-10-01 23:51 . 2009-10-01 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-09-28 22:29 . 2009-09-28 21:58 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-28 21:58 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-28 21:56 . 2009-09-28 21:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-28 21:56 . 2009-09-28 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-28 21:56 . 2009-09-28 21:56 -------- d-----w- c:\program files\Lavasoft
2009-09-26 20:11 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-26 20:11 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-26 20:10 . 2009-09-26 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-26 10:47 . 2009-10-14 20:16 744 ----a-w- c:\windows\system32\wininit.dll
2009-09-26 01:49 . 2009-09-26 01:49 108 ----a-w- c:\windows\system32\temp32.bat
2009-09-26 01:48 . 2009-09-26 01:48 17240 ----a-w- c:\windows\system32\ojejyv.dat
2009-09-21 19:59 . 2009-09-21 20:46 -------- d-----w- C:\wnted
2009-09-21 13:03 . 2009-09-21 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-21 13:03 . 2009-09-21 13:03 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-20 15:41 . 2009-09-20 15:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 20:55 . 2009-03-01 20:27 359639072 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-19 20:53 . 2009-03-01 20:27 4214540 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-19 11:20 . 2009-03-01 17:34 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-10-09 00:04 . 2009-07-15 20:12 -------- d-----w- c:\program files\Verizon
2009-10-06 15:15 . 2009-03-01 21:03 -------- d-----w- c:\program files\Windows Live
2009-10-01 21:59 . 2009-08-18 21:45 1779488 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-01 21:59 . 2009-08-18 21:45 167684 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-01 21:58 . 2009-07-15 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Verizon
2009-10-01 21:58 . 2009-07-15 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2009-09-27 11:46 . 2009-09-08 13:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-27 01:00 . 2009-06-27 01:00 44970 --sha-w- c:\windows\system32\vukoguha.exe
2009-09-26 01:48 . 2009-09-26 01:48 14862 ----a-w- c:\documents and settings\Owner\Application Data\rumuvac.dat
2009-09-26 01:48 . 2009-09-26 01:48 15405 ----a-w- c:\documents and settings\All Users\Application Data\uwupasi.dat
2009-09-26 01:13 . 2009-09-08 13:08 -------- d-----w- c:\program files\McAfee
2009-09-26 01:01 . 2009-09-26 01:01 15806 ----a-w- c:\program files\Common Files\gilupiv.db
2009-09-26 01:01 . 2009-09-26 01:01 12978 ----a-w- c:\program files\Common Files\vewu.lib
2009-09-26 01:01 . 2009-09-26 01:01 10109 ----a-w- c:\program files\Common Files\fimus.lib
2009-09-21 20:33 . 2009-04-28 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-18 23:21 . 2009-03-04 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-11 14:18 . 2002-02-15 16:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 10:06 . 2009-09-10 10:06 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-08 16:11 . 2009-09-08 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-08 15:00 . 2009-09-08 15:00 -------- d-----w- c:\documents and settings\Owner\Application Data\ATI
2009-09-08 15:00 . 2009-09-08 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-09-08 14:59 . 2009-09-08 14:59 0 ----a-w- c:\windows\ativpsrm.bin
2009-09-08 14:56 . 2002-02-15 18:16 -------- d-----w- c:\program files\Java
2009-09-08 14:21 . 2002-02-16 03:32 -------- d-----w- c:\program files\ATI Technologies
2009-09-08 14:17 . 2002-02-15 18:03 -------- d-----w- c:\program files\InstallShield Installation Information
2009-09-08 14:17 . 2002-02-15 18:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-08 13:18 . 2009-09-08 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-08 13:17 . 2009-09-08 13:17 -------- d-----w- c:\program files\SiteAdvisor
2009-09-08 13:11 . 2009-09-08 13:09 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-08 13:09 . 2009-09-08 13:09 -------- d-----w- c:\program files\McAfee.com
2009-09-07 23:39 . 2009-09-07 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2009-09-07 21:46 . 2009-09-07 21:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2009-09-07 21:42 . 2009-09-07 21:41 -------- d-----w- c:\program files\Linksys
