Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2010


  • This topic is locked This topic is locked
7 replies to this topic

#1 Top Team 145

Top Team 145

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 12 January 2010 - 01:28 AM

Hello,

I greatly appreciate you kind souls for assisting the not so tech savvy of the world with removing these stubborn malware from our PCs. I have this nasty malware that has embedded itself in my computer. It started off calling itself "Malware Defense" trying to pass itself off as some type of Windows security program. It then changed itself to Internet Security 2010 and has now disabled my task manager it blocked me from running AVG and Mbam and is even now showing up in safe mode. It seems to be getting progressively more invasive.

I have tried to "fix" it with Hijackthis but it restores it self right away.

Please help!

DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 0:41:48.34 on Tue 01/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.86 [GMT -5:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\NServiceEntry.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\hijackthis.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\winlogon32.exe
BHO: c:\windows\system32\jugrz4y.dll: {a5bf49a2-94f1-42bd-f434-3604812c807d} - c:\windows\system32\jugrz4y.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [settdebugx.exe] c:\docume~1\owner\locals~1\temp\settdebugx.exe
uRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\docume~1\owner\locals~1\temp\smss.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [sibuguved] Rundll32.exe "c:\windows\system32\zuzogomi.dll",a
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\8.0\PAS8_Update.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\windows\system32\helper32.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {D0CF06E6-5ADD-4BFA-96C0-41125ECBCAE1} = 193.104.110.38,4.2.2.1,192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: numuligi.dll c:\windows\system32\zuzogomi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: fijulewib - {24ae4697-4733-462a-a6c4-39c793111474} - c:\windows\system32\zuzogomi.dll
STS: c:\windows\system32\jugrz4y.dll: {a5bf49a2-94f1-42bd-f434-3604812c807d} - c:\windows\system32\jugrz4y.dll
STS: gahurihor: {24ae4697-4733-462a-a6c4-39c793111474} - c:\windows\system32\zuzogomi.dll
LSA: Notification Packages = scecli vuzejofu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\wybhu9ey.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-10 11608]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-1-24 80640]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-10 55656]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\NServiceEntry.exe [2009-10-19 87336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-19 54752]
R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-12-24 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-12-24 122368]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-12-6 91392]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-10 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-10 185089]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-1-9 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-1-9 30104]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-12-24 245760]

=============== Created Last 30 ================

2010-01-10 07:21:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-10 05:18:07 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-10 05:18:01 0 d-----w- c:\program files\Avira
2010-01-10 05:18:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-10 04:45:59 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-01-10 04:44:30 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-10 04:44:30 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-10 04:03:29 0 ----a-w- c:\windows\system32\26500.exe
2010-01-10 03:43:29 0 ----a-w- c:\windows\system32\6334.exe
2010-01-10 03:26:53 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-10 03:23:24 0 ----a-w- c:\windows\system32\18467.exe
2010-01-10 03:03:42 0 d-----w- c:\program files\InternetSecurity2010
2010-01-10 02:50:19 0 ----a-w- c:\windows\system32\41.exe
2010-01-10 02:50:08 17920 ----a-w- c:\windows\system32\helper32.dll
2010-01-10 02:33:28 46 ----a-w- C:\p2hhr.bat
2010-01-10 02:33:23 472 ----a-w- c:\windows\system32\uses32.dat
2010-01-10 02:33:23 100 ----a-w- c:\windows\system32\flags.ini
2010-01-10 02:33:09 15000 ----a-w- c:\windows\system32\jugrz4y.dll
2010-01-10 02:33:06 27136 ----a-w- C:\jdmhvwpg.exe
2010-01-10 02:33:06 1 ----a-w- C:\s
2010-01-10 02:33:05 17408 --sha-w- c:\windows\system32\winlogon32.exe
2010-01-10 02:33:05 17408 --sha-w- c:\windows\system32\smss32.exe
2010-01-10 02:33:03 33792 ----a-w- C:\khkil.exe
2010-01-10 02:33:01 22528 ----a-w- C:\vwylecru.exe
2010-01-10 02:33:00 52224 ----a-w- C:\eujbmv.exe
2010-01-10 02:33:00 40960 ----a-w- c:\windows\system32\info.tmp
2010-01-10 01:48:39 0 d-----w- c:\docume~1\owner\applic~1\AVG8
2010-01-09 07:49:15 0 d-----w- c:\program files\Malware Defense
2010-01-08 22:02:47 0 d-----w- c:\program files\AviSynth 2.5
2010-01-08 18:45:45 69 ----a-w- c:\windows\NeroDigital.ini

