Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something? worm i think


  • This topic is locked This topic is locked
16 replies to this topic

#1 dan25

dan25

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 11 December 2009 - 06:53 PM

When i start my computer i get a pop up window that tells me...

Spyware Alert!
Security Warning!
Worm.win32.Netsky detected on your machine.
the virus is destributed via the internet through e-mail and Active-x objects.
the worm has its own SMTP engine which means it gathers e-mails from your local compter and re-distributes itself.
In worst cases this worm can allow attachers to access your computer, stealing passwords and personal data.
Viruses can damage your confidential data and wonk on your computer.
Continue working in unportected mode is very dangerous.

Type: Virus
System affected: Windows, 200, NT, ME, XP, VISTA, 7
Security risk(0-5): 5
Recomendations: It is necessary to perform a full system scan.

If i try to press Ctrl/Alt/Delete it says that "task manager has been disabled by your administrator."
Also i have a new background that says "YOUR SYSTEM IS INFECTED!" and when i right click the desktop to change the background, the background options are disabled as well.
Please help! I installed HOUSECALL and it says that it fixes all the problems, but the issues above still remain. HOUSECALL only helps my computer to run a little smoother again.
I attached the log file for the hijackthis program that i downloaded and i need to know which programs i should "fix" with the hijackthis program.
PLEASE HELP!
- Dan

Attached Files


Edited by dan25, 11 December 2009 - 06:56 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:36 PM

Posted 12 December 2009 - 10:32 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 dan25

dan25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 14 December 2009 - 12:23 AM

i was able to download Malwarebytes Anti-Malware, but when i install it, the program does nothing... when i click on the file to open it it asks me to browse for the file cause the mbam.exe is missing... is there anyother programs i can use? I already have "HijackThis", "Trend Micro RUBotted", and "Housecall".

#4 dan25

dan25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 14 December 2009 - 12:29 AM

OTL did work! here are the 2 logs...

"Extras.Txt - Notepad"

OTL Extras logfile created on: 12/12/2009 11:24:59 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 617.28 Mb Available Physical Memory | 60.36% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.30% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 275.00 Gb Free Space | 92.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-BZB8R9HHF6
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{76703039-C98C-4e62-A12C-4D7066BE9985}" = The Sims™ 2 University Life Collection
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"ATI Display Driver" = ATI Display Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"HijackThis" = HijackThis 2.0.2
"InterActual Player" = InterActual Player
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"PROSet" = Intel® PRO Network Adapters and Drivers
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"WOLAPI" = Westwood Shared Internet Components

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2009 4:21:21 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - A required privilege is not held by
the client.

Error - 12/11/2009 4:21:26 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - A required privilege is not held
by the client. for C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 12/11/2009 4:21:26 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - A required privilege is not held by
the client.

Error - 12/11/2009 4:21:31 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - A required privilege is not held
by the client. for C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 12/11/2009 4:21:31 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - A required privilege is not held by
the client.

Error - 12/11/2009 4:21:32 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - A required privilege is not held
by the client. for C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 12/11/2009 4:21:32 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - A required privilege is not held by
the client.

Error - 12/13/2009 2:08:40 AM | Computer Name = YOUR-BZB8R9HHF6 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - A required privilege is not held
by the client. for C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 12/13/2009 2:08:40 AM | Computer Name = YOUR-BZB8R9HHF6 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - A required privilege is not held by
the client.

Error - 12/13/2009 2:08:47 AM | Computer Name = YOUR-BZB8R9HHF6 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - A required privilege is not held
by the client. for C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

[ System Events ]
Error - 12/10/2009 8:32:16 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/10/2009 9:06:59 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 12/10/2009 9:34:28 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/10/2009 9:34:28 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/11/2009 3:28:43 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/11/2009 3:28:43 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/11/2009 4:20:20 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/11/2009 4:20:20 PM | Computer Name = YOUR-BZB8R9HHF6 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/13/2009 2:07:58 AM | Computer Name = YOUR-BZB8R9HHF6 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/13/2009 2:07:58 AM | Computer Name = YOUR-BZB8R9HHF6 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >




AND THE SECOND ONE...

"OTL.Txt - Notepad"

OTL logfile created on: 12/12/2009 11:24:59 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 617.28 Mb Available Physical Memory | 60.36% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.30% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 275.00 Gb Free Space | 92.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-BZB8R9HHF6
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/24 16:25:29 | 00,057,860 | -H-- | M] (tzuk) -- C:\Documents and Settings\Administrator\Local Settings\Temp\setup.exe
PRC - [2009/12/24 16:25:15 | 00,015,001 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\zjhak9xwmk.exe
PRC - [2009/12/24 16:24:59 | 00,040,960 | ---- | M] () -- C:\WINDOWS\system32\winupdate86.exe
PRC - [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msp.exe
PRC - [2009/12/12 23:24:14 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2009/11/02 19:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/11/06 11:33:56 | 00,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/11/06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
PRC - [2008/08/15 15:21:52 | 00,884,795 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe
PRC - [2003/04/28 21:28:44 | 00,254,037 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2003/04/28 20:00:00 | 00,323,584 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2002/08/29 04:00:00 | 01,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/08/29 04:00:00 | 00,208,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
PRC - [2002/08/29 04:00:00 | 00,091,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/24 16:25:39 | 00,057,344 | ---- | M] (微软公司) -- C:\WINDOWS\system32\xm1985.dll
MOD - [2009/12/12 23:24:14 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2009/09/24 16:25:21 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\system32\dofodiro.dll
MOD - [2009/09/10 13:50:17 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\kufoluru.dll
MOD - [2002/08/29 04:00:00 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/11/06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2003/04/28 21:28:44 | 00,254,037 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/04/28 20:00:00 | 00,114,775 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2002/08/29 04:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-484061587-682003330-500\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-790525478-484061587-682003330-500\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.blastoffnetwork.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/13 14:04:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/12 17:49:48 | 00,000,000 | ---D | M]