2009-09-07 21:40 . 2009-09-07 21:40 -------- d-----w- c:\program files\WebEx
2009-09-07 21:39 . 2009-09-07 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-09-07 21:39 . 2009-09-07 21:39 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-09-07 21:06 . 2009-09-06 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-09-07 14:28 . 2009-09-07 14:28 1264 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-09-06 01:28 . 2009-09-06 00:45 16 ----a-w- c:\windows\system32\drivers\fidbox.dat.szfi
2009-09-06 00:38 . 2009-09-06 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-09-06 00:36 . 2009-09-06 00:36 -------- d-----w- c:\program files\Common Files\iS3
2009-09-06 00:33 . 2009-09-06 00:33 17087 ----a-w- c:\windows\ovosi.sys
2009-09-06 00:33 . 2009-09-06 00:33 15988 ----a-w- c:\windows\system32\somem.pif
2009-09-06 00:33 . 2009-09-06 00:33 14320 ----a-w- c:\program files\Common Files\otib.bin
2009-09-06 00:33 . 2009-09-06 00:33 12972 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\ilofysyhef.dat
2009-09-06 00:33 . 2009-09-06 00:33 12626 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\azefijop.sys
2009-09-06 00:33 . 2009-09-06 00:33 11544 ----a-w- c:\windows\geqabobug.dat
2009-09-05 18:25 . 2009-09-05 18:25 11999 ----a-w- c:\program files\Common Files\rufo.sys
2009-09-05 18:25 . 2009-09-05 18:25 14044 ----a-w- c:\program files\Common Files\kafuly.dll
2009-09-05 18:25 . 2009-09-05 18:25 11073 ----a-w- c:\program files\Common Files\osah.db
2009-09-05 18:25 . 2009-09-05 18:25 17212 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\ifad.sys
2009-09-05 18:25 . 2009-09-05 18:25 13637 ----a-w- c:\windows\nerisef.dat
2009-09-05 18:25 . 2009-09-05 18:25 10931 ----a-w- c:\windows\gecy.sys
2009-09-05 18:25 . 2009-09-05 18:25 18761 ----a-w- c:\windows\system32\ywujihixi.com
2009-09-05 18:25 . 2009-09-05 18:25 17932 ----a-w- c:\windows\cinemap.dat
2009-09-05 18:25 . 2009-09-05 18:25 11314 ----a-w- c:\documents and settings\All Users\Application Data\xigup.dat
2009-09-05 18:13 . 2009-09-05 18:13 18037 ----a-w- c:\program files\Common Files\xixemuqox.sys
2009-09-05 18:13 . 2009-09-05 18:13 16879 ----a-w- c:\program files\Common Files\voveq.com
2009-09-05 18:13 . 2009-09-05 18:13 16181 ----a-w- c:\windows\vabo.sys
2009-09-05 18:13 . 2009-09-05 18:13 15239 ----a-w- c:\documents and settings\All Users\Application Data\eduhy.bin
2009-09-05 18:13 . 2009-09-05 18:13 15195 ----a-w- c:\windows\yrygegu.bin
2009-09-05 18:13 . 2009-09-05 18:13 11620 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\harogazen.sys
2009-09-05 18:13 . 2009-09-05 18:13 10550 ----a-w- c:\windows\system32\oriwyqiqud.dll
2009-09-04 21:03 . 2002-02-15 16:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 23:12 . 2002-02-15 18:17 -------- d-----w- c:\program files\Ahead
2009-08-29 08:08 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 11:31 . 2009-03-04 02:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-08-26 08:00 . 2002-02-15 16:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 02:57 . 2009-08-26 02:57 262144 ----a-w- C:\ntuser.dat
2009-08-26 02:57 . 2009-03-04 02:52 -------- d-----w- c:\program files\Yahoo!
2009-08-26 02:56 . 2009-03-04 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-06 23:24 . 2009-03-01 17:22 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2009-03-01 17:22 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2009-03-01 17:22 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2008-10-16 19:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2002-02-15 17:57 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2002-02-15 16:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2009-03-01 17:22 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-03-02 13:21 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-10-16 19:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2002-02-15 17:57 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 08:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-29 01:04 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 03:18 . 2009-03-01 18:28 76896 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-28 22:41 . 2009-07-28 22:41 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 09:23 . 2009-03-02 01:17 411368 ----a-w- c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

