Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove koobface


  • Please log in to reply
7 replies to this topic

#1 Steve Whalen

Steve Whalen

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 08 November 2009 - 11:15 AM

Hello,

I was getting several popups claiming to be virus scanners. Panda ActiveScan indicated several active instances of W32/Koobface.FL.worm. I tried MS Malicious Software Removal Tool. It would consistently encounter an error and attempt to close, requiring me to kill it in Task Manager. Running it in Safe Mode did partially work; it found and removed two instances.

However, Panda still says I have one active W32/Koobface.FL.worm. I am still getting one particular popup, though it's always a 404. MS Malicious Software Removal Tool finds nothing. Spybot S&D also finds nothing.

DDS log is below.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Vicki Moeckly at 9:47:24.51 on Sun 11/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.546 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\pp12.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vicki Moeckly\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://desmoines.mediacomtoday.com/community/index.php
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {61bacec0-3751-4595-af65-2e03746fd627} - c:\windows\system32\pmkjh.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SoftSoldier] c:\program files\softsoldier software\softsoldier\SoftSoldier.exe -min
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [pp] c:\windows\pp12.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mExplorerRun: [win1AB.tmp.exe] c:\windows\temp\win1AB.tmp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: oprah.com\www2
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {3FC4CAA7-71B5-44FC-A516-61D2AC9EF30D} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vickim~1\applic~1\mozilla\firefox\profiles\9xjhl0i2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-21 28552]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

=============== Created Last 30 ================

2009-12-26 22:31:57 16529 ----a-w- c:\windows\35baaddwarz9240.ocx
2009-12-25 14:55:49 8132 ----a-w- c:\windows\3222thzea5293339.cpl
2009-12-25 11:47:53 11799 ----a-w- c:\windows\5db0vir999z.ocx
2009-12-25 04:38:10 5799 ----a-w- c:\windows\z30569orm754.dll
2009-12-23 14:31:53 16309 ----a-w- c:\windows\system32\z5006troj497.dll
2009-12-23 14:16:48 8792 ----a-w- c:\windows\6739sp5mbot2z9.cpl
2009-12-21 17:48:19 16841 ----a-w- c:\windows\49b9vir569z.dll
2009-12-21 03:34:51 2701 ----a-w- c:\windows\7bb3szy9are23555.bin
2009-12-20 11:13:49 17397 ----a-w- c:\windows\system32\29cb9hrz5t1497.ocx
2009-12-19 16:04:49 2942 ----a-w- c:\windows\1619threz520159.exe
2009-12-19 12:47:20 11517 ----a-w- c:\windows\2z9asparse975.bin
2009-12-19 10:37:57 12128 ----a-w- c:\windows\system32\6905zirusc9.bin
2009-12-13 23:33:56 3358 ----a-w- c:\windows\63f19hreat31562z.cpl
2009-12-13 13:58:38 4225 ----a-w- c:\windows\system32\2494zwo9m185.ocx
2009-12-11 09:25:43 2875 ----a-w- c:\windows\526threaz149545.exe
2009-12-04 03:08:42 10003 ----a-w- c:\windows\system32\13164zroj3e59.ocx
2009-12-03 11:46:29 16991 ----a-w- c:\windows\28590hackt95z786.bin
2009-12-03 02:11:53 3972 ----a-w- c:\windows\20z69vi5us509.bin
2009-12-02 10:28:11 14769 ----a-w- c:\windows\31301troz5099.dll
2009-12-01 20:07:08 9423 ----a-w- c:\windows\system32\1dz8spywa5e27159.exe
2009-11-25 19:29:37 3231 ----a-w- c:\windows\system32\6aabdowzload952576.bin
2009-11-25 14:06:56 3540 ----a-w- c:\windows\4993stealz5915.dll
2009-11-23 22:44:21 16688 ----a-w- c:\windows\system32\5z34downlo9der5463.cpl
2009-11-20 08:28:27 3262 ----a-w- c:\windows\14z519pye0.bin
2009-11-19 06:38:37 11706 ----a-w- c:\windows\system32\44645hzef3909.bin
2009-11-18 20:46:35 11899 ----a-w- c:\windows\1z996troj557.cpl
2009-11-12 21:23:36 6648 ----a-w- c:\windows\system32\655ethze9t16555.dll
2009-11-12 06:22:14 3051 ----a-w- c:\windows\system32\28z59pyware2370.bin
2009-11-10 23:35:40 12387 ----a-w- c:\windows\system32\5914tr5z6b5.cpl
2009-11-10 12:36:55 5635 ----a-w- c:\windows\system32\144zt9rea525322.exe
2009-11-09 08:00:50 14028 ----a-w- c:\windows\18323tzo56249.exe
2009-11-08 04:19:50 0 d-----w- C:\b7de13d1310c3b8a276bd01e1e6be6b6
2009-11-07 18:39:47 0 d-----w- C:\7ce7a3eca54f62f94704b69629
2009-11-07 01:05:48 9328 ----a-w- c:\windows\system32\59d6sparsez757.cpl
2009-11-06 22:28:49 16759 ----a-w- c:\windows\system32\12359spam5otz90.cpl
2009-11-06 22:17:21 6235 ----a-w- c:\windows\system32\745own9oazer3164.cpl
2009-11-05 15:20:07 15807 ----a-w- c:\windows\system32\1457sparze9566.cpl
2009-11-02 14:34:00 10204 ----a-w- c:\windows\system32\39653sz5507.bin
2009-11-01 01:28:34 18196 ----a-w- c:\windows\7d995ir1z19.ocx
2009-10-25 00:36:55 17054 ----a-w- c:\windows\system32\102z4not-a-vir9s51f.ocx
2009-10-22 04:47:52 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-22 01:27:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 16:00:12 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-21 16:00:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-21 08:24:34 13815 ----a-w- c:\windows\system32\1621down9oa5ez1569.exe
2009-10-21 00:40:17 4065 ----a-w- c:\windows\system32\129z5sp97df5.ocx
2009-10-20 05:32:10 10923 ----a-w- c:\windows\system32\69zdspyware59.bin
2009-10-17 23:03:11 7392 ----a-w- c:\windows\53c9v9rz8585.bin
2009-10-17 00:47:24 13888 ----a-w- c:\windows\44f5s5arse1389z.bin
2009-10-16 01:11:56 12956 ----a-w- c:\windows\6283tzr5at29901.dll
2009-10-15 19:43:52 115712 ----a-w- c:\windows\rdr_1255635830.exe
2009-10-15 19:15:03 115712 ----a-w- c:\windows\rdr_1255634101.exe
2009-10-15 19:08:00 13507 ----a-w- c:\windows\15540vi9us5za.cpl
2009-10-15 14:02:17 115712 ----a-w- c:\windows\rdr_1255615334.exe
2009-10-15 13:49:51 64512 ---h--w- c:\windows\pp12.exe
2009-10-15 13:49:51 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2009-10-15 13:49:26 2 ----a-w- c:\windows\0101120101464855.xxe
2009-10-15 13:49:26 1 ---h--w- c:\windows\bk23567.dat
2009-10-15 13:49:24 2 ----a-w- c:\windows\010112010146116101.xxe
2009-10-15 13:48:21 2 ----a-w- c:\windows\010112010146101105.rx
2009-10-15 06:10:34 7993 ----a-w- c:\windows\d9z5ir538.cpl
2009-10-14 12:12:50 4683 ----a-w- c:\windows\z469parse13635.ocx
2009-10-13 18:57:00 13565 ----a-w- c:\windows\system32\691zba5kdoor809.exe
2009-10-12 14:17:21 11842 ----a-w- c:\windows\95495zoj993.dll
2009-10-12 05:14:04 16811 ----a-w- c:\windows\system32\1667ztro95c9.bin
2009-10-12 00:13:11 9563 ----a-w- c:\windows\system32\91395troj1z5.dll
2009-10-11 00:51:56 3333 ----a-w- c:\windows\4558bzckdoor9197.exe
2009-10-10 10:44:02 17460 ----a-w- c:\windows\c9bv5z3193.ocx