[2009/09/27 18:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/09/27 18:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mq4jj4f1.default\extensions
[2009/12/10 12:51:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\System32\db2gfj.dll) - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\System32\db2gfj.dll File not found
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [huabwobh] C:\Documents and Settings\Administrator\Local Settings\Application Data\gfkoam\vjcmsysguard.exe ()
O4 - HKLM..\Run: [MsWerr] C:\WINDOWS\System32\xm1985.DLL (微软公司)
O4 - HKLM..\Run: [ncjjiufo] C:\Documents and Settings\Administrator\Local Settings\Application Data\ddbona\atomsysguard.exe (tzuk)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [vomehopeb] C:\WINDOWS\System32\kufoluru.DLL ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe ()
O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Administrator\Local Settings\Temp\setup.exe (tzuk)
O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [huabwobh] C:\Documents and Settings\Administrator\Local Settings\Application Data\gfkoam\vjcmsysguard.exe ()
O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [Margotte] C:\Documents and Settings\Administrator\Local Settings\Temp\e.exe ()
O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [ncjjiufo] C:\Documents and Settings\Administrator\Local Settings\Application Data\ddbona\atomsysguard.exe (tzuk)
O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [NeoChronos] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe File not found
O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [richtx64.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe File not found
O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\Documents and Settings\Administrator\Local Settings\Temp\zjhak9xwmk.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - AppInit_DLLs: (dofodiro.dll) - C:\WINDOWS\System32\dofodiro.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\kufoluru.dll) - C:\WINDOWS\system32\kufoluru.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe ()
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-3482093705-6928056970-212668742-4387\msimfo32.exe) - C:\RECYCLER\S-1-5-21-3482093705-6928056970-212668742-4387\msimfo32.exe ()
O21 - SSODL: dobobihug - {49d6ba1d-eff0-4840-a891-cbeb4819a1be} - C:\WINDOWS\system32\kufoluru.dll ()
O22 - SharedTaskScheduler: {49d6ba1d-eff0-4840-a891-cbeb4819a1be} - jugezatag - C:\WINDOWS\system32\kufoluru.dll ()
O22 - SharedTaskScheduler: {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - gar873hruefrh87w3hjinhef87w3h7dfd - C:\WINDOWS\System32\db2gfj.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/06 16:53:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/09/06 16:53:28 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - C:\WINDOWS\system32\mspmspsv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2009/12/25 00:00:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/24 19:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware
[2009/12/24 16:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ddbona
[2009/12/24 16:25:39 | 00,057,344 | ---- | C] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
[2009/12/11 14:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/12/11 14:20:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/11 13:16:25 | 00,000,000 | ---D | C] -- C:\NCIS_S5_D1
[2009/12/11 11:54:35 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2009/12/11 11:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Burning
[2009/12/10 14:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\gfkoam
[2009/12/10 13:47:45 | 00,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys
[2009/12/10 13:47:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/10 13:45:38 | 00,000,000 | ---D | C] -- C:\RUBotted
[2009/12/10 13:45:05 | 00,000,000 | ---D | C] -- C:\HiJackThis
[2009/12/10 13:40:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/09/06 17:01:48 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/09/06 16:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/06 16:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/06 16:53:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/06 16:53:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/24 16:25:39 | 00,057,344 | ---- | M] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
[2009/12/24 16:25:03 | 00,008,704 | ---- | M] () -- C:\ryiasu.exe
[2009/12/24 16:25:02 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
[2009/12/24 16:24:59 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\winupdate86.exe
[2009/12/24 16:24:59 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\winlogon86.exe
[2009/12/24 16:24:59 | 00,040,960 | ---- | M] () -- C:\pdvwd.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msp.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\mso.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msn.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msm.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msl.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msk.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msj.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msi.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msh.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msg.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msf.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\mse.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msd.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msc.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msb.exe
[2009/12/23 23:31:18 | 00,108,032 | RHS- | M] () -- C:\WINDOWS\System32\drmstorr.dll
[2009/12/12 23:23:42 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\pizezozi
[2009/12/12 23:23:07 | 00,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/12/12 22:52:00 | 00,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/12/12 22:08:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/12 22:08:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/12 22:08:15 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/12 22:07:39 | 00,000,328 | -HS- | M] () -- C:\WINDOWS\tasks\Tesgmu.job