[7] 2003-03-31 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-14 339968]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2003-07-30 515584]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^is-0OH4M.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\is-0OH4M.lnk
backup=c:\windows\pss\is-0OH4M.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^scandisk.dll]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.dll
backup=c:\windows\pss\scandisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^scandisk.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.lnk
backup=c:\windows\pss\scandisk.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"RP_FWS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\GameTap Web Player\\bin\\release\\GameTapPlayer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsshld.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/28/2009 5:58 PM 64160]
R1 is-0OH4Mdrv;is-0OH4Mdrv;c:\windows\system32\drivers\84814866.sys [7/17/2009 3:34 PM 148496]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/8/2009 9:16 AM 210216]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
S2 pwyjkzqmfnpnlj;pwyjkzqmfnpnlj;\??\c:\windows\system32\drivers\wvkgovcgpuzbj.sys --> c:\windows\system32\drivers\wvkgovcgpuzbj.sys [?]

NETSVCS REQUIRES REPAIRS - current entries shown

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 21:57]

2009-10-19 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-03-07 04:55]

2009-09-08 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-08 01:26]

2009-09-08 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-08 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: plaxo.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\i0iz5vv8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\i0iz5vv8.default\extensions\GameTap@gametap.com\plugins\npGameTapWebUpdater.dll
FF - plugin: c:\program files\GameTap Web Player\bin\release\npGameTapWebPlayer.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

BHO-{97f6846e-4833-4cb5-8cae-4baca94ddab6} - (no file)
Toolbar-SITEguard - (no file)
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
SharedTaskScheduler-{cdff20f0-3a8b-472e-bcbb-23818721734e} - (no file)
SharedTaskScheduler-{8b83da6e-5d54-46b0-b56b-7633619adf48} - c:\windows\system32\juyobosu.dll
SSODL-jakazegiw-{cdff20f0-3a8b-472e-bcbb-23818721734e} - (no file)
SSODL-tubamiter-{8b83da6e-5d54-46b0-b56b-7633619adf48} - c:\windows\system32\juyobosu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 16:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3572605277-2274713198-2331508255-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1352)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\combofix\CF15091.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-10-19 17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 21:08

Pre-Run: 79,171,194,880 bytes free
Post-Run: 79,549,480,960 bytes free

- - End Of File - - 962C7BBD549F038666F27223D117F1E0

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:53 PM

Posted 20 October 2009 - 12:01 PM

Hi,

we need to check some things, your PC is heavily infected and some windows entries seem to have been corrupted. Just in case do you have your windows CD handy?

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :reg
    hklm\software\microsoft\windows nt\currentversion\svchost
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply
Open Notepad and copy/paste the code box below into a new text file.
@echo off
swreg query hklm\system\currentcontrolset\services /s |(
SED -r "/^HK|^ +ImagePath.*-k netsvcs/I!d" |(
SED -r ":a; $!N;s/\n.*\t.*/\t/;ta;P;D" |(
SED -r "/.*\\(.*)\t/!d; s//\1/"
)))>Log.txt
Start Notepad Log.txt
  • Save the file as regquery.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "regquery.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • It will open a text file, please copy the content in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 faceman802

faceman802
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 20 October 2009 - 02:16 PM