==================== Find3M ====================

2009-10-07 20:45:59 4017 ----a-w- c:\windows\5583zownl9ader2557.dll
2009-10-07 11:02:53 4209 ----a-w- c:\windows\system32\65fcz9ief2442.exe
2009-10-06 02:49:02 8405 ----a-w- c:\windows\system32\50c9zhrea55614.bin
2009-10-05 03:33:14 5023 ----a-w- c:\windows\19324n5t-a-vizus1c6.exe
2009-10-04 18:37:44 7655 ----a-w- c:\windows\system32\31695not-a-5irus7ze.dll
2009-10-04 16:19:33 14140 ----a-w- c:\windows\system32\z555wor956b.bin
2009-10-04 02:15:08 5360 ----a-w- c:\windows\system32\13z12t9oj7af5.dll
2009-09-28 22:27:46 29696 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-27 23:43:27 11727 ----a-w- c:\windows\f56z9ief141.dll
2009-09-26 19:22:45 17668 ----a-w- c:\windows\system32\555cbazk9oor1686.dll
2009-09-24 19:25:39 16270 ----a-w- c:\windows\system32\6cf1s5z9se365.dll
2009-09-23 06:44:24 4158 ----a-w- c:\windows\system32\2348addwa9e241z5.exe
2009-09-19 07:57:05 7044 ----a-w- c:\windows\system32\15195spamz9t7c1.bin
2009-09-19 00:04:17 18263 ----a-w- c:\windows\z6a35ddware3209.dll
2009-09-16 10:01:05 3022 ----a-w- c:\windows\720bzownlo5d9r1921.exe
2009-09-15 00:31:47 15222 ----a-w- c:\windows\1905znot-a-vi5us669.exe
2009-09-13 12:14:57 17583 ----a-w- c:\windows\59czsparse917.dll
2009-09-12 23:29:31 2930 ----a-w- c:\windows\2559spyzare181.bin
2009-09-12 20:02:00 16440 ----a-w- c:\windows\50d6downzoa5er1975.bin
2009-09-12 15:27:55 5517 ----a-w- c:\windows\93353spz57b.exe
2009-09-11 17:14:39 8827 ----a-w- c:\windows\system32\3c319teal514z.bin
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 00:19:51 4576 ----a-w- c:\windows\system32\13805virus9zc5.dll
2009-09-06 22:22:35 9221 ----a-w- c:\windows\system32\307t5reatz2579.bin
2009-09-06 05:35:31 6608 ----a-w- c:\windows\system32\12b8stza920245.exe
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 08:40:40 4756 ----a-w- c:\windows\system32\7eacb5ckdo9r2z89.bin
2009-09-03 06:26:25 15923 ----a-w- c:\windows\90z3worm695.exe
2009-09-03 01:53:44 6668 ----a-w- c:\windows\6b45st9al20z1.exe
2009-09-02 22:34:17 5246 ----a-w- c:\windows\system32\2e6fdownzoad9r950.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 09:15:54 5699 ----a-w- c:\windows\3521zspy89.dll
2009-08-26 14:07:03 3377 ----a-w- c:\windows\system32\7f98vir94z5.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 07:49:31 11103 ----a-w- c:\windows\system32\5585sp9ware3098z.dll
2009-08-24 16:08:52 12851 ----a-w- c:\windows\5772st9al1z54.dll
2009-08-21 00:53:10 12113 ----a-w- c:\windows\4490threaz153295.exe
2009-08-20 15:59:54 12901 ----a-w- c:\windows\110bdo9nzoader2125.dll
2009-08-19 17:48:58 6697 ----a-w- c:\windows\system32\7ad9th5zf179.dll
2009-08-15 13:11:41 4189 ----a-w- c:\windows\14997wo5z240.bin
2009-08-12 22:43:46 17672 ----a-w- c:\windows\system32\6959threzt4605.bin
2009-08-10 19:54:08 17835 ----a-w- c:\windows\18935szy19a5.exe
2007-01-07 07:01:23 847040 --sh--w- c:\windows\system32\knnmp.bak1
2007-01-07 10:02:05 847180 --sh--w- c:\windows\system32\knnmp.bak2
2009-01-16 14:34:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011620090117\index.dat

============= FINISH: 9:48:02.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:37 AM

Posted 08 November 2009 - 11:57 AM

Hi,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.
Please also run DDS again and post the first log it gives (DDS.txt).
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 Steve Whalen

Steve Whalen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 09 November 2009 - 12:42 AM

Thank you for the help. I have pasted the GooredFix, MBAM, and DDS logs below.



GooredFix by jpshortstuff (24.09.09.1)
Log created at 22:55 on 08/11/2009 (Vicki Moeckly)
Firefox version 3.5.3 (en-US)

========== GooredScan ==========

Removing registry item: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pp" -> Success!
Deleting file: "C:\WINDOWS\bk23567.dat" -> Success!
Deleting file: "C:\WINDOWS\pp12.exe" -> Success!
Deleting file: "C:\WINDOWS\010112010146101105.rx" -> Success!
Deleting file: "C:\WINDOWS\010112010146116101.xxe" -> Success!
Deleting file: "C:\WINDOWS\0101120101464855.xxe" -> Success!
Deleting file: "C:\WINDOWS\fdgg34353edfgdfdf" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:17 22/10/2009]
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [09:15 07/01/2007]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [17:41 25/05/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [02:37 14/01/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [21:09 08/05/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [17:18 08/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:27 23/05/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:37 14/01/2009]

-=E.O.F=-


Malwarebytes' Anti-Malware 1.41
Database version: 3131
Windows 5.1.2600 Service Pack 3

11/8/2009 11:32:22 PM
mbam-log-2009-11-08 (23-32-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 208527
Time elapsed: 31 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{68d5cf1d-ec5c-4bdd-a9ef-f0e517565d50} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{efbfe8f4-9c2c-454b-ad24-f58d19405561} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FIO32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SfX (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SoftSoldier (Rogue.SoftSoldier) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Vicki Moeckly\Desktop\GooredFix Backups\C\WINDOWS\pp12.exe (Worm.KoobFace) -> Delete on reboot.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP157\A0023850.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP158\A0024271.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP158\A0024272.exe (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1255615334.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1255634101.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1255635830.exe (Trojan.Dropper) -> Quarantined and deleted successfully.