==================== Find3M ====================

2009-12-03 12:05:13 26336 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-22 15:13:40 24056 ----a-w- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
1601-01-01 00:03:28 45568 --sha-w- c:\windows\system32\dejufedu.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\hawivobi.dll
1601-01-01 00:03:28 20992 --sha-w- c:\windows\system32\husugudi.exe
1601-01-01 00:03:28 45568 --sha-w- c:\windows\system32\jiyayuda.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\lezaromo.dll
1601-01-01 00:03:28 93184 --sha-w- c:\windows\system32\nayazezi.dll
1601-01-01 00:03:52 53248 --sha-w- c:\windows\system32\numuligi.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\nuvanifi.dll
1601-01-01 00:03:28 53248 --sha-w- c:\windows\system32\pujawewo.dll
1601-01-01 00:03:28 93184 --sha-w- c:\windows\system32\robejaku.dll
1601-01-01 00:03:52 53248 --sha-w- c:\windows\system32\royetuki.dll
1601-01-01 00:03:28 17408 --sha-w- c:\windows\system32\smss32.exe
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\tazeyubo.dll
1601-01-01 00:03:28 17408 --sha-w- c:\windows\system32\vozaposo.exe
1601-01-01 00:03:28 61440 --sha-w- c:\windows\system32\vunogenu.dll
1601-01-01 00:03:52 53248 --sha-w- c:\windows\system32\vuzejofu.dll
1601-01-01 00:03:28 92672 --sha-w- c:\windows\system32\wenihubi.dll
1601-01-01 00:03:28 17408 --sha-w- c:\windows\system32\winlogon32.exe
1601-01-01 00:03:28 93184 --sha-w- c:\windows\system32\zuzogomi.dll

============= FINISH: 0:44:11.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:54 PM

Posted 17 January 2010 - 02:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Top Team 145

Top Team 145
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 18 January 2010 - 01:02 PM

Ok I ran the OTL and here is the scan. Thanks for the help!

OTL logfile created on: 1/18/2010 12:50:02 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 155.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.33 Gb Free Space | 74.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 488.00 Mb Total Space | 372.41 Mb Free Space | 76.31% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAHMAL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2099/01/01 12:00:00 | 00,017,408 | -HS- | M] () -- C:\WINDOWS\system32\smss32.exe
PRC - [2010/01/18 12:28:04 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/01/09 22:03:22 | 01,020,928 | ---- | M] (Internet Security) -- C:\Program Files\InternetSecurity2010\IS2010.exe
PRC - [2010/01/09 21:59:09 | 00,026,116 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\smss.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/09 11:40:20 | 00,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/11/09 11:40:10 | 00,273,664 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/10/19 15:48:54 | 00,087,336 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2009/10/10 12:32:18 | 00,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/09/28 08:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/22 13:40:36 | 00,884,736 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/08/03 21:14:48 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/11/11 17:00:56 | 01,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 16:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 16:42:12 | 00,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/19 07:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005/09/22 18:29:08 | 00,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/09/22 18:29:08 | 00,303,104 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2004/08/04 02:56:48 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2004/06/29 09:45:16 | 00,102,400 | ---- | M] (Palo Alto Software) -- C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
PRC - [2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2003/04/09 17:11:12 | 00,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 16:59:24 | 00,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 16:49:36 | 00,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/09 16:41:38 | 00,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/09 20:31:02 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\system32\zifewiba.dll
MOD - [2099/01/01 12:00:00 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\system32\numuligi.dll
MOD - [2010/01/18 12:28:04 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/09 11:40:20 | 00,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/10/19 15:48:54 | 00,087,336 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2009/09/28 08:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/22 13:40:36 | 00,884,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/08/29 08:39:38 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/15 14:27:53 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/11/11 16:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) [Auto | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/01 19:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/03/09 20:31:02 | 00,065,795 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/01/10 10:36:50 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/01/10 10:36:50 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/08/05 22:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/28 15:33:56 | 00,055,656 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/28 15:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2005/11/11 16:43:52 | 00,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/10/19 07:59:12 | 00,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/05/23 11:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/15 09:40:54 | 00,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 09:40:46 | 00,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/03/09 20:31:02 | 00,021,456 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 20:31:02 | 00,016,080 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 20:31:00 | 00,051,024 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/02/28 08:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/09/03 11:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/22 07:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-220523388-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1482476501-220523388-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1482476501-220523388-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKU\S-1-5-21-1482476501-220523388-839522115-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found
IE - HKU\S-1-5-21-1482476501-220523388-839522115-1003\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1482476501-220523388-839522115-1003\S-1-5-21-1482476501-220523388-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-220523388-839522115-1003\S-1-5-21-1482476501-220523388-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://mail.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.ftp: "164.58.28.250"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "164.58.28.250"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "164.58.28.250"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks: "164.58.28.250"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "164.58.28.250"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 19:45:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 13:37:18 | 00,000,000 | ---D | M]