I have the system restore cd that came with the computer and the xp SP2 disk. SP3 I downloaded from microsoft.com


system look log

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:10 on 20/10/2009 by Owner (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"DcomLaunch"="DcomLaunch TermService"
"dot3svc"="dot3svc"
"eapsvcs"="eaphost"
"HTTPFilter"="HTTPFilter"
"imgsvc"="StiSvc"
"LocalService"="Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV"
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt TermService wuauserv BITS ShellHWDetection helpsvc WmdmPmSN xmlprov wscsvc napagent hkmsvc"
"NetworkService"="DnsCache"
"rpcss"="RpcSs"
"termsvcs"="TermService"
"WudfServiceGroup"="WUDFSvc"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]


-=End Of File=-



regquery log

AppMgmt
AudioSrv
BITS
Browser
CryptSvc
Dhcp
dmserver
ERSvc
EventSystem
FastUserSwitchingCompatibility
helpsvc
HidServ
hkmsvc
lanmanserver
lanmanworkstation
Messenger
napagent
Netman
Nla
NtmsSvc
RasAuto
RasMan
RemoteAccess
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
srservice
TapiSrv
Themes
TrkWks
W32Time
winmgmt
WmdmPmSN
wscsvc
wuauserv
WZCSVC
xmlprov

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:53 PM

Posted 21 October 2009 - 06:42 AM

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\temp32.bat
c:\windows\system32\ojejyv.dat
c:\windows\system32\vukoguha.exe
c:\documents and settings\Owner\Application Data\rumuvac.dat
c:\documents and settings\All Users\Application Data\uwupasi.dat
c:\program files\Common Files\gilupiv.db
c:\program files\Common Files\vewu.lib
c:\program files\Common Files\fimus.lib
c:\windows\ativpsrm.bin
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\drivers\fidbox.dat.szfi
c:\windows\ovosi.sys
c:\windows\system32\somem.pif
c:\program files\Common Files\otib.bin
c:\documents and settings\Owner\Local Settings\Application Data\ilofysyhef.dat
c:\documents and settings\Owner\Local Settings\Application Data\azefijop.sys
c:\windows\geqabobug.dat
c:\program files\Common Files\rufo.sys
c:\program files\Common Files\kafuly.dll
c:\program files\Common Files\osah.db
c:\documents and settings\Owner\Local Settings\Application Data\ifad.sys
c:\windows\nerisef.dat
c:\windows\gecy.sys
c:\windows\system32\ywujihixi.com
c:\windows\cinemap.dat
c:\documents and settings\All Users\Application Data\xigup.dat
c:\program files\Common Files\xixemuqox.sys
c:\program files\Common Files\voveq.com
c:\windows\vabo.sys
c:\documents and settings\All Users\Application Data\eduhy.bin
c:\windows\yrygegu.bin
c:\documents and settings\Owner\Local Settings\Application Data\harogazen.sys
c:\windows\system32\oriwyqiqud.dll
c:\windows\system32\drivers\84814866.sys
c:\windows\system32\drivers\wvkgovcgpuzbj.sys

Folder::
C:\wnted

FCopy::
c:\windows\system32\dllcache\beep.sys | c:\windows\system32\drivers\beep.sys

Driver::
is-0OH4Mdrv
pwyjkzqmfnpnlj


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 faceman802

faceman802
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 21 October 2009 - 03:47 PM