DDS (Ver_09-10-26.01) - NTFSx86
Run by Vicki Moeckly at 23:37:24.40 on Sun 11/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.605 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Vicki Moeckly\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://desmoines.mediacomtoday.com/community/index.php
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {61bacec0-3751-4595-af65-2e03746fd627} - c:\windows\system32\pmkjh.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mExplorerRun: [win1AB.tmp.exe] c:\windows\temp\win1AB.tmp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: oprah.com\www2
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {3FC4CAA7-71B5-44FC-A516-61D2AC9EF30D} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vickim~1\applic~1\mozilla\firefox\profiles\9xjhl0i2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-21 28552]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

=============== Created Last 30 ================

2009-12-26 22:31:57 16529 ----a-w- c:\windows\35baaddwarz9240.ocx
2009-12-25 14:55:49 8132 ----a-w- c:\windows\3222thzea5293339.cpl
2009-12-25 11:47:53 11799 ----a-w- c:\windows\5db0vir999z.ocx
2009-12-25 04:38:10 5799 ----a-w- c:\windows\z30569orm754.dll
2009-12-23 14:31:53 16309 ----a-w- c:\windows\system32\z5006troj497.dll
2009-12-23 14:16:48 8792 ----a-w- c:\windows\6739sp5mbot2z9.cpl
2009-12-21 17:48:19 16841 ----a-w- c:\windows\49b9vir569z.dll
2009-12-21 03:34:51 2701 ----a-w- c:\windows\7bb3szy9are23555.bin
2009-12-20 11:13:49 17397 ----a-w- c:\windows\system32\29cb9hrz5t1497.ocx
2009-12-19 16:04:49 2942 ----a-w- c:\windows\1619threz520159.exe
2009-12-19 12:47:20 11517 ----a-w- c:\windows\2z9asparse975.bin
2009-12-19 10:37:57 12128 ----a-w- c:\windows\system32\6905zirusc9.bin
2009-12-13 23:33:56 3358 ----a-w- c:\windows\63f19hreat31562z.cpl
2009-12-13 13:58:38 4225 ----a-w- c:\windows\system32\2494zwo9m185.ocx
2009-12-11 09:25:43 2875 ----a-w- c:\windows\526threaz149545.exe
2009-12-04 03:08:42 10003 ----a-w- c:\windows\system32\13164zroj3e59.ocx
2009-12-03 11:46:29 16991 ----a-w- c:\windows\28590hackt95z786.bin
2009-12-03 02:11:53 3972 ----a-w- c:\windows\20z69vi5us509.bin
2009-12-02 10:28:11 14769 ----a-w- c:\windows\31301troz5099.dll
2009-12-01 20:07:08 9423 ----a-w- c:\windows\system32\1dz8spywa5e27159.exe
2009-11-25 19:29:37 3231 ----a-w- c:\windows\system32\6aabdowzload952576.bin
2009-11-25 14:06:56 3540 ----a-w- c:\windows\4993stealz5915.dll
2009-11-23 22:44:21 16688 ----a-w- c:\windows\system32\5z34downlo9der5463.cpl
2009-11-20 08:28:27 3262 ----a-w- c:\windows\14z519pye0.bin
2009-11-19 06:38:37 11706 ----a-w- c:\windows\system32\44645hzef3909.bin
2009-11-18 20:46:35 11899 ----a-w- c:\windows\1z996troj557.cpl
2009-11-12 21:23:36 6648 ----a-w- c:\windows\system32\655ethze9t16555.dll
2009-11-12 06:22:14 3051 ----a-w- c:\windows\system32\28z59pyware2370.bin
2009-11-10 23:35:40 12387 ----a-w- c:\windows\system32\5914tr5z6b5.cpl
2009-11-10 12:36:55 5635 ----a-w- c:\windows\system32\144zt9rea525322.exe
2009-11-09 08:00:50 14028 ----a-w- c:\windows\18323tzo56249.exe
2009-11-09 04:58:57 0 d-----w- c:\docume~1\vickim~1\applic~1\Malwarebytes
2009-11-09 04:58:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 04:58:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 04:58:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 04:58:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-08 04:19:50 0 d-----w- C:\b7de13d1310c3b8a276bd01e1e6be6b6
2009-11-07 18:39:47 0 d-----w- C:\7ce7a3eca54f62f94704b69629
2009-11-07 01:05:48 9328 ----a-w- c:\windows\system32\59d6sparsez757.cpl
2009-11-06 22:28:49 16759 ----a-w- c:\windows\system32\12359spam5otz90.cpl
2009-11-06 22:17:21 6235 ----a-w- c:\windows\system32\745own9oazer3164.cpl
2009-11-05 15:20:07 15807 ----a-w- c:\windows\system32\1457sparze9566.cpl
2009-11-02 14:34:00 10204 ----a-w- c:\windows\system32\39653sz5507.bin
2009-11-01 01:28:34 18196 ----a-w- c:\windows\7d995ir1z19.ocx
2009-10-25 00:36:55 17054 ----a-w- c:\windows\system32\102z4not-a-vir9s51f.ocx
2009-10-22 04:47:52 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-22 01:27:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 16:00:12 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-21 16:00:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-21 08:24:34 13815 ----a-w- c:\windows\system32\1621down9oa5ez1569.exe
2009-10-21 00:40:17 4065 ----a-w- c:\windows\system32\129z5sp97df5.ocx
2009-10-20 05:32:10 10923 ----a-w- c:\windows\system32\69zdspyware59.bin
2009-10-17 23:03:11 7392 ----a-w- c:\windows\53c9v9rz8585.bin
2009-10-17 00:47:24 13888 ----a-w- c:\windows\44f5s5arse1389z.bin
2009-10-16 01:11:56 12956 ----a-w- c:\windows\6283tzr5at29901.dll
2009-10-15 19:08:00 13507 ----a-w- c:\windows\15540vi9us5za.cpl
2009-10-15 06:10:34 7993 ----a-w- c:\windows\d9z5ir538.cpl
2009-10-14 12:12:50 4683 ----a-w- c:\windows\z469parse13635.ocx
2009-10-13 18:57:00 13565 ----a-w- c:\windows\system32\691zba5kdoor809.exe
2009-10-12 14:17:21 11842 ----a-w- c:\windows\95495zoj993.dll
2009-10-12 05:14:04 16811 ----a-w- c:\windows\system32\1667ztro95c9.bin
2009-10-12 00:13:11 9563 ----a-w- c:\windows\system32\91395troj1z5.dll
2009-10-11 00:51:56 3333 ----a-w- c:\windows\4558bzckdoor9197.exe
2009-10-10 10:44:02 17460 ----a-w- c:\windows\c9bv5z3193.ocx