[2009/12/12 22:07:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/12 22:07:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/12 22:07:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/11 14:25:03 | 00,029,124 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/11 14:25:03 | 00,029,124 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/11 14:25:03 | 00,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/11 14:25:03 | 00,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/11 14:25:03 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
[2009/12/11 14:25:03 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
[2009/12/11 14:24:42 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/11 14:24:42 | 00,000,180 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/12/11 14:24:34 | 05,811,658 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/12/11 11:57:51 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/10 15:03:55 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 15:03:55 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 15:03:55 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 14:41:36 | 00,261,888 | ---- | M] () -- C:\ccu.exe
[2009/12/10 13:49:05 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/12/10 13:30:01 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BackGrounds.lnk
[2009/12/10 13:07:01 | 00,000,966 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Housecall Launcher.lnk
[2009/12/10 13:02:31 | 00,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2009/12/10 12:54:09 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/24 23:46:46 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msh.exe
[2009/12/24 23:44:27 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msg.exe
[2009/12/24 21:58:14 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msf.exe
[2009/12/24 21:56:17 | 00,227,328 | ---- | C] () -- C:\WINDOWS\mse.exe
[2009/12/24 19:17:54 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msd.exe
[2009/12/24 19:15:38 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msc.exe
[2009/12/24 16:25:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/24 16:25:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/24 16:25:05 | 00,002,854 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/24 16:25:03 | 00,008,704 | ---- | C] () -- C:\ryiasu.exe
[2009/12/24 16:25:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\winupdate86.exe
[2009/12/24 16:25:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\winlogon86.exe
[2009/12/24 16:25:00 | 00,135,168 | ---- | C] () -- C:\dcgwhpoh.exe
[2009/12/24 16:24:59 | 00,040,960 | ---- | C] () -- C:\pdvwd.exe
[2009/12/24 15:54:20 | 00,261,888 | ---- | C] () -- C:\ccu.exe
[2009/12/24 15:39:42 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msb.exe
[2009/12/23 23:31:59 | 00,000,300 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/12/23 23:31:53 | 00,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/12/23 23:31:18 | 00,108,032 | RHS- | C] () -- C:\WINDOWS\System32\drmstorr.dll
[2009/12/23 23:31:18 | 00,000,328 | -HS- | C] () -- C:\WINDOWS\tasks\Tesgmu.job
[2009/12/12 22:08:23 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msp.exe
[2009/12/11 11:29:15 | 00,227,328 | ---- | C] () -- C:\WINDOWS\mso.exe
[2009/12/10 17:35:01 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msn.exe
[2009/12/10 16:36:33 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msm.exe
[2009/12/10 16:14:39 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msl.exe
[2009/12/10 15:16:27 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msk.exe
[2009/12/10 14:40:28 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msj.exe
[2009/12/10 13:49:05 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/12/10 13:30:01 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BackGrounds.lnk
[2009/12/10 13:07:01 | 00,000,966 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Housecall Launcher.lnk
[2009/12/10 13:02:31 | 00,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/12/10 12:54:09 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/12/10 12:50:31 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msi.exe
[2009/10/07 20:12:15 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/24 16:25:21 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\seyinese.dll
[2009/09/24 16:25:21 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\dofodiro.dll
[2009/09/24 16:25:21 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\dayevese.dll
[2009/09/24 14:27:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/09/24 14:27:03 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/10 13:50:18 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\dobojobe.dll
[2009/09/10 13:50:17 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\kufoluru.dll
[2009/09/10 13:50:17 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pehuraba.dll
[2009/09/06 21:39:27 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/09/06 20:40:38 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/09/06 17:12:14 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/09/06 17:12:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/09/06 17:01:27 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2009/09/06 16:58:00 | 00,173,056 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2003/04/28 21:28:50 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2002/08/29 04:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1997/06/13 17:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/11/15 14:14:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FOG Downloader
[2009/12/12 22:07:39 | 00,000,328 | -HS- | M] () -- C:\WINDOWS\Tasks\Tesgmu.job
[2009/12/12 23:23:07 | 00,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/12/12 22:52:00 | 00,000,300 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/12/10 14:41:36 | 00,261,888 | ---- | M] () -- C:\ccu.exe
[2009/12/24 16:25:02 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
[2009/12/24 16:24:59 | 00,040,960 | ---- | M] () -- C:\pdvwd.exe
[2009/12/24 16:25:03 | 00,008,704 | ---- | M] () -- C:\ryiasu.exe