newest combofix log

ComboFix 09-10-20.03 - Owner 10/21/2009 16:25.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.504 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\All Users\Application Data\eduhy.bin"
"c:\documents and settings\All Users\Application Data\uwupasi.dat"
"c:\documents and settings\All Users\Application Data\xigup.dat"
"c:\documents and settings\Owner\Application Data\rumuvac.dat"
"c:\documents and settings\Owner\Local Settings\Application Data\azefijop.sys"
"c:\documents and settings\Owner\Local Settings\Application Data\harogazen.sys"
"c:\documents and settings\Owner\Local Settings\Application Data\ifad.sys"
"c:\documents and settings\Owner\Local Settings\Application Data\ilofysyhef.dat"
"c:\program files\Common Files\fimus.lib"
"c:\program files\Common Files\gilupiv.db"
"c:\program files\Common Files\kafuly.dll"
"c:\program files\Common Files\osah.db"
"c:\program files\Common Files\otib.bin"
"c:\program files\Common Files\rufo.sys"
"c:\program files\Common Files\vewu.lib"
"c:\program files\Common Files\voveq.com"
"c:\program files\Common Files\xixemuqox.sys"
"c:\windows\ativpsrm.bin"
"c:\windows\cinemap.dat"
"c:\windows\gecy.sys"
"c:\windows\geqabobug.dat"
"c:\windows\nerisef.dat"
"c:\windows\ovosi.sys"
"c:\windows\system32\drivers\84814866.sys"
"c:\windows\system32\drivers\fidbox.dat.szfi"
"c:\windows\system32\drivers\kgpcpy.cfg"
"c:\windows\system32\drivers\wvkgovcgpuzbj.sys"
"c:\windows\system32\ojejyv.dat"
"c:\windows\system32\oriwyqiqud.dll"
"c:\windows\system32\somem.pif"
"c:\windows\system32\temp32.bat"
"c:\windows\system32\vukoguha.exe"
"c:\windows\system32\ywujihixi.com"
"c:\windows\vabo.sys"
"c:\windows\yrygegu.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\eduhy.bin
c:\documents and settings\All Users\Application Data\uwupasi.dat
c:\documents and settings\All Users\Application Data\xigup.dat
c:\documents and settings\Owner\Application Data\rumuvac.dat
c:\documents and settings\Owner\Local Settings\Application Data\azefijop.sys
c:\documents and settings\Owner\Local Settings\Application Data\harogazen.sys
c:\documents and settings\Owner\Local Settings\Application Data\ifad.sys
c:\documents and settings\Owner\Local Settings\Application Data\ilofysyhef.dat
c:\program files\Common Files\fimus.lib
c:\program files\Common Files\gilupiv.db
c:\program files\Common Files\kafuly.dll
c:\program files\Common Files\osah.db
c:\program files\Common Files\otib.bin
c:\program files\Common Files\rufo.sys
c:\program files\Common Files\vewu.lib
c:\program files\Common Files\voveq.com
c:\program files\Common Files\xixemuqox.sys
c:\windows\ativpsrm.bin
c:\windows\cinemap.dat
c:\windows\gecy.sys
c:\windows\geqabobug.dat
c:\windows\nerisef.dat
c:\windows\ovosi.sys
c:\windows\system32\drivers\84814866.sys
c:\windows\system32\drivers\fidbox.dat.szfi
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\ojejyv.dat
c:\windows\system32\oriwyqiqud.dll
c:\windows\system32\somem.pif
c:\windows\system32\temp32.bat
c:\windows\system32\vukoguha.exe
c:\windows\system32\ywujihixi.com
c:\windows\vabo.sys
c:\windows\yrygegu.bin
C:\wnted
c:\wnted\VIDEO_TS.BUP
c:\wnted\VIDEO_TS.IFO
c:\wnted\VIDEO_TS.VOB
c:\wnted\VTS_01_0.BUP
c:\wnted\VTS_01_0.IFO
c:\wnted\VTS_01_0.VOB
c:\wnted\VTS_01_1.VOB
c:\wnted\VTS_01_2.VOB
c:\wnted\VTS_01_3.VOB
c:\wnted\VTS_01_4.VOB
c:\wnted\VTS_01_5.VOB
c:\wnted\VTS_02_0.BUP
c:\wnted\VTS_02_0.IFO
c:\wnted\VTS_02_0.VOB
c:\wnted\VTS_02_1.VOB
c:\wnted\VTS_03_0.BUP
c:\wnted\VTS_03_0.IFO
c:\wnted\VTS_03_0.VOB
c:\wnted\VTS_03_1.VOB
c:\wnted\VTS_04_0.BUP
c:\wnted\VTS_04_0.IFO
c:\wnted\VTS_04_0.VOB
c:\wnted\VTS_04_1.VOB