==================== Find3M ====================

2009-10-07 20:45:59 4017 ----a-w- c:\windows\5583zownl9ader2557.dll
2009-10-07 11:02:53 4209 ----a-w- c:\windows\system32\65fcz9ief2442.exe
2009-10-06 02:49:02 8405 ----a-w- c:\windows\system32\50c9zhrea55614.bin
2009-10-05 03:33:14 5023 ----a-w- c:\windows\19324n5t-a-vizus1c6.exe
2009-10-04 18:37:44 7655 ----a-w- c:\windows\system32\31695not-a-5irus7ze.dll
2009-10-04 16:19:33 14140 ----a-w- c:\windows\system32\z555wor956b.bin
2009-10-04 02:15:08 5360 ----a-w- c:\windows\system32\13z12t9oj7af5.dll
2009-09-28 22:27:46 29696 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-27 23:43:27 11727 ----a-w- c:\windows\f56z9ief141.dll
2009-09-26 19:22:45 17668 ----a-w- c:\windows\system32\555cbazk9oor1686.dll
2009-09-24 19:25:39 16270 ----a-w- c:\windows\system32\6cf1s5z9se365.dll
2009-09-23 06:44:24 4158 ----a-w- c:\windows\system32\2348addwa9e241z5.exe
2009-09-19 07:57:05 7044 ----a-w- c:\windows\system32\15195spamz9t7c1.bin
2009-09-19 00:04:17 18263 ----a-w- c:\windows\z6a35ddware3209.dll
2009-09-16 10:01:05 3022 ----a-w- c:\windows\720bzownlo5d9r1921.exe
2009-09-15 00:31:47 15222 ----a-w- c:\windows\1905znot-a-vi5us669.exe
2009-09-13 12:14:57 17583 ----a-w- c:\windows\59czsparse917.dll
2009-09-12 23:29:31 2930 ----a-w- c:\windows\2559spyzare181.bin
2009-09-12 20:02:00 16440 ----a-w- c:\windows\50d6downzoa5er1975.bin
2009-09-12 15:27:55 5517 ----a-w- c:\windows\93353spz57b.exe
2009-09-11 17:14:39 8827 ----a-w- c:\windows\system32\3c319teal514z.bin
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 00:19:51 4576 ----a-w- c:\windows\system32\13805virus9zc5.dll
2009-09-06 22:22:35 9221 ----a-w- c:\windows\system32\307t5reatz2579.bin
2009-09-06 05:35:31 6608 ----a-w- c:\windows\system32\12b8stza920245.exe
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 08:40:40 4756 ----a-w- c:\windows\system32\7eacb5ckdo9r2z89.bin
2009-09-03 06:26:25 15923 ----a-w- c:\windows\90z3worm695.exe
2009-09-03 01:53:44 6668 ----a-w- c:\windows\6b45st9al20z1.exe
2009-09-02 22:34:17 5246 ----a-w- c:\windows\system32\2e6fdownzoad9r950.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 09:15:54 5699 ----a-w- c:\windows\3521zspy89.dll
2009-08-26 14:07:03 3377 ----a-w- c:\windows\system32\7f98vir94z5.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 07:49:31 11103 ----a-w- c:\windows\system32\5585sp9ware3098z.dll
2009-08-24 16:08:52 12851 ----a-w- c:\windows\5772st9al1z54.dll
2009-08-21 00:53:10 12113 ----a-w- c:\windows\4490threaz153295.exe
2009-08-20 15:59:54 12901 ----a-w- c:\windows\110bdo9nzoader2125.dll
2009-08-19 17:48:58 6697 ----a-w- c:\windows\system32\7ad9th5zf179.dll
2009-08-15 13:11:41 4189 ----a-w- c:\windows\14997wo5z240.bin
2009-08-12 22:43:46 17672 ----a-w- c:\windows\system32\6959threzt4605.bin
2007-01-07 07:01:23 847040 --sh--w- c:\windows\system32\knnmp.bak1
2007-01-07 10:02:05 847180 --sh--w- c:\windows\system32\knnmp.bak2
2009-01-16 14:34:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011620090117\index.dat

============= FINISH: 23:38:04.50 ===============

#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:37 AM

Posted 09 November 2009 - 02:22 AM

Hi,

OK, let's clean the rest up. First, open Control Panel, click Add/Remove Programs and Remove the following Java version:
Java ™ 6 Update 5


Next, please download the OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
    (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61bacec0-3751-4595-af65-2e03746fd627}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "win1AB.tmp.exe"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{3FC4CAA7-71B5-44FC-A516-61D2AC9EF30D}"=-