[2009/06/15 19:34:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/06/14 17:27:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/12 00:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wybhu9ey.default\extensions
[2007/11/23 11:30:14 | 00,000,000 | ---D | M] (SwitchProxy Tool) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wybhu9ey.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2008/04/20 12:55:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wybhu9ey.default\extensions\timer@cmszone.org
[2010/01/12 00:27:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/15 19:05:00 | 00,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2006/07/26 19:16:11 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/22 20:37:49 | 00,002,204 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2002/09/03 11:34:19 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\jugrz4y.dll) - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jugrz4y.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1482476501-220523388-839522115-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1482476501-220523388-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1482476501-220523388-839522115-1003\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe File not found
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [sibuguved] C:\WINDOWS\System32\zifewiba.DLL ()
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1482476501-220523388-839522115-1003..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Owner\Local Settings\Temp\smss.exe ()
O4 - HKU\S-1-5-21-1482476501-220523388-839522115-1003..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe ()
O4 - HKU\S-1-5-21-1482476501-220523388-839522115-1003..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security)
O4 - HKU\S-1-5-21-1482476501-220523388-839522115-1003..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1482476501-220523388-839522115-1003..\Run: [settdebugx.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\settdebugx.exe File not found
O4 - HKU\S-1-5-21-1482476501-220523388-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe (Palo Alto Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-220523388-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-220523388-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-1482476501-220523388-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-1482476501-220523388-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-1482476501-220523388-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-1482476501-220523388-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\helper32.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1482476501-220523388-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdsock.dll) - C:\WINDOWS\system32\kbdsock.dll ()
O20 - AppInit_DLLs: (numuligi.dll) - C:\WINDOWS\System32\numuligi.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\zifewiba.dll) - C:\WINDOWS\system32\zifewiba.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\system32\winlogon32.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: zanohawis - {b0d1aa2e-7c7c-4250-aa07-174f81c93b04} - C:\WINDOWS\system32\zifewiba.dll ()
O22 - SharedTaskScheduler: {A5BF49A2-94F1-42BD-F434-3604812C807D} - ujhsf879fiosdfhgs98fudifmnddfdfd - C:\WINDOWS\system32\jugrz4y.dll ()
O22 - SharedTaskScheduler: {b0d1aa2e-7c7c-4250-aa07-174f81c93b04} - tokatiluy - C:\WINDOWS\system32\zifewiba.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/12 18:35:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b95a4781-a9e5-11de-a2e9-000f1f60f83f}\Shell - "" = AutoRun
O33 - MountPoints2\{b95a4781-a9e5-11de-a2e9-000f1f60f83f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b95a4781-a9e5-11de-a2e9-000f1f60f83f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\system32\mshlps.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2099/01/01 12:00:00 | 00,025,088 | -HS- | C] (yezxhwwvHVU) -- C:\WINDOWS\System32\yapafeju.exe
[2099/01/01 12:00:00 | 00,020,992 | -HS- | C] (OSPjMGwPwpfr) -- C:\WINDOWS\System32\husugudi.exe
[2010/01/18 12:49:01 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/10 12:13:51 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/01/10 10:45:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Security Toolbar
[2010/01/10 10:28:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/10 10:28:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/10 00:18:07 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/10 00:18:07 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/10 00:18:07 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/10 00:18:07 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/10 00:18:04 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/01/10 00:18:01 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/10 00:18:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/09 23:45:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/09 23:44:30 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/01/09 23:44:30 | 00,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/01/09 23:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/09 23:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/09 22:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/09 22:03:42 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2010/01/09 21:33:03 | 00,033,792 | ---- | C] (FBcTSRgugUr) -- C:\khkil.exe
[2010/01/09 20:48:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2010/01/09 02:49:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malware Defense
[2010/01/08 17:05:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Geckofx
[2010/01/08 17:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/11/25 17:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\myBabylon_English
[2009/11/22 21:19:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/08/28 06:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/06/25 21:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/01/24 21:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\zifewiba.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\robejaku.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\nayazezi.dll
[2099/01/01 12:00:00 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\System32\hufovora.dll
[2099/01/01 12:00:00 | 00,061,952 | -HS- | M] () -- C:\WINDOWS\System32\hejapive.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\vuzejofu.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\royetuki.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\pujawewo.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\numuligi.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\wonizaki.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\jiyayuda.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\fulefoze.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\dejufedu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\tazeyubo.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\sidenohe.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\pihuwali.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\nuvanifi.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\lezaromo.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\hawivobi.dll
[2099/01/01 12:00:00 | 00,025,088 | -HS- | M] (yezxhwwvHVU) -- C:\WINDOWS\System32\yapafeju.exe
[2099/01/01 12:00:00 | 00,020,992 | -HS- | M] (OSPjMGwPwpfr) -- C:\WINDOWS\System32\husugudi.exe
[2099/01/01 12:00:00 | 00,017,408 | -HS- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2099/01/01 12:00:00 | 00,017,408 | -HS- | M] () -- C:\WINDOWS\System32\vozaposo.exe
[2099/01/01 12:00:00 | 00,017,408 | -HS- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/01/18 12:54:59 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\zezeramo
[2010/01/18 12:49:10 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\tpgvfbgg.job
[2010/01/18 12:49:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/18 12:49:05 | 00,101,824 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/01/18 12:48:46 | 00,000,218 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2010/01/18 12:46:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/18 12:46:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/18 12:46:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 12:46:29 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/18 12:28:04 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/13 13:15:01 | 05,505,024 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/01/13 13:15:01 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/13 13:14:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/12 00:36:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/12 00:14:46 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/10 12:20:51 | 00,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/01/10 12:14:10 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2010/01/10 12:01:32 | 00,508,638 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/10 12:01:32 | 00,432,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/10 12:01:32 | 00,067,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/10 11:28:58 | 00,001,298 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to hijackthis.lnk