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\beep.sys --> c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IS-0OH4MDRV
-------\Legacy_PWYJKZQMFNPNLJ
-------\Service_is-0OH4Mdrv
-------\Service_pwyjkzqmfnpnlj


((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 20:25 . 2003-03-31 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-10-21 20:25 . 2003-03-31 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-10-15 10:34 . 2009-10-17 12:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-14 20:53 . 2009-10-14 20:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-13 13:35 . 2009-10-13 13:35 -------- d-----w- c:\program files\iXi Tools
2009-10-06 15:15 . 2009-10-07 11:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-06 15:14 . 2009-10-06 15:14 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-06 15:11 . 2009-10-06 15:11 -------- d-----w- c:\program files\Microsoft
2009-10-02 00:05 . 2009-10-02 00:08 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller
2009-10-02 00:01 . 2009-10-02 00:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft
2009-10-01 23:54 . 2009-10-01 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Motive
2009-10-01 23:51 . 2009-10-01 23:53 -------- d-----w- c:\program files\Common Files\Motive
2009-10-01 23:51 . 2009-10-01 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-09-28 22:29 . 2009-09-28 21:58 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-28 21:58 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-28 21:56 . 2009-09-28 21:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-28 21:56 . 2009-09-28 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-28 21:56 . 2009-09-28 21:56 -------- d-----w- c:\program files\Lavasoft
2009-09-26 20:11 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-26 20:11 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-26 20:10 . 2009-09-26 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-26 10:47 . 2009-10-14 20:16 744 ----a-w- c:\windows\system32\wininit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 20:36 . 2009-03-01 20:27 4422212 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-21 20:36 . 2009-03-01 20:27 377270304 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-21 11:20 . 2009-03-01 17:34 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-10-21 10:32 . 2009-09-08 13:08 -------- d-----w- c:\program files\McAfee
2009-10-09 00:04 . 2009-07-15 20:12 -------- d-----w- c:\program files\Verizon
2009-10-06 15:15 . 2009-03-01 21:03 -------- d-----w- c:\program files\Windows Live
2009-10-01 21:59 . 2009-08-18 21:45 1779488 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-01 21:59 . 2009-08-18 21:45 167684 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-01 21:58 . 2009-07-15 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Verizon
2009-10-01 21:58 . 2009-07-15 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2009-09-27 11:46 . 2009-09-08 13:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-21 20:33 . 2009-04-28 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-21 13:03 . 2009-09-21 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-21 13:03 . 2009-09-21 13:03 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-20 15:41 . 2009-09-20 15:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Viewpoint
2009-09-18 23:21 . 2009-03-04 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-16 14:22 . 2009-09-08 13:11 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2009-09-08 13:11 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2009-09-08 13:11 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2009-09-08 13:05 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2009-09-08 13:05 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2002-02-15 16:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 10:06 . 2009-09-10 10:06 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-08 16:11 . 2009-09-08 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-08 15:00 . 2009-09-08 15:00 -------- d-----w- c:\documents and settings\Owner\Application Data\ATI
2009-09-08 15:00 . 2009-09-08 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-09-08 14:56 . 2002-02-15 18:16 -------- d-----w- c:\program files\Java
2009-09-08 14:21 . 2002-02-16 03:32 -------- d-----w- c:\program files\ATI Technologies
2009-09-08 14:17 . 2002-02-15 18:03 -------- d-----w- c:\program files\InstallShield Installation Information
2009-09-08 14:17 . 2002-02-15 18:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-08 13:18 . 2009-09-08 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-08 13:17 . 2009-09-08 13:17 -------- d-----w- c:\program files\SiteAdvisor
2009-09-08 13:11 . 2009-09-08 13:09 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-08 13:09 . 2009-09-08 13:09 -------- d-----w- c:\program files\McAfee.com
2009-09-07 23:39 . 2009-09-07 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2009-09-07 21:46 . 2009-09-07 21:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2009-09-07 21:42 . 2009-09-07 21:41 -------- d-----w- c:\program files\Linksys
2009-09-07 21:40 . 2009-09-07 21:40 -------- d-----w- c:\program files\WebEx