< MD5 for: AGP440.SYS >
[2001/08/17 12:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\dllcache\agp440.sys
[2001/08/17 12:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2009/12/11 12:38:36 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/11 12:38:36 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\drivers\atapi.sys
[2002/08/29 04:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2002/08/29 04:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2002/08/29 04:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2002/08/29 04:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2002/08/29 04:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2002/08/29 04:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2002/08/29 04:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:36 PM

Posted 14 December 2009 - 08:15 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2009/09/24 16:25:21 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\system32\dofodiro.dll
    MOD - [2009/09/10 13:50:17 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\kufoluru.dll
    O2 - BHO: (C:\WINDOWS\System32\db2gfj.dll) - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\System32\db2gfj.dll File not found
    O4 - HKLM..\Run: [huabwobh] C:\Documents and Settings\Administrator\Local Settings\Application Data\gfkoam\vjcmsysguard.exe ()
    O4 - HKLM..\Run: [MsWerr] C:\WINDOWS\System32\xm1985.DLL (微软公司)
    O4 - HKLM..\Run: [ncjjiufo] C:\Documents and Settings\Administrator\Local Settings\Application Data\ddbona\atomsysguard.exe (tzuk)
    O4 - HKLM..\Run: [vomehopeb] C:\WINDOWS\System32\kufoluru.DLL ()
    O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe ()
    O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Administrator\Local Settings\Temp\setup.exe (tzuk)
    O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [huabwobh] C:\Documents and Settings\Administrator\Local Settings\Application Data\gfkoam\vjcmsysguard.exe ()
    O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [Margotte] C:\Documents and Settings\Administrator\Local Settings\Temp\e.exe ()
    O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [ncjjiufo] C:\Documents and Settings\Administrator\Local Settings\Application Data\ddbona\atomsysguard.exe (tzuk)
    O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [NeoChronos] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe File not found
    O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [richtx64.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe File not found
    O4 - HKU\S-1-5-21-790525478-484061587-682003330-500..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\Documents and Settings\Administrator\Local Settings\Temp\zjhak9xwmk.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O20 - AppInit_DLLs: (dofodiro.dll) - C:\WINDOWS\System32\dofodiro.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\kufoluru.dll) - C:\WINDOWS\system32\kufoluru.dll ()
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe ()
    O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-3482093705-6928056970-212668742-4387\msimfo32.exe) - C:\RECYCLER\S-1-5-21-3482093705-6928056970-212668742-4387\msimfo32.exe ()
    O21 - SSODL: dobobihug - {49d6ba1d-eff0-4840-a891-cbeb4819a1be} - C:\WINDOWS\system32\kufoluru.dll ()
    O22 - SharedTaskScheduler: {49d6ba1d-eff0-4840-a891-cbeb4819a1be} - jugezatag - C:\WINDOWS\system32\kufoluru.dll ()
    O22 - SharedTaskScheduler: {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - gar873hruefrh87w3hjinhef87w3h7dfd - C:\WINDOWS\System32\db2gfj.dll File not found
    [2009/12/24 16:25:39 | 00,057,344 | ---- | M] (微软公司) -- C:\WINDOWS\System32\xm1985.dll
    [2009/12/24 16:25:03 | 00,008,704 | ---- | M] () -- C:\ryiasu.exe
    [2009/12/24 16:25:02 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
    [2009/12/24 16:24:59 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\winupdate86.exe
    [2009/12/24 16:24:59 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\winlogon86.exe
    [2009/12/24 16:24:59 | 00,040,960 | ---- | M] () -- C:\pdvwd.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msp.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\mso.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msn.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msm.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msl.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msk.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msj.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msi.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msh.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msg.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msf.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\mse.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msd.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msc.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msb.exe
    [2009/12/23 23:31:18 | 00,108,032 | RHS- | M] () -- C:\WINDOWS\System32\drmstorr.dll
    [2009/12/12 23:23:42 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\pizezozi
    [2009/12/12 23:23:07 | 00,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2009/12/12 22:52:00 | 00,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2009/12/12 22:08:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
    [2009/12/12 22:08:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
    [2009/12/12 22:08:15 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
    [2009/12/12 22:07:39 | 00,000,328 | -HS- | M] () -- C:\WINDOWS\tasks\Tesgmu.job
    [2009/09/24 16:25:21 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\seyinese.dll
    [2009/09/24 16:25:21 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\dofodiro.dll
    [2009/09/24 16:25:21 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\dayevese.dll
    [2009/09/10 13:50:18 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\dobojobe.dll
    [2009/09/10 13:50:17 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\kufoluru.dll
    [2009/09/10 13:50:17 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pehuraba.dll
    [2009/12/10 14:41:36 | 00,261,888 | ---- | M] () -- C:\ccu.exe
    [2009/12/24 16:25:02 | 00,135,168 | ---- | M] () -- C:\dcgwhpoh.exe
    [2009/12/24 16:24:59 | 00,040,960 | ---- | M] () -- C:\pdvwd.exe
    [2009/12/24 16:25:03 | 00,008,704 | ---- | M] () -- C:\ryiasu.exe
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 dan25

dan25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 14 December 2009 - 12:25 PM

i ran the new otl you gave me and here is the log after my computer restarted itself...