[2010/01/10 11:28:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/10 10:36:50 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/01/10 02:42:22 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/10 02:25:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/10 00:18:37 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center to fix stupid Malware.lnk
[2010/01/09 23:49:26 | 00,402,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\malware.doc
[2010/01/09 23:44:30 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/01/09 21:50:08 | 00,017,920 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/09 21:33:28 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2010/01/09 21:33:09 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\jugrz4y.dll
[2010/01/09 21:33:06 | 00,027,136 | ---- | M] () -- C:\jdmhvwpg.exe
[2010/01/09 21:33:06 | 00,000,001 | ---- | M] () -- C:\s
[2010/01/09 21:33:04 | 00,033,792 | ---- | M] (FBcTSRgugUr) -- C:\khkil.exe
[2010/01/09 21:33:02 | 00,022,528 | ---- | M] () -- C:\vwylecru.exe
[2010/01/09 21:33:01 | 00,052,224 | ---- | M] () -- C:\eujbmv.exe
[2010/01/09 20:30:29 | 00,000,352 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MyScene.com.url
[2010/01/09 20:17:32 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/01/09 11:44:18 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$alware.doc
[2010/01/09 00:22:35 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/08 21:15:16 | 00,136,192 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 15:02:23 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/08 15:01:48 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/06 20:26:44 | 01,163,363 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\09 Disney Half Certificate.pdf
[2010/01/06 17:38:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/30 08:47:09 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ujima is to build and maintain our community together and make our brother.doc
[2009/12/30 08:46:42 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Book13.xls
[2009/12/29 02:01:00 | 00,008,297 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\n1271150299_5813.jpg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\zifewiba.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\robejaku.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\nayazezi.dll
[2099/01/01 12:00:00 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\hufovora.dll
[2099/01/01 12:00:00 | 00,061,952 | -HS- | C] () -- C:\WINDOWS\System32\hejapive.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\vuzejofu.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\royetuki.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\pujawewo.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\numuligi.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\wonizaki.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\jiyayuda.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\fulefoze.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\dejufedu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\tazeyubo.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\sidenohe.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pihuwali.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nuvanifi.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lezaromo.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hawivobi.dll
[2099/01/01 12:00:00 | 00,017,408 | -HS- | C] () -- C:\WINDOWS\System32\vozaposo.exe
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\zezeramo
[2010/01/18 12:49:10 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\tpgvfbgg.job
[2010/01/18 12:46:29 | 53,484,3392 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/10 11:28:58 | 00,001,298 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to hijackthis.lnk
[2010/01/10 02:21:49 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/10 00:18:36 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center to fix stupid Malware.lnk
[2010/01/09 23:03:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/09 22:43:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/09 22:23:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/09 21:50:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/01/09 21:50:08 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/09 21:33:28 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2010/01/09 21:33:23 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/01/09 21:33:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/09 21:33:09 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\jugrz4y.dll
[2010/01/09 21:33:06 | 00,027,136 | ---- | C] () -- C:\jdmhvwpg.exe
[2010/01/09 21:33:06 | 00,000,001 | ---- | C] () -- C:\s
[2010/01/09 21:33:05 | 00,017,408 | -HS- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/09 21:33:05 | 00,017,408 | -HS- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/01/09 21:33:01 | 00,022,528 | ---- | C] () -- C:\vwylecru.exe
[2010/01/09 21:33:00 | 00,052,224 | ---- | C] () -- C:\eujbmv.exe
[2010/01/09 11:44:18 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$alware.doc
[2010/01/09 11:44:16 | 00,402,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\malware.doc
[2010/01/08 22:40:23 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/08 16:38:20 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2010/01/08 13:45:45 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/06 20:26:43 | 01,163,363 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\09 Disney Half Certificate.pdf
[2009/12/30 08:47:03 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ujima is to build and maintain our community together and make our brother.doc
[2009/12/30 08:46:41 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Book13.xls
[2009/12/29 02:01:00 | 00,008,297 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\n1271150299_5813.jpg
[2009/11/22 20:33:20 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/12 19:59:44 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\evpro32.prf
[2009/09/25 06:29:37 | 00,231,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/29 20:43:43 | 00,000,008 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\L8457789100
[2009/08/17 20:24:25 | 00,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/08/13 01:13:44 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/19 12:36:57 | 00,036,641 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2009/06/15 11:03:52 | 00,000,228 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/03/09 19:33:26 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/03/09 19:21:08 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/03/03 12:27:16 | 00,000,065 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2007/07/07 11:01:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/03/01 23:32:56 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/03/01 23:32:51 | 00,454,162 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/03/01 23:32:50 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/03/01 23:32:50 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/03/01 23:32:49 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/03/01 23:32:46 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/03/01 23:32:44 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/12/26 21:43:40 | 00,000,363 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/11/21 22:31:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/21 22:09:37 | 00,136,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/10 15:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/03/09 20:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/11/13 15:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2002/09/03 12:08:49 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\mshlps.dll
[2002/09/03 12:08:49 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\kbdsock.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56DDC33
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
< End of report >