    :files
    c:\windows\system32\pmkjh.dll
    c:\windows\temp\win1AB.tmp.exe
    c:\windows\35baaddwarz9240.ocx
    c:\windows\3222thzea5293339.cpl
    c:\windows\5db0vir999z.ocx
    c:\windows\z30569orm754.dll
    c:\windows\system32\z5006troj497.dll
    c:\windows\6739sp5mbot2z9.cpl
    c:\windows\49b9vir569z.dll
    c:\windows\7bb3szy9are23555.bin
    c:\windows\system32\29cb9hrz5t1497.ocx
    c:\windows\1619threz520159.exe
    c:\windows\2z9asparse975.bin
    c:\windows\system32\6905zirusc9.bin
    c:\windows\63f19hreat31562z.cpl
    c:\windows\system32\2494zwo9m185.ocx
    c:\windows\526threaz149545.exe
    c:\windows\system32\13164zroj3e59.ocx
    c:\windows\28590hackt95z786.bin
    c:\windows\20z69vi5us509.bin
    c:\windows\31301troz5099.dll
    c:\windows\system32\1dz8spywa5e27159.exe
    c:\windows\system32\6aabdowzload952576.bin
    c:\windows\4993stealz5915.dll
    c:\windows\system32\5z34downlo9der5463.cpl
    :\windows\14z519pye0.bin
    :\windows\system32\44645hzef3909.bin
    c:\windows\1z996troj557.cpl
    c:\windows\system32\655ethze9t16555.dll
    c:\windows\system32\28z59pyware2370.bin
    c:\windows\system32\5914tr5z6b5.cpl
    c:\windows\system32\144zt9rea525322.exe
    c:\windows\18323tzo56249.exe
    C:\b7de13d1310c3b8a276bd01e1e6be6b6
    C:\7ce7a3eca54f62f94704b69629
    c:\windows\system32\59d6sparsez757.cpl
    c:\windows\system32\12359spam5otz90.cpl
    c:\windows\system32\745own9oazer3164.cpl
    c:\windows\system32\1457sparze9566.cpl
    c:\windows\system32\39653sz5507.bin
    c:\windows\7d995ir1z19.ocx
    c:\windows\system32\102z4not-a-vir9s51f.ocx
    c:\windows\system32\1621down9oa5ez1569.exe
    c:\windows\system32\129z5sp97df5.ocx
    c:\windows\system32\69zdspyware59.bin
    c:\windows\53c9v9rz8585.bin
    c:\windows\44f5s5arse1389z.bin
    c:\windows\6283tzr5at29901.dll
    c:\windows\15540vi9us5za.cpl
    c:\windows\d9z5ir538.cpl
    c:\windows\z469parse13635.ocx
    c:\windows\system32\691zba5kdoor809.exe
    c:\windows\95495zoj993.dll
    c:\windows\system32\1667ztro95c9.bin
    c:\windows\system32\91395troj1z5.dll
    c:\windows\4558bzckdoor9197.exe
    c:\windows\c9bv5z3193.ocx
    c:\windows\5583zownl9ader2557.dll
    c:\windows\system32\65fcz9ief2442.exe
    c:\windows\system32\50c9zhrea55614.bin
    c:\windows\19324n5t-a-vizus1c6.exe
    c:\windows\system32\31695not-a-5irus7ze.dll
    c:\windows\system32\z555wor956b.bin
    c:\windows\system32\13z12t9oj7af5.dll
    c:\windows\f56z9ief141.dll
    c:\windows\system32\555cbazk9oor1686.dll
    c:\windows\system32\6cf1s5z9se365.dll
    c:\windows\system32\2348addwa9e241z5.exe
    c:\windows\system32\15195spamz9t7c1.bin
    c:\windows\z6a35ddware3209.dll
    c:\windows\720bzownlo5d9r1921.exe
    c:\windows\1905znot-a-vi5us669.exe
    c:\windows\59czsparse917.dll
    c:\windows\2559spyzare181.bin
    c:\windows\50d6downzoa5er1975.bin
    c:\windows\93353spz57b.exe
    c:\windows\system32\3c319teal514z.bin
    c:\windows\system32\13805virus9zc5.dll
    c:\windows\system32\307t5reatz2579.bin
    c:\windows\system32\12b8stza920245.exe
    c:\windows\system32\7eacb5ckdo9r2z89.bin
    c:\windows\90z3worm695.exe
    c:\windows\6b45st9al20z1.exe
    c:\windows\system32\2e6fdownzoad9r950.dll
    c:\windows\3521zspy89.dll
    c:\windows\system32\7f98vir94z5.dll
    c:\windows\system32\5585sp9ware3098z.dll
    c:\windows\5772st9al1z54.dll
    c:\windows\4490threaz153295.exe
    c:\windows\110bdo9nzoader2125.dll
    c:\windows\system32\7ad9th5zf179.dll
    c:\windows\14997wo5z240.bin
    c:\windows\system32\6959threzt4605.bin
    c:\windows\system32\knnmp.bak1
    c:\windows\system32\knnmp.bak2

    :Commands
    [emptytemp]
    [Reboot]

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please post a new DDS log as well, and let me know how things are running.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 Steve Whalen

Steve Whalen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 09 November 2009 - 03:48 AM

Thanks again for the quick response!

Here are the new logs.

And it's been a while since I've seen a popup, a nice improvement.