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\huabwobh deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\gfkoam\vjcmsysguard.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MsWerr deleted successfully.
C:\WINDOWS\system32\xm1985.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ncjjiufo deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\ddbona\atomsysguard.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vomehopeb deleted successfully.
C:\WINDOWS\system32\kufoluru.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate86.exe deleted successfully.
C:\WINDOWS\system32\winupdate86.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\setup.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\\huabwobh deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\gfkoam\vjcmsysguard.exe not found.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\\Margotte deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\e.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\\ncjjiufo deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\ddbona\atomsysguard.exe not found.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\\NeoChronos deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\\richtx64.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\\ygua8e7yhuiesfha876yfauy8fe deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\zjhak9xwmk.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:dofodiro.dll deleted successfully.
C:\WINDOWS\system32\dofodiro.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kufoluru.dll deleted successfully.
File C:\WINDOWS\system32\kufoluru.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\System32\winlogon86.exe deleted successfully.
C:\WINDOWS\system32\winlogon86.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\RECYCLER\S-1-5-21-3482093705-6928056970-212668742-4387\msimfo32.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-3482093705-6928056970-212668742-4387\msimfo32.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\dobobihug deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49d6ba1d-eff0-4840-a891-cbeb4819a1be}\ deleted successfully.
File C:\WINDOWS\system32\kufoluru.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{49d6ba1d-eff0-4840-a891-cbeb4819a1be} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49d6ba1d-eff0-4840-a891-cbeb4819a1be}\ deleted successfully.
File C:\WINDOWS\system32\kufoluru.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}\ not found.
File C:\WINDOWS\System32\xm1985.dll not found.
C:\ryiasu.exe moved successfully.
C:\dcgwhpoh.exe moved successfully.
File C:\WINDOWS\System32\winupdate86.exe not found.
File C:\WINDOWS\System32\winlogon86.exe not found.
C:\pdvwd.exe moved successfully.
C:\WINDOWS\msp.exe moved successfully.
C:\WINDOWS\mso.exe moved successfully.
C:\WINDOWS\msn.exe moved successfully.
C:\WINDOWS\msm.exe moved successfully.
C:\WINDOWS\msl.exe moved successfully.
C:\WINDOWS\msk.exe moved successfully.
C:\WINDOWS\msj.exe moved successfully.
C:\WINDOWS\msi.exe moved successfully.
C:\WINDOWS\msh.exe moved successfully.
C:\WINDOWS\msg.exe moved successfully.
C:\WINDOWS\msf.exe moved successfully.
C:\WINDOWS\mse.exe moved successfully.
C:\WINDOWS\msd.exe moved successfully.
C:\WINDOWS\msc.exe moved successfully.
C:\WINDOWS\msb.exe moved successfully.
C:\WINDOWS\system32\drmstorr.dll moved successfully.
C:\WINDOWS\system32\pizezozi moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\WINDOWS\system32\AVR10.exe moved successfully.
C:\WINDOWS\system32\winhelper86.dll moved successfully.
C:\WINDOWS\system32\critical_warning.html moved successfully.
C:\WINDOWS\tasks\Tesgmu.job moved successfully.
C:\WINDOWS\system32\seyinese.dll moved successfully.
File C:\WINDOWS\System32\dofodiro.dll not found.
C:\WINDOWS\system32\dayevese.dll moved successfully.
C:\WINDOWS\system32\dobojobe.dll moved successfully.
File C:\WINDOWS\System32\kufoluru.dll not found.
C:\WINDOWS\system32\pehuraba.dll moved successfully.
C:\ccu.exe moved successfully.
File C:\dcgwhpoh.exe not found.
File C:\pdvwd.exe not found.
File C:\ryiasu.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 252517743 bytes
->Temporary Internet Files folder emptied: 24936824 bytes
->Java cache emptied: 28219295 bytes
->FireFox cache emptied: 50408090 bytes

User: All Users

User: DAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 64477 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1099790 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 328995 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 796441 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 341.84 mb


OTL by OldTimer - Version 3.1.17.0 log created on 12132009_111054

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






When my computer rebooted, the warning popup window that was coming up everytime i start my computer DIDNT pop up this time! so thats good and the warning on my desktop isnt there anymore either but i still cant change the background when i right-click the desktop, the options to change the background are greyed out. But "ctrl-alt-delete" DOES work again! when i re-run otl for another log, do you want me to just paste the same thing you had me paste in for the first otl log? for the quick scan? or do i just hit quick scan with out pasting anything in? let me know and i will try and paste it on here asap, since it seems like my computer is almost fixed! thank you so much!

#7 dan25

dan25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 14 December 2009 - 12:48 PM

HERE IS AN OTL LOG WHEN I HIT QUICK SCAN WITHOUT PASTING ANYTHING IN... IF YOU STILL WANT ME TO RUN IT WITH PASTING IN THE FIRST ONE U GAVE ME JUST LET ME KNOW.


OTL logfile created on: 12/13/2009 11:40:40 AM - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 729.18 Mb Available Physical Memory | 71.30% Memory free
2.40 Gb Paging File | 2.21 Gb Available in Paging File | 91.96% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 275.32 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-BZB8R9HHF6
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/13 11:20:04 | 00,084,232 | ---- | M] (Microsoft corp.) -- C:\Documents and Settings\Administrator\Local Settings\Temp\896.exe
PRC - [2009/12/12 23:24:14 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2009/11/02 19:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/11/06 11:33:56 | 00,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/11/06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
PRC - [2008/08/15 15:21:52 | 00,884,795 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe
PRC - [2003/04/28 21:28:44 | 00,254,037 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2003/04/28 20:00:00 | 00,323,584 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2002/08/29 04:00:00 | 01,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 23:24:14 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2002/08/29 04:00:00 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/11/06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2003/04/28 21:28:44 | 00,254,037 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/04/28 20:00:00 | 00,114,775 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2002/08/29 04:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-484061587-682003330-500\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.blastoffnetwork.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/13 14:04:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/12 17:49:48 | 00,000,000 | ---D | M]