OTL Extras logfile created on: 1/18/2010 12:50:02 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 155.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.33 Gb Free Space | 74.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 488.00 Mb Total Space | 372.41 Mb Free Space | 76.31% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAHMAL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Motorola Media Link\MML.exe" = C:\Program Files\Motorola Media Link\MML.exe:*:Enabled:Motorola Media Link main -- (Nero corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{05921AD5-7449-4E3D-A276-8A031EAC67AE}" = Business Plan Pro 2005 Sample Plans
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09C37001-A57E-4CDB-85A4-7895F3B85DD4}" = Palo Alto Software's Application Manager 8.1
"{0B8FF60F-C012-4459-AADF-A3AD4E3757DE}" = Dell Picture Studio - Dell Image Expert
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{205F8D68-A379-4AB6-9919-FA3D6B3EBD55}" = Business Plan Pro 2005
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{721A5695-0D7A-11D7-BE83-ACC731000000}" = Personal Student Tutor
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111433970}" = Scrabble Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{831CBAC8-8283-4653-9D81-FEB9F3F6E47C}" = ADSTechnology
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86A44EF7-78FC-4e18-A564-B18F806F7F56}" = ActivationManager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}" = hp psc 2200 series
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96F5D143-C950-465D-A8BE-C3D4D9CB3C1F}" = FileMaker Pro 10
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F617649B-2104-41C7-B15A-9F0DE2AF8F4E}" = Minitab 15 English
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"AAA Logo_is1" = AAA Logo 1.22
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent 5.0.9
"Dell Photo Printer 720" = Dell Photo Printer 720
"ExamView Pro" = ExamView Pro
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"HP PSC 2200 Series" = HP Photo and Imaging 2.0 - hp psc 2200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{721A5695-0D7A-11D7-BE83-ACC731000000}" = Personal Student Tutor
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.70 Full
"LimeWire" = LimeWire 5.1.3
"Magic ISO Maker v5.3 (build 0216)" = Magic ISO Maker v5.3 (build 0216)
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Mcafee SecurityCenter" = McAfee SecurityCenter
"McDougal Littell EasyPlanner" = McDougal Littell EasyPlanner
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealAlt_is1" = Real Alternative 1.9.0
"SCRABBLE" = SCRABBLE
"ShockwaveFlash" = Macromedia Flash Player 8
"Snapshot Viewer" = Snapshot Viewer
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server Pro" = TVersity Media Server Pro 1.7.2.1 Beta
"VLC media player" = VideoLAN VLC media player 0.8.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2009 2:27:17 PM | Computer Name = JAHMAL | Source = Application Hang | ID = 1002
Description = Hanging application mghtml.exe, version 4.0.0.73, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/13/2009 2:27:17 PM | Computer Name = JAHMAL | Source = Application Hang | ID = 1002
Description = Hanging application mghtml.exe, version 4.0.0.73, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/13/2009 2:27:18 PM | Computer Name = JAHMAL | Source = Application Hang | ID = 1002
Description = Hanging application mghtml.exe, version 4.0.0.73, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/13/2009 2:27:44 PM | Computer Name = JAHMAL | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.21, faulting module
ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.