All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61bacec0-3751-4595-af65-2e03746fd627}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61bacec0-3751-4595-af65-2e03746fd627}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run\\win1AB.tmp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\\{3FC4CAA7-71B5-44FC-A516-61D2AC9EF30D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FC4CAA7-71B5-44FC-A516-61D2AC9EF30D}\ not found.
========== FILES ==========
File/Folder c:\windows\system32\pmkjh.dll not found.
File/Folder c:\windows\temp\win1AB.tmp.exe not found.
LoadLibrary failed for c:\windows\35baaddwarz9240.ocx
c:\windows\35baaddwarz9240.ocx NOT unregistered.
c:\windows\35baaddwarz9240.ocx moved successfully.
c:\windows\3222thzea5293339.cpl moved successfully.
LoadLibrary failed for c:\windows\5db0vir999z.ocx
c:\windows\5db0vir999z.ocx NOT unregistered.
c:\windows\5db0vir999z.ocx moved successfully.
LoadLibrary failed for c:\windows\z30569orm754.dll
c:\windows\z30569orm754.dll NOT unregistered.
c:\windows\z30569orm754.dll moved successfully.
LoadLibrary failed for c:\windows\system32\z5006troj497.dll
c:\windows\system32\z5006troj497.dll NOT unregistered.
c:\windows\system32\z5006troj497.dll moved successfully.
c:\windows\6739sp5mbot2z9.cpl moved successfully.
LoadLibrary failed for c:\windows\49b9vir569z.dll
c:\windows\49b9vir569z.dll NOT unregistered.
c:\windows\49b9vir569z.dll moved successfully.
c:\windows\7bb3szy9are23555.bin moved successfully.
LoadLibrary failed for c:\windows\system32\29cb9hrz5t1497.ocx
c:\windows\system32\29cb9hrz5t1497.ocx NOT unregistered.
c:\windows\system32\29cb9hrz5t1497.ocx moved successfully.
c:\windows\1619threz520159.exe moved successfully.
c:\windows\2z9asparse975.bin moved successfully.
c:\windows\system32\6905zirusc9.bin moved successfully.
c:\windows\63f19hreat31562z.cpl moved successfully.
LoadLibrary failed for c:\windows\system32\2494zwo9m185.ocx
c:\windows\system32\2494zwo9m185.ocx NOT unregistered.
c:\windows\system32\2494zwo9m185.ocx moved successfully.
c:\windows\526threaz149545.exe moved successfully.
LoadLibrary failed for c:\windows\system32\13164zroj3e59.ocx
c:\windows\system32\13164zroj3e59.ocx NOT unregistered.
c:\windows\system32\13164zroj3e59.ocx moved successfully.
c:\windows\28590hackt95z786.bin moved successfully.
c:\windows\20z69vi5us509.bin moved successfully.
LoadLibrary failed for c:\windows\31301troz5099.dll
c:\windows\31301troz5099.dll NOT unregistered.
c:\windows\31301troz5099.dll moved successfully.
c:\windows\system32\1dz8spywa5e27159.exe moved successfully.
c:\windows\system32\6aabdowzload952576.bin moved successfully.
LoadLibrary failed for c:\windows\4993stealz5915.dll
c:\windows\4993stealz5915.dll NOT unregistered.
c:\windows\4993stealz5915.dll moved successfully.
c:\windows\system32\5z34downlo9der5463.cpl moved successfully.
Error: Unable to interpret <:\windows\14z519pye0.bin> in the current context!
Error: Unable to interpret <:\windows\system32\44645hzef3909.bin> in the current context!
Error: Unable to interpret <c:\windows\1z996troj557.cpl> in the current context!
Error: Unable to interpret <c:\windows\system32\655ethze9t16555.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\28z59pyware2370.bin> in the current context!
Error: Unable to interpret <c:\windows\system32\5914tr5z6b5.cpl> in the current context!
Error: Unable to interpret <c:\windows\system32\144zt9rea525322.exe> in the current context!
Error: Unable to interpret <c:\windows\18323tzo56249.exe> in the current context!
Error: Unable to interpret <C:\b7de13d1310c3b8a276bd01e1e6be6b6> in the current context!
Error: Unable to interpret <C:\7ce7a3eca54f62f94704b69629> in the current context!
Error: Unable to interpret <c:\windows\system32\59d6sparsez757.cpl> in the current context!
Error: Unable to interpret <c:\windows\system32\12359spam5otz90.cpl> in the current context!
Error: Unable to interpret <c:\windows\system32\745own9oazer3164.cpl> in the current context!
Error: Unable to interpret <c:\windows\system32\1457sparze9566.cpl> in the current context!
Error: Unable to interpret <c:\windows\system32\39653sz5507.bin> in the current context!
Error: Unable to interpret <c:\windows\7d995ir1z19.ocx> in the current context!
Error: Unable to interpret <c:\windows\system32\102z4not-a-vir9s51f.ocx> in the current context!
Error: Unable to interpret <c:\windows\system32\1621down9oa5ez1569.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\129z5sp97df5.ocx> in the current context!
Error: Unable to interpret <c:\windows\system32\69zdspyware59.bin> in the current context!
Error: Unable to interpret <c:\windows\53c9v9rz8585.bin> in the current context!
Error: Unable to interpret <c:\windows\44f5s5arse1389z.bin> in the current context!
Error: Unable to interpret <c:\windows\6283tzr5at29901.dll> in the current context!
Error: Unable to interpret <c:\windows\15540vi9us5za.cpl> in the current context!
Error: Unable to interpret <c:\windows\d9z5ir538.cpl> in the current context!
Error: Unable to interpret <c:\windows\z469parse13635.ocx> in the current context!
Error: Unable to interpret <c:\windows\system32\691zba5kdoor809.exe> in the current context!
Error: Unable to interpret <c:\windows\95495zoj993.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\1667ztro95c9.bin> in the current context!
Error: Unable to interpret <c:\windows\system32\91395troj1z5.dll> in the current context!
Error: Unable to interpret <c:\windows\4558bzckdoor9197.exe> in the current context!
Error: Unable to interpret <c:\windows\c9bv5z3193.ocx> in the current context!
Error: Unable to interpret <c:\windows\5583zownl9ader2557.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\65fcz9ief2442.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\50c9zhrea55614.bin> in the current context!
Error: Unable to interpret <c:\windows\19324n5t-a-vizus1c6.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\31695not-a-5irus7ze.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\z555wor956b.bin> in the current context!
Error: Unable to interpret <c:\windows\system32\13z12t9oj7af5.dll> in the current context!
Error: Unable to interpret <c:\windows\f56z9ief141.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\555cbazk9oor1686.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\6cf1s5z9se365.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\2348addwa9e241z5.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\15195spamz9t7c1.bin> in the current context!
Error: Unable to interpret <c:\windows\z6a35ddware3209.dll> in the current context!
Error: Unable to interpret <c:\windows\720bzownlo5d9r1921.exe> in the current context!
Error: Unable to interpret <c:\windows\1905znot-a-vi5us669.exe> in the current context!
Error: Unable to interpret <c:\windows\59czsparse917.dll> in the current context!
Error: Unable to interpret <c:\windows\2559spyzare181.bin> in the current context!
Error: Unable to interpret <c:\windows\50d6downzoa5er1975.bin> in the current context!
Error: Unable to interpret <c:\windows\93353spz57b.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\3c319teal514z.bin> in the current context!
Error: Unable to interpret <c:\windows\system32\13805virus9zc5.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\307t5reatz2579.bin> in the current context!
Error: Unable to interpret <c:\windows\system32\12b8stza920245.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\7eacb5ckdo9r2z89.bin> in the current context!
Error: Unable to interpret <c:\windows\90z3worm695.exe> in the current context!
Error: Unable to interpret <c:\windows\6b45st9al20z1.exe> in the current context!
Error: Unable to interpret <c:\windows\system32\2e6fdownzoad9r950.dll> in the current context!
Error: Unable to interpret <c:\windows\3521zspy89.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\7f98vir94z5.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\5585sp9ware3098z.dll> in the current context!
Error: Unable to interpret <c:\windows\5772st9al1z54.dll> in the current context!
Error: Unable to interpret <c:\windows\4490threaz153295.exe> in the current context!
Error: Unable to interpret <c:\windows\110bdo9nzoader2125.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\7ad9th5zf179.dll> in the current context!
Error: Unable to interpret <c:\windows\14997wo5z240.bin> in the current context!
Error: Unable to interpret <c:\windows\system32\6959threzt4605.bin> in the current context!
Error: Unable to interpret <c:\windows\system32\knnmp.bak1> in the current context!
Error: Unable to interpret <c:\windows\system32\knnmp.bak2> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2445940 bytes
->Temporary Internet Files folder emptied: 112161 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ike Moeckly
->Temp folder emptied: 2993 bytes
->Temporary Internet Files folder emptied: 26098821 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2853330 bytes

User: Moeckly Fabrications
->Temp folder emptied: 222 bytes
->Temporary Internet Files folder emptied: 1641976 bytes

User: NetworkService
->Temp folder emptied: 11202 bytes
->Temporary Internet Files folder emptied: 90195080 bytes

User: Vicki Moeckly
->Temp folder emptied: 144282913 bytes
->Temporary Internet Files folder emptied: 132805894 bytes
->Java cache emptied: 23378048 bytes
->FireFox cache emptied: 83409449 bytes
->Apple Safari cache emptied: 27628708 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4422848 bytes
File delete failed. C:\WINDOWS\temp\TMP000000183CB55A2B857F0E10 scheduled to be deleted on reboot.
Windows Temp folder emptied: 44622340 bytes
RecycleBin emptied: 62010139 bytes

Total Files Cleaned = 616.05 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11092009_023027

Files moved on Reboot...
File C:\WINDOWS\temp\TMP000000183CB55A2B857F0E10 not found!

Registry entries deleted on Reboot...