[2009/09/27 18:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/09/27 18:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mq4jj4f1.default\extensions
[2009/12/10 12:51:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {ff6ba193-8cc2-44b7-b88f-0bfdee55c945} - File not found
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [jejanuyoro] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [vomehopeb] C:\WINDOWS\System32\kufoluru.DLL File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - AppInit_DLLs: (dofodiro.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\kufoluru.dll) - C:\WINDOWS\System32\kufoluru.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4192902203-2636251937-030816339-3288\msimfo32.exe) - C:\RECYCLER\S-1-5-21-4192902203-2636251937-030816339-3288\msimfo32.exe ()
O21 - SSODL: dobobihug - {49d6ba1d-eff0-4840-a891-cbeb4819a1be} - C:\WINDOWS\System32\kufoluru.dll File not found
O22 - SharedTaskScheduler: {49d6ba1d-eff0-4840-a891-cbeb4819a1be} - jugezatag - C:\WINDOWS\System32\kufoluru.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/06 16:53:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/25 00:00:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/24 19:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware
[2009/12/24 16:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ddbona
[2009/12/13 11:10:54 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/11 14:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/12/11 14:20:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/11 13:16:25 | 00,000,000 | ---D | C] -- C:\NCIS_S5_D1
[2009/12/11 11:54:35 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2009/12/11 11:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Burning
[2009/12/10 14:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\gfkoam
[2009/12/10 13:47:45 | 00,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys
[2009/12/10 13:47:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/10 13:45:38 | 00,000,000 | ---D | C] -- C:\RUBotted
[2009/12/10 13:45:05 | 00,000,000 | ---D | C] -- C:\HiJackThis
[2009/12/10 13:40:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/09/06 17:01:48 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/09/06 16:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/06 16:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/06 16:53:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/06 16:53:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\mss.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msr.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msq.exe
[2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009/12/13 11:16:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/13 11:16:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 11:15:53 | 00,029,124 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 11:15:53 | 00,029,124 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 11:15:53 | 00,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 11:15:53 | 00,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 11:15:53 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
[2009/12/13 11:15:53 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
[2009/12/13 11:15:31 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/13 11:15:31 | 00,000,180 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/12/13 11:15:02 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\pizezozi
[2009/12/13 11:05:01 | 05,849,870 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/12/12 23:45:51 | 00,000,667 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
[2009/12/12 22:07:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/11 11:57:51 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/10 15:03:55 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 15:03:55 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 15:03:55 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 13:30:01 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BackGrounds.lnk
[2009/12/10 13:07:01 | 00,000,966 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Housecall Launcher.lnk
[2009/12/10 13:02:31 | 00,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2009/12/10 12:54:09 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache

========== Files Created - No Company Name ==========

[2009/12/13 11:07:20 | 00,227,328 | ---- | C] () -- C:\WINDOWS\mss.exe
[2009/12/13 10:47:19 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msr.exe
[2009/12/13 10:37:11 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msq.exe
[2009/12/12 23:45:51 | 00,000,667 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
[2009/12/12 23:43:23 | 00,227,328 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009/12/10 13:30:01 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BackGrounds.lnk
[2009/12/10 13:07:01 | 00,000,966 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Housecall Launcher.lnk
[2009/12/10 13:02:31 | 00,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/12/10 12:54:09 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/10/07 20:12:15 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/24 14:27:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/09/24 14:27:03 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/06 21:39:27 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/09/06 20:40:38 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/09/06 17:12:14 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/09/06 17:12:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/09/06 17:01:27 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2009/09/06 16:58:00 | 00,173,056 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2003/04/28 21:28:50 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2002/08/29 04:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1997/06/13 17:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/11/15 14:14:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FOG Downloader

========== Purity Check ==========


< End of report >

Edited by dan25, 14 December 2009 - 12:49 PM.


#8 dan25

dan25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 14 December 2009 - 12:52 PM

OOPS ... DID YOU NEED ME TO HIT RUN SCAN? SORRY, LET ME KNOW

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:36 PM

Posted 14 December 2009 - 08:53 PM

You did just fine.
We need to run another fix with OTL.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2009/12/13 11:20:04 | 00,084,232 | ---- | M] (Microsoft corp.) -- C:\Documents and Settings\Administrator\Local Settings\Temp\896.exe
    O2 - BHO: (no name) - {ff6ba193-8cc2-44b7-b88f-0bfdee55c945} - File not found
    O4 - HKLM..\Run: [jejanuyoro] File not found
    O4 - HKLM..\Run: [vomehopeb] C:\WINDOWS\System32\kufoluru.DLL File not found
    O20 - AppInit_DLLs: (dofodiro.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\kufoluru.dll) - C:\WINDOWS\System32\kufoluru.dll File not found
    O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4192902203-2636251937-030816339-3288\msimfo32.exe) - C:\RECYCLER\S-1-5-21-4192902203-2636251937-030816339-3288\msimfo32.exe ()
    O21 - SSODL: dobobihug - {49d6ba1d-eff0-4840-a891-cbeb4819a1be} - C:\WINDOWS\System32\kufoluru.dll File not found
    O22 - SharedTaskScheduler: {49d6ba1d-eff0-4840-a891-cbeb4819a1be} - jugezatag - C:\WINDOWS\System32\kufoluru.dll File not found
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\mss.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msr.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msq.exe
    [2009/12/23 23:32:16 | 00,227,328 | ---- | M] () -- C:\WINDOWS\msa.exe
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

====================


As soon as you reboot try running Malwarebytes once again.
If it runs, remove everything it finds and then post the log back here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 dan25

dan25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 14 December 2009 - 11:58 PM

here is the log after i hit "run fix" after i pasted in what you told me to.