Error - 8/13/2009 3:43:24 PM | Computer Name = JAHMAL | Source = Application Hang | ID = 1002
Description = Hanging application mghtml.exe, version 4.0.0.73, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/14/2009 9:13:44 AM | Computer Name = JAHMAL | Source = Application Error | ID = 1000
Description = Faulting application mspaint.exe, version 5.1.2600.2180, faulting
module imm32.dll, version 5.1.2600.2180, fault address 0x00014797.

Error - 8/14/2009 9:14:07 AM | Computer Name = JAHMAL | Source = Application Error | ID = 1000
Description = Faulting application mspaint.exe, version 5.1.2600.2180, faulting
module imm32.dll, version 5.1.2600.2180, fault address 0x00014797.

Error - 8/14/2009 9:14:47 AM | Computer Name = JAHMAL | Source = Application Error | ID = 1000
Description = Faulting application mspaint.exe, version 5.1.2600.2180, faulting
module imm32.dll, version 5.1.2600.2180, fault address 0x00014797.

Error - 8/14/2009 11:35:43 AM | Computer Name = JAHMAL | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.21, faulting module
ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.

Error - 8/14/2009 11:40:12 AM | Computer Name = JAHMAL | Source = .NET Runtime | ID = 0
Description =

[ Application Events ]
Error - 8/13/2009 2:27:17 PM | Computer Name = JAHMAL | Source = Application Hang | ID = 1002
Description = Hanging application mghtml.exe, version 4.0.0.73, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/13/2009 2:27:17 PM | Computer Name = JAHMAL | Source = Application Hang | ID = 1002
Description = Hanging application mghtml.exe, version 4.0.0.73, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/13/2009 2:27:18 PM | Computer Name = JAHMAL | Source = Application Hang | ID = 1002
Description = Hanging application mghtml.exe, version 4.0.0.73, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/13/2009 2:27:44 PM | Computer Name = JAHMAL | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.21, faulting module
ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.

Error - 8/13/2009 3:43:24 PM | Computer Name = JAHMAL | Source = Application Hang | ID = 1002
Description = Hanging application mghtml.exe, version 4.0.0.73, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/14/2009 9:13:44 AM | Computer Name = JAHMAL | Source = Application Error | ID = 1000
Description = Faulting application mspaint.exe, version 5.1.2600.2180, faulting
module imm32.dll, version 5.1.2600.2180, fault address 0x00014797.

Error - 8/14/2009 9:14:07 AM | Computer Name = JAHMAL | Source = Application Error | ID = 1000
Description = Faulting application mspaint.exe, version 5.1.2600.2180, faulting
module imm32.dll, version 5.1.2600.2180, fault address 0x00014797.

Error - 8/14/2009 9:14:47 AM | Computer Name = JAHMAL | Source = Application Error | ID = 1000
Description = Faulting application mspaint.exe, version 5.1.2600.2180, faulting
module imm32.dll, version 5.1.2600.2180, fault address 0x00014797.

Error - 8/14/2009 11:35:43 AM | Computer Name = JAHMAL | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.21, faulting module
ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.

Error - 8/14/2009 11:40:12 AM | Computer Name = JAHMAL | Source = .NET Runtime | ID = 0
Description =

[ System Events ]
Error - 1/13/2010 2:04:19 PM | Computer Name = JAHMAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service
to connect.

Error - 1/13/2010 2:04:19 PM | Computer Name = JAHMAL | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%1053

Error - 1/13/2010 2:17:33 PM | Computer Name = JAHMAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Scheduler
service to connect.

Error - 1/13/2010 2:17:33 PM | Computer Name = JAHMAL | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%1053

Error - 1/13/2010 2:17:33 PM | Computer Name = JAHMAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service
to connect.

Error - 1/13/2010 2:17:33 PM | Computer Name = JAHMAL | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%1053

Error - 1/18/2010 1:48:25 PM | Computer Name = JAHMAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Scheduler
service to connect.

Error - 1/18/2010 1:48:25 PM | Computer Name = JAHMAL | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%1053

Error - 1/18/2010 1:48:25 PM | Computer Name = JAHMAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service
to connect.

Error - 1/18/2010 1:48:25 PM | Computer Name = JAHMAL | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%1053


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:54 PM

Posted 19 January 2010 - 10:27 AM

Hi,

please run a scan with gmer as well:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Top Team 145

Top Team 145
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 20 January 2010 - 12:47 AM

Ok, I ran the GMER here is the report. It took a while to run and I had to leave for work so I just got back in and posted it.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-20 00:39:20
Windows 5.1.2600 Service Pack 2
Running: 6l43n7pd.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwtdypoc.sys


---- System - GMER 1.0.15 ----

Code 82CF8A60 ZwEnumerateKey
Code 82D090B8 ZwFlushInstructionCache
Code 82CF8986 IofCallDriver
Code 82CF8446 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82CF898B
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82CF844B
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF20 5 Bytes JMP 82CF8A64
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A5A 5 Bytes JMP 82D090BC