2009-09-07 21:39 . 2009-09-07 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-09-07 21:39 . 2009-09-07 21:39 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-09-07 21:06 . 2009-09-06 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-09-06 00:38 . 2009-09-06 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-09-06 00:36 . 2009-09-06 00:36 -------- d-----w- c:\program files\Common Files\iS3
2009-09-04 21:03 . 2002-02-15 16:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 23:12 . 2002-02-15 18:17 -------- d-----w- c:\program files\Ahead
2009-08-29 08:08 . 2006-06-23 16:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 11:31 . 2009-03-04 02:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-08-26 08:00 . 2002-02-15 16:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 02:57 . 2009-08-26 02:57 262144 ----a-w- C:\ntuser.dat
2009-08-26 02:57 . 2009-03-04 02:52 -------- d-----w- c:\program files\Yahoo!
2009-08-26 02:56 . 2009-03-04 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-06 23:24 . 2009-03-01 17:22 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2009-03-01 17:22 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2009-03-01 17:22 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2008-10-16 19:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2002-02-15 17:57 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2002-02-15 16:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2009-03-01 17:22 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-03-02 13:21 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-10-16 19:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2002-02-15 17:57 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 08:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-29 01:04 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 03:18 . 2009-03-01 18:28 76896 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-28 22:41 . 2009-07-28 22:41 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 09:23 . 2009-03-02 01:17 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-19_20.55.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-21 20:38 . 2009-10-21 20:38 16384 c:\windows\Temp\Perflib_Perfdata_a08.dat
+ 2009-10-20 00:16 . 2009-10-21 20:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2002-02-15 18:00 . 2009-10-21 20:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2002-02-15 18:00 . 2009-10-19 19:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-20 00:16 . 2009-10-21 20:12 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2002-02-15 18:00 . 2009-10-19 19:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-14 339968]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2003-07-30 515584]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^is-0OH4M.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\is-0OH4M.lnk
backup=c:\windows\pss\is-0OH4M.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^scandisk.dll]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.dll
backup=c:\windows\pss\scandisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^scandisk.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.lnk
backup=c:\windows\pss\scandisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"RP_FWS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\GameTap Web Player\\bin\\release\\GameTapPlayer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsshld.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/28/2009 5:58 PM 64160]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/8/2009 9:16 AM 210216]
S2 0322941256121191mcinstcleanup;McAfee Application Installer Cleanup (0322941256121191);c:\windows\TEMP\032294~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\032294~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 21:57]

2009-10-21 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-03-07 04:55]

2009-09-08 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-08 16:22]

2009-09-08 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-08 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: plaxo.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\i0iz5vv8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\i0iz5vv8.default\extensions\GameTap@gametap.com\plugins\npGameTapWebUpdater.dll
FF - plugin: c:\program files\GameTap Web Player\bin\release\npGameTapWebPlayer.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 16:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3572605277-2274713198-2331508255-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\combofix\CF3365.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\msiexec.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\System32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-21 16:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-21 20:44
ComboFix2.txt 2009-10-19 21:08

Pre-Run: 79,346,909,184 bytes free
Post-Run: 79,424,442,368 bytes free

- - End Of File - - 71A09083134520FD5CE01EBC4699609B

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:53 PM

Posted 21 October 2009 - 07:00 PM

Hi,

the log is looking rather good. How is your PC doing?

Please run a scan with malwarebytes for confirmation:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users