All processes killed
========== OTL ==========
No active process named 896.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff6ba193-8cc2-44b7-b88f-0bfdee55c945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff6ba193-8cc2-44b7-b88f-0bfdee55c945}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jejanuyoro not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vomehopeb not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:dofodiro.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kufoluru.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\RECYCLER\S-1-5-21-4192902203-2636251937-030816339-3288\msimfo32.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-4192902203-2636251937-030816339-3288\msimfo32.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\dobobihug not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49d6ba1d-eff0-4840-a891-cbeb4819a1be}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{49d6ba1d-eff0-4840-a891-cbeb4819a1be} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49d6ba1d-eff0-4840-a891-cbeb4819a1be}\ not found.
File C:\WINDOWS\mss.exe not found.
File C:\WINDOWS\msr.exe not found.
File C:\WINDOWS\msq.exe not found.
File C:\WINDOWS\msa.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3426430 bytes

User: All Users

User: DAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.33 mb


OTL by OldTimer - Version 3.1.17.0 log created on 12132009_224511

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...








HERE ARE 2 MORE LOGS, THE FIRST ONE IS THE LOG FROM ME HITTING "QUICK SCAN" WITHOUT "SCAN ALL USERS" CHECKED, AND THE SECOND ONE IS FROM ME HITTING "QUICK SCAN" WITH "SCAN ALL USERS" CHECKED...

FIRST ONE:

OTL logfile created on: 12/13/2009 10:48:43 PM - Run 3
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 765.81 Mb Available Physical Memory | 74.88% Memory free
2.40 Gb Paging File | 2.25 Gb Available in Paging File | 93.67% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 268.65 Gb Free Space | 90.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-BZB8R9HHF6
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 23:24:14 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2009/11/02 19:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/11/06 11:33:56 | 00,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/11/06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
PRC - [2008/08/15 15:21:52 | 00,884,795 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe
PRC - [2003/04/28 21:28:44 | 00,254,037 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2003/04/28 20:00:00 | 00,323,584 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2002/08/29 04:00:00 | 01,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 23:24:14 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2002/08/29 04:00:00 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/11/06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2003/04/28 21:28:44 | 00,254,037 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/04/28 20:00:00 | 00,114,775 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2002/08/29 04:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.blastoffnetwork.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/13 14:04:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/12 17:49:48 | 00,000,000 | ---D | M]

[2009/09/27 18:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/09/27 18:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mq4jj4f1.default\extensions
[2009/12/10 12:51:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/06 16:53:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/25 00:00:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/24 19:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware
[2009/12/24 16:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ddbona
[2009/12/13 11:10:54 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/11 14:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/12/11 14:20:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/11 13:16:25 | 00,000,000 | ---D | C] -- C:\NCIS_S5_D1
[2009/12/11 11:54:35 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2009/12/11 11:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Burning
[2009/12/10 14:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\gfkoam
[2009/12/10 13:47:45 | 00,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys
[2009/12/10 13:47:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/10 13:45:38 | 00,000,000 | ---D | C] -- C:\RUBotted
[2009/12/10 13:45:05 | 00,000,000 | ---D | C] -- C:\HiJackThis
[2009/12/10 13:40:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/09/06 17:01:48 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/09/06 16:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/06 16:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/06 16:53:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/06 16:53:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009/12/13 22:45:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/13 22:45:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 22:45:25 | 00,029,124 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 22:45:25 | 00,029,124 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 22:45:25 | 00,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 22:45:25 | 00,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 22:45:25 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
[2009/12/13 22:45:25 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
[2009/12/13 22:45:22 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/13 22:45:22 | 00,000,180 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/12/13 20:27:07 | 03,202,462 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/12/13 11:15:02 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\pizezozi
[2009/12/12 23:45:51 | 00,000,667 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
[2009/12/12 22:07:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/11 11:57:51 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/10 15:03:55 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 15:03:55 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 15:03:55 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 13:30:01 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BackGrounds.lnk
[2009/12/10 13:07:01 | 00,000,966 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Housecall Launcher.lnk
[2009/12/10 13:02:31 | 00,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2009/12/10 12:54:09 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache

========== Files Created - No Company Name ==========

[2009/12/12 23:45:51 | 00,000,667 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
[2009/12/10 13:30:01 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BackGrounds.lnk
[2009/12/10 13:07:01 | 00,000,966 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Housecall Launcher.lnk
[2009/12/10 13:02:31 | 00,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/12/10 12:54:09 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/10/07 20:12:15 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/24 14:27:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/09/24 14:27:03 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/06 21:39:27 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/09/06 20:40:38 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/09/06 17:12:14 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/09/06 17:12:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/09/06 17:01:27 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2009/09/06 16:58:00 | 00,173,056 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2003/04/28 21:28:50 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2002/08/29 04:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1997/06/13 17:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/11/15 14:14:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FOG Downloader