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1784] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0102237E C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Windows Live Family Safety Service/Microsoft Corporation)
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2800] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 0037607C
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2800] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 003762AD
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2800] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 0037625E
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2800] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 003760C2
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2800] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003762D4
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2800] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 003760FC
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2800] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003761D2
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 0038607C
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 003862AD
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 0038625E
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 003860C2
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003862D4
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 003860FC
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003861D2
.text C:\WINDOWS\system32\dwwin.exe[2896] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003D607C
.text C:\WINDOWS\system32\dwwin.exe[2896] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 003D62AD
.text C:\WINDOWS\system32\dwwin.exe[2896] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 003D625E
.text C:\WINDOWS\system32\dwwin.exe[2896] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 003D60C2
.text C:\WINDOWS\system32\dwwin.exe[2896] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003D62D4
.text C:\WINDOWS\system32\dwwin.exe[2896] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 003D60FC
.text C:\WINDOWS\system32\dwwin.exe[2896] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003D61D2
.text C:\WINDOWS\system32\hkcmd.exe[3044] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 0037607C
.text C:\WINDOWS\system32\hkcmd.exe[3044] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 003762AD
.text C:\WINDOWS\system32\hkcmd.exe[3044] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 0037625E
.text C:\WINDOWS\system32\hkcmd.exe[3044] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 003760C2
.text C:\WINDOWS\system32\hkcmd.exe[3044] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003762D4
.text C:\WINDOWS\system32\hkcmd.exe[3044] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 003760FC
.text C:\WINDOWS\system32\hkcmd.exe[3044] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003761D2
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[3088] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A607C
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[3088] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 003A62AD
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[3088] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 003A625E
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[3088] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 003A60C2
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[3088] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003A62D4
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[3088] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 003A60FC
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[3088] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A61D2
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 0038607C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 003862AD
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 0038625E
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 003860C2
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003862D4
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 003860FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003861D2
.text C:\WINDOWS\system32\smss32.exe[3340] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 0036607C
.text C:\WINDOWS\system32\smss32.exe[3340] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 003662AD
.text C:\WINDOWS\system32\smss32.exe[3340] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 0036625E
.text C:\WINDOWS\system32\smss32.exe[3340] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 003660C2
.text C:\WINDOWS\system32\smss32.exe[3340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003662D4
.text C:\WINDOWS\system32\smss32.exe[3340] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 003660FC
.text C:\WINDOWS\system32\smss32.exe[3340] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003661D2
.text C:\WINDOWS\system32\ctfmon.exe[3400] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 0039607C
.text C:\WINDOWS\system32\ctfmon.exe[3400] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 003962AD
.text C:\WINDOWS\system32\ctfmon.exe[3400] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 0039625E
.text C:\WINDOWS\system32\ctfmon.exe[3400] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 003960C2
.text C:\WINDOWS\system32\ctfmon.exe[3400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003962D4
.text C:\WINDOWS\system32\ctfmon.exe[3400] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 003960FC
.text C:\WINDOWS\system32\ctfmon.exe[3400] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003961D2
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3472] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 0038607C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3472] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 003862AD
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3472] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 0038625E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3472] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 003860C2
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003862D4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3472] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 003860FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3472] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003861D2
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[3576] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A607C
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[3576] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 003A62AD
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[3576] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 003A625E
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[3576] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 003A60C2
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[3576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003A62D4
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[3576] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 003A60FC
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[3576] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A61D2
? C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] IMAGE_DOS_SIGNATURE not found;

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [USER32.DLL!GetDC] D90233EB
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [USER32.DLL!CopyRect] 24448B50
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [USER32.DLL!SetWindowPlacement] FA9CE814
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [USER32.DLL!MoveWindow] 4489FFFF
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [USER32.DLL!EndDialog] 8A581424
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [USER32.DLL!LoadIconA] 25C0D3E5
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetModuleHandleA] 5D042366
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetCommandLineA] 00409F07
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!SetFileTime] CB02D9F6
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetProcessHeap] D208E980
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!SetStdHandle] E9B60FED
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GlobalFree] 04036608
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!LoadResource] 409ECD55
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetModuleFileNameA] 8BD23300
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetStartupInfoA] 3BD82BDF
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!SetConsoleCtrlHandler] 04DC2494
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!lstrcmpiA] 09740000
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetEnvironmentStringsW] 0788038A
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetCommandLineW] EB424743
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GlobalMemoryStatus] FDA0E9EE
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!LoadLibraryW] C033FFFF
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!TlsFree] CD8BC58A
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetThreadLocale] 8B50C8D3
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!Sleep] E8142444
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetFileType] 14244489
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!LoadLibraryA] 0FC58A58
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!MultiByteToWideChar] DDF7E9BE
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetFileAttributesW] 830EC583
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!TerminateProcess] 187708FD
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetVersion] FF25C0D3
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!FindResourceW] F600003F
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetProcAddress] 0EC180D9
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!VirtualProtect] 83DDF7E9
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetSystemInfo] 27EB08C5
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetTickCount] 24448B50
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetCPInfo] FA08E814
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetCurrentThreadId] 4489FFFF
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!WideCharToMultiByte] 8A581424
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetFileSizeEx] 25C0D3E5
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!TlsSetValue] 00003FFF
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!SetConsoleCP] C180D9F6
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!ExitProcess] 0FEDD206
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!SetUnhandledExceptionFilter] DDF7E9B6
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetEnvironmentVariableA] 8B08C583
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetCurrentProcessId] 1FE283D0
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetOEMCP] 0101C281
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetCurrentProcess] 54890000
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [KERNEL32.DLL!GetACP] E8C11824
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [GDI32.DLL!SetStretchBltMode] 89421FE2
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [VERSION.DLL!VerQueryValueA] C08305E8
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [ADVAPI32.DLL!RegEnumValueW] 0004BA20
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [ADVAPI32.DLL!RegEnumKeyExW] 44C70000
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [OLE32.DLL!CoTaskMemAlloc] 794A0000
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [OLE32.DLL!CoCreateInstance] 24948DF5
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [OLE32.DLL!CoUninitialize] 00000164
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [MSVCRT.DLL!_adjust_fdiv] 42C70000
IAT C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe[3596] @ C:\DOCUME~1\Owner\LOCALS~1\Temp\smss.exe [MSVCRT.DLL!_XcptFilter] 00000004