DDS (Ver_09-10-26.01) - NTFSx86
Run by Vicki Moeckly at 2:37:17.12 on Mon 11/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.537 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vicki Moeckly\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://desmoines.mediacomtoday.com/community/index.php
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: oprah.com\www2
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vickim~1\applic~1\mozilla\firefox\profiles\9xjhl0i2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-21 28552]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

=============== Created Last 30 ================

2009-11-20 08:28:27 3262 ----a-w- c:\windows\14z519pye0.bin
2009-11-19 06:38:37 11706 ----a-w- c:\windows\system32\44645hzef3909.bin
2009-11-18 20:46:35 11899 ----a-w- c:\windows\1z996troj557.cpl
2009-11-12 21:23:36 6648 ----a-w- c:\windows\system32\655ethze9t16555.dll
2009-11-12 06:22:14 3051 ----a-w- c:\windows\system32\28z59pyware2370.bin
2009-11-10 23:35:40 12387 ----a-w- c:\windows\system32\5914tr5z6b5.cpl
2009-11-10 12:36:55 5635 ----a-w- c:\windows\system32\144zt9rea525322.exe
2009-11-09 08:30:27 0 d-----w- C:\_OTM
2009-11-09 08:00:50 14028 ----a-w- c:\windows\18323tzo56249.exe
2009-11-09 04:58:57 0 d-----w- c:\docume~1\vickim~1\applic~1\Malwarebytes
2009-11-09 04:58:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 04:58:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 04:58:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 04:58:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-08 04:19:50 0 d-----w- C:\b7de13d1310c3b8a276bd01e1e6be6b6
2009-11-07 18:39:47 0 d-----w- C:\7ce7a3eca54f62f94704b69629
2009-11-07 01:05:48 9328 ----a-w- c:\windows\system32\59d6sparsez757.cpl
2009-11-06 22:28:49 16759 ----a-w- c:\windows\system32\12359spam5otz90.cpl
2009-11-06 22:17:21 6235 ----a-w- c:\windows\system32\745own9oazer3164.cpl
2009-11-05 15:20:07 15807 ----a-w- c:\windows\system32\1457sparze9566.cpl
2009-11-02 14:34:00 10204 ----a-w- c:\windows\system32\39653sz5507.bin
2009-11-01 01:28:34 18196 ----a-w- c:\windows\7d995ir1z19.ocx
2009-10-25 00:36:55 17054 ----a-w- c:\windows\system32\102z4not-a-vir9s51f.ocx
2009-10-22 04:47:52 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-22 01:27:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 16:00:12 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-21 16:00:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-21 08:24:34 13815 ----a-w- c:\windows\system32\1621down9oa5ez1569.exe
2009-10-21 00:40:17 4065 ----a-w- c:\windows\system32\129z5sp97df5.ocx
2009-10-20 05:32:10 10923 ----a-w- c:\windows\system32\69zdspyware59.bin
2009-10-17 23:03:11 7392 ----a-w- c:\windows\53c9v9rz8585.bin
2009-10-17 00:47:24 13888 ----a-w- c:\windows\44f5s5arse1389z.bin
2009-10-16 01:11:56 12956 ----a-w- c:\windows\6283tzr5at29901.dll
2009-10-15 19:08:00 13507 ----a-w- c:\windows\15540vi9us5za.cpl
2009-10-15 06:10:34 7993 ----a-w- c:\windows\d9z5ir538.cpl
2009-10-14 12:12:50 4683 ----a-w- c:\windows\z469parse13635.ocx
2009-10-13 18:57:00 13565 ----a-w- c:\windows\system32\691zba5kdoor809.exe
2009-10-12 14:17:21 11842 ----a-w- c:\windows\95495zoj993.dll
2009-10-12 05:14:04 16811 ----a-w- c:\windows\system32\1667ztro95c9.bin
2009-10-12 00:13:11 9563 ----a-w- c:\windows\system32\91395troj1z5.dll
2009-10-11 00:51:56 3333 ----a-w- c:\windows\4558bzckdoor9197.exe
2009-10-10 10:44:02 17460 ----a-w- c:\windows\c9bv5z3193.ocx

==================== Find3M ====================

2009-10-07 20:45:59 4017 ----a-w- c:\windows\5583zownl9ader2557.dll
2009-10-07 11:02:53 4209 ----a-w- c:\windows\system32\65fcz9ief2442.exe
2009-10-06 02:49:02 8405 ----a-w- c:\windows\system32\50c9zhrea55614.bin
2009-10-05 03:33:14 5023 ----a-w- c:\windows\19324n5t-a-vizus1c6.exe
2009-10-04 18:37:44 7655 ----a-w- c:\windows\system32\31695not-a-5irus7ze.dll
2009-10-04 16:19:33 14140 ----a-w- c:\windows\system32\z555wor956b.bin
2009-10-04 02:15:08 5360 ----a-w- c:\windows\system32\13z12t9oj7af5.dll
2009-09-28 22:27:46 29696 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-27 23:43:27 11727 ----a-w- c:\windows\f56z9ief141.dll
2009-09-26 19:22:45 17668 ----a-w- c:\windows\system32\555cbazk9oor1686.dll
2009-09-24 19:25:39 16270 ----a-w- c:\windows\system32\6cf1s5z9se365.dll
2009-09-23 06:44:24 4158 ----a-w- c:\windows\system32\2348addwa9e241z5.exe
2009-09-19 07:57:05 7044 ----a-w- c:\windows\system32\15195spamz9t7c1.bin
2009-09-19 00:04:17 18263 ----a-w- c:\windows\z6a35ddware3209.dll
2009-09-16 10:01:05 3022 ----a-w- c:\windows\720bzownlo5d9r1921.exe
2009-09-15 00:31:47 15222 ----a-w- c:\windows\1905znot-a-vi5us669.exe
2009-09-13 12:14:57 17583 ----a-w- c:\windows\59czsparse917.dll
2009-09-12 23:29:31 2930 ----a-w- c:\windows\2559spyzare181.bin
2009-09-12 20:02:00 16440 ----a-w- c:\windows\50d6downzoa5er1975.bin
2009-09-12 15:27:55 5517 ----a-w- c:\windows\93353spz57b.exe
2009-09-11 17:14:39 8827 ----a-w- c:\windows\system32\3c319teal514z.bin
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 00:19:51 4576 ----a-w- c:\windows\system32\13805virus9zc5.dll
2009-09-06 22:22:35 9221 ----a-w- c:\windows\system32\307t5reatz2579.bin
2009-09-06 05:35:31 6608 ----a-w- c:\windows\system32\12b8stza920245.exe
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 08:40:40 4756 ----a-w- c:\windows\system32\7eacb5ckdo9r2z89.bin
2009-09-03 06:26:25 15923 ----a-w- c:\windows\90z3worm695.exe
2009-09-03 01:53:44 6668 ----a-w- c:\windows\6b45st9al20z1.exe
2009-09-02 22:34:17 5246 ----a-w- c:\windows\system32\2e6fdownzoad9r950.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 09:15:54 5699 ----a-w- c:\windows\3521zspy89.dll
2009-08-26 14:07:03 3377 ----a-w- c:\windows\system32\7f98vir94z5.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 07:49:31 11103 ----a-w- c:\windows\system32\5585sp9ware3098z.dll
2009-08-24 16:08:52 12851 ----a-w- c:\windows\5772st9al1z54.dll
2009-08-21 00:53:10 12113 ----a-w- c:\windows\4490threaz153295.exe
2009-08-20 15:59:54 12901 ----a-w- c:\windows\110bdo9nzoader2125.dll
2009-08-19 17:48:58 6697 ----a-w- c:\windows\system32\7ad9th5zf179.dll
2009-08-15 13:11:41 4189 ----a-w- c:\windows\14997wo5z240.bin
2009-08-12 22:43:46 17672 ----a-w- c:\windows\system32\6959threzt4605.bin
2007-01-07 07:01:23 847040 --sh--w- c:\windows\system32\knnmp.bak1
2007-01-07 10:02:05 847180 --sh--w- c:\windows\system32\knnmp.bak2
2009-01-16 14:34:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011620090117\index.dat