========== Purity Check ==========


< End of report >





SECOND ONE:

OTL logfile created on: 12/13/2009 10:52:52 PM - Run 3
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 737.59 Mb Available Physical Memory | 72.12% Memory free
2.40 Gb Paging File | 2.23 Gb Available in Paging File | 92.57% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 268.64 Gb Free Space | 90.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-BZB8R9HHF6
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 23:24:14 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2009/11/02 19:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/11/06 11:33:56 | 00,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/11/06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
PRC - [2008/08/15 15:21:52 | 00,884,795 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe
PRC - [2003/04/28 21:28:44 | 00,254,037 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2003/04/28 20:00:00 | 00,323,584 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2002/08/29 04:00:00 | 01,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 23:24:14 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2002/08/29 04:00:00 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/11/06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2003/04/28 21:28:44 | 00,254,037 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/04/28 20:00:00 | 00,114,775 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2002/08/29 04:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-484061587-682003330-500\S-1-5-21-790525478-484061587-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.blastoffnetwork.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/13 14:04:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/12 17:49:48 | 00,000,000 | ---D | M]

[2009/09/27 18:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/09/27 18:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mq4jj4f1.default\extensions
[2009/12/10 12:51:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-484061587-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/06 16:53:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/25 00:00:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/24 19:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware
[2009/12/24 16:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ddbona
[2009/12/13 11:10:54 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/11 14:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/12/11 14:20:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/11 13:16:25 | 00,000,000 | ---D | C] -- C:\NCIS_S5_D1
[2009/12/11 11:54:35 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2009/12/11 11:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Burning
[2009/12/10 14:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\gfkoam
[2009/12/10 13:47:45 | 00,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys
[2009/12/10 13:47:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/10 13:45:38 | 00,000,000 | ---D | C] -- C:\RUBotted
[2009/12/10 13:45:05 | 00,000,000 | ---D | C] -- C:\HiJackThis
[2009/12/10 13:40:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/09/06 17:01:48 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/09/06 16:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/06 16:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/06 16:53:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/06 16:53:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009/12/13 22:45:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/13 22:45:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 22:45:25 | 00,029,124 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 22:45:25 | 00,029,124 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 22:45:25 | 00,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 22:45:25 | 00,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10021102}.rfx
[2009/12/13 22:45:25 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
[2009/12/13 22:45:25 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10021102}.dat
[2009/12/13 22:45:22 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/13 22:45:22 | 00,000,180 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/12/13 20:27:07 | 03,202,462 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/12/13 11:15:02 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\pizezozi
[2009/12/12 23:45:51 | 00,000,667 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
[2009/12/12 22:07:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/11 11:57:51 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/10 15:03:55 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 15:03:55 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 15:03:55 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 13:30:01 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BackGrounds.lnk
[2009/12/10 13:07:01 | 00,000,966 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Housecall Launcher.lnk
[2009/12/10 13:02:31 | 00,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2009/12/10 12:54:09 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache

========== Files Created - No Company Name ==========

[2009/12/12 23:45:51 | 00,000,667 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
[2009/12/10 13:30:01 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BackGrounds.lnk
[2009/12/10 13:07:01 | 00,000,966 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Housecall Launcher.lnk
[2009/12/10 13:02:31 | 00,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/12/10 12:54:09 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/10/07 20:12:15 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/24 14:27:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/09/24 14:27:03 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/06 21:39:27 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/09/06 20:40:38 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/09/06 17:12:14 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/09/06 17:12:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/09/06 17:01:27 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2009/09/06 16:58:00 | 00,173,056 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2003/04/28 21:28:50 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2002/08/29 04:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1997/06/13 17:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/11/15 14:14:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FOG Downloader

========== Purity Check ==========


< End of report >

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:36 PM

Posted 15 December 2009 - 08:23 AM

How bout Malwarebytes? Did you run it?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 dan25

dan25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 15 December 2009 - 02:35 PM

yep malwarebytes worked! here is the log...

Malwarebytes' Anti-Malware 1.42
Database version: 3367
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

12/15/2009 1:33:22 PM
mbam-log-2009-12-15 (13-33-22).txt

Scan type: Quick Scan
Objects scanned: 103422
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{f146c9b1-vmvq-a9rc-nufl-d0ba00b4e999} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{f146c9b1-vmvq-a9rc-nufl-d0ba00b4e999} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Margotte (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4648ad63-4081-4a6c-9933-1b20afd94cbb}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{865790a9-b4ab-4f70-8f7e-11412ca9c56d}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,192.168.2.1 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 dan25

dan25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 15 December 2009 - 05:18 PM

and now the background options aren't disabled anymore! is my computer better yet or are there still other things you want me to do?

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:36 PM

Posted 15 December 2009 - 05:34 PM

Your logs look pretty good to me. How is your computer behaving now? Any problems?

If everything running smoothly let me know and I'll post some final steps for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 dan25

dan25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 15 December 2009 - 11:27 PM

Yeah, everything seems to be back to normal. Computer is behaving like it use to again, no warning pop-ups and all options are available again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users