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTjeunwomxsa.sys (*** hidden *** ) EF57B000-EF598000 (118784 bytes)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\H8SRTjeunwomxsa.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTjeunwomxsa.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTjeunwomxsa.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTmwxeltpvaq.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcskbwitfyo.dat
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTjrindrxmpk.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTmqrpoaybpv.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTjeunwomxsa.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTjeunwomxsa.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTmwxeltpvaq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcskbwitfyo.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTjrindrxmpk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTmqrpoaybpv.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTerrors \\?\globalroot\systemroot\system32\H8SRTbvpdipmbce.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTjeunwomxsa.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTjeunwomxsa.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTmwxeltpvaq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcskbwitfyo.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTjrindrxmpk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTmqrpoaybpv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTerrors \\?\globalroot\systemroot\system32\H8SRTbvpdipmbce.log
Reg HKLM\SOFTWARE\Classes\CLSID\{6041C420-22B4-140A-3B055037524C6B59}\{9A77D18C-4DFD-83C2-41C1A5F44022B903}\{B579578C-D2DD-BD46-01C9D6D000184189}
Reg HKLM\SOFTWARE\Classes\CLSID\{6041C420-22B4-140A-3B055037524C6B59}\{9A77D18C-4DFD-83C2-41C1A5F44022B903}\{B579578C-D2DD-BD46-01C9D6D000184189}@RA4KGUJC6T6LBNJRIDQ63C2L6C1 0x01 0x00 0x01 0x00 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator\Local Settings\Temp\h8srtmainqt.dll 16527 bytes
File C:\Documents and Settings\Owner\Local Settings\Temp\H8SRTa787.tmp 343040 bytes executable
File C:\Documents and Settings\Owner\Local Settings\Temp\h8srtmainqt.dll 16384 bytes
File C:\Documents and Settings\Shiloh\Local Settings\Temp\h8srtmainqt.dll 383 bytes
File C:\WINDOWS\system32\drivers\H8SRTjeunwomxsa.sys 40448 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\H8SRTbvpdipmbce.log 945 bytes
File C:\WINDOWS\system32\H8SRTcskbwitfyo.dat 238 bytes
File C:\WINDOWS\system32\H8SRTjrindrxmpk.dll 36864 bytes executable
File C:\WINDOWS\system32\h8srtkrl32mainweq.dll 0 bytes
File C:\WINDOWS\system32\H8SRTmqrpoaybpv.dll 40960 bytes executable
File C:\WINDOWS\system32\H8SRTmwxeltpvaq.dll 23040 bytes executable
File C:\WINDOWS\Temp\H8SRTd56b.tmp 246 bytes
File C:\WINDOWS\Temp\H8SRT2de1.tmp 246 bytes
File C:\WINDOWS\Temp\H8SRT5c25.tmp 205 bytes
File C:\WINDOWS\Temp\H8SRT7460.tmp 246 bytes
File C:\WINDOWS\Temp\H8SRTa9ad.tmp 246 bytes
File C:\WINDOWS\Temp\H8SRTb07e.tmp 160 bytes
File C:\WINDOWS\Temp\H8SRTb6a4.tmp 246 bytes

---- EOF - GMER 1.0.15 ----


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:54 PM

Posted 20 January 2010 - 03:05 PM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Top Team 145

Top Team 145
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 25 January 2010 - 12:41 AM

I will take your advice and reformat and reinstall of the OS. Thanks!!

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:54 PM

Posted 29 January 2010 - 12:15 PM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users