============= FINISH: 2:37:53.68 ===============

#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:37 AM

Posted 09 November 2009 - 05:06 AM

Hi,

My apologies, I made a minor error in that script causing it to only delete some of the files I wanted it to delete. Please run OTM again with this script to get the rest of them.

:files
c:\windows\14z519pye0.bin
c:\windows\system32\44645hzef3909.bin
c:\windows\1z996troj557.cpl
c:\windows\system32\655ethze9t16555.dll
c:\windows\system32\28z59pyware2370.bin
c:\windows\system32\5914tr5z6b5.cpl
c:\windows\system32\144zt9rea525322.exe
c:\windows\18323tzo56249.exe
C:\b7de13d1310c3b8a276bd01e1e6be6b6
C:\7ce7a3eca54f62f94704b69629
c:\windows\system32\59d6sparsez757.cpl
c:\windows\system32\12359spam5otz90.cpl
c:\windows\system32\745own9oazer3164.cpl
c:\windows\system32\1457sparze9566.cpl
c:\windows\system32\39653sz5507.bin
c:\windows\7d995ir1z19.ocx
c:\windows\system32\102z4not-a-vir9s51f.ocx
c:\windows\system32\1621down9oa5ez1569.exe
c:\windows\system32\129z5sp97df5.ocx
c:\windows\system32\69zdspyware59.bin
c:\windows\53c9v9rz8585.bin
c:\windows\44f5s5arse1389z.bin
c:\windows\6283tzr5at29901.dll
c:\windows\15540vi9us5za.cpl
c:\windows\d9z5ir538.cpl
c:\windows\z469parse13635.ocx
c:\windows\system32\691zba5kdoor809.exe
c:\windows\95495zoj993.dll
c:\windows\system32\1667ztro95c9.bin
c:\windows\system32\91395troj1z5.dll
c:\windows\4558bzckdoor9197.exe
c:\windows\c9bv5z3193.ocx
c:\windows\5583zownl9ader2557.dll
c:\windows\system32\65fcz9ief2442.exe
c:\windows\system32\50c9zhrea55614.bin
c:\windows\19324n5t-a-vizus1c6.exe
c:\windows\system32\31695not-a-5irus7ze.dll
c:\windows\system32\z555wor956b.bin
c:\windows\system32\13z12t9oj7af5.dll
c:\windows\f56z9ief141.dll
c:\windows\system32\555cbazk9oor1686.dll
c:\windows\system32\6cf1s5z9se365.dll
c:\windows\system32\2348addwa9e241z5.exe
c:\windows\system32\15195spamz9t7c1.bin
c:\windows\z6a35ddware3209.dll
c:\windows\720bzownlo5d9r1921.exe
c:\windows\1905znot-a-vi5us669.exe
c:\windows\59czsparse917.dll
c:\windows\2559spyzare181.bin
c:\windows\50d6downzoa5er1975.bin
c:\windows\93353spz57b.exe
c:\windows\system32\3c319teal514z.bin
c:\windows\system32\13805virus9zc5.dll
c:\windows\system32\307t5reatz2579.bin
c:\windows\system32\12b8stza920245.exe
c:\windows\system32\7eacb5ckdo9r2z89.bin
c:\windows\90z3worm695.exe
c:\windows\6b45st9al20z1.exe
c:\windows\system32\2e6fdownzoad9r950.dll
c:\windows\3521zspy89.dll
c:\windows\system32\7f98vir94z5.dll
c:\windows\system32\5585sp9ware3098z.dll
c:\windows\5772st9al1z54.dll
c:\windows\4490threaz153295.exe
c:\windows\110bdo9nzoader2125.dll
c:\windows\system32\7ad9th5zf179.dll
c:\windows\14997wo5z240.bin
c:\windows\system32\6959threzt4605.bin
c:\windows\system32\knnmp.bak1
c:\windows\system32\knnmp.bak2

:Commands
[emptytemp]
[Reboot]



Things are looking better. I just want to run an online AV scan to get a second opinion. Otherwise, we are pretty much there.

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Please post one more DDS log. If everything is running well your end, we can wrap things up in the next post.

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 Steve Whalen

Steve Whalen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 09 November 2009 - 10:11 PM

Okay, did OTM again. Here is the Eset log and a new DDS.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=37750c57f59c4848a69b938bdec48640
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-10 01:26:16
# local_time=2009-11-09 07:26:16 (-0600, Central Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 88735332 88735332 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=73478
# found=10
# cleaned=0
# scan_time=2441
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinKoobface1.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinKoobface3.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\VundoFix Backups\hjkmp.bak1.bad Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\VundoFix Backups\hjkmp.bak2.bad Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\VundoFix Backups\hjkmp.ini.bad Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\VundoFix Backups\hjkmp.ini2.bad Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\VundoFix Backups\hjkmp.tmp.bad Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINDOWS\system32\mpsfrtdf.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\11092009_183716\windows\system32\knnmp.bak1 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\11092009_183716\windows\system32\knnmp.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I




DDS (Ver_09-10-26.01) - NTFSx86
Run by Vicki Moeckly at 21:04:53.85 on Mon 11/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.504 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Vicki Moeckly\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://desmoines.mediacomtoday.com/community/index.php
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: oprah.com\www2
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vickim~1\applic~1\mozilla\firefox\profiles\9xjhl0i2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-21 28552]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

=============== Created Last 30 ================

2009-11-10 00:42:54 0 d-----w- c:\program files\ESET
2009-11-09 08:30:27 0 d-----w- C:\_OTM
2009-11-09 04:58:57 0 d-----w- c:\docume~1\vickim~1\applic~1\Malwarebytes
2009-11-09 04:58:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 04:58:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 04:58:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 04:58:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 04:47:52 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-22 01:27:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 16:00:12 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-21 16:00:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2009-09-28 22:27:46 29696 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-01-16 14:34:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011620090117\index.dat

============= FINISH: 21:05:25.15 ===============

#8 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:37 AM

Posted 10 November 2009 - 04:03 AM

Looking good, how are things running?
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users