Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4161
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/1/10 1:23:56 PM
mbam-log-2010-06-01 (13-23-56).txt
Scan type: Quick scan
Objects scanned: 155167
Time elapsed: 12 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4198696314-1075109031-3583544771-1149\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4198696314-1075109031-3583544771-1149\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-4198696314-1075109031-3583544771-1149\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-4198696314-1075109031-3583544771-1149\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-4198696314-1075109031-3583544771-1149\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMechanic deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\M-Racing\Application Data\Registry Mechanic folder moved successfully.
C:\Program Files\Registry Mechanic\ref folder moved successfully.
C:\Program Files\Registry Mechanic\LuLng folder moved successfully.
C:\Program Files\Registry Mechanic\log folder moved successfully.
C:\Program Files\Registry Mechanic\Data\Resources folder moved successfully.
C:\Program Files\Registry Mechanic\Data\plugins folder moved successfully.
C:\Program Files\Registry Mechanic\Data folder moved successfully.
C:\Program Files\Registry Mechanic\backup folder moved successfully.
C:\Program Files\Registry Mechanic folder moved successfully.
C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk moved successfully.
C:\WINDOWS\system32\jmhyj.dll moved successfully.
========== REGISTRY ==========
HKU\S-1-5-21-4198696314-1075109031-3583544771-1149\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 385747 bytes
->Temporary Internet Files folder emptied: 69762418 bytes
->Flash cache emptied: 42025 bytes
User: Administrator.IAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: BB443B11-7D12-450c-9F85-2D32804655F9
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 918878 bytes
->Flash cache emptied: 41620 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes
User: M-Racing
->Temp folder emptied: 750009 bytes
->Temporary Internet Files folder emptied: 414086 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66703362 bytes
->Flash cache emptied: 1936298 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
User: victoro
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 781403 bytes
->Flash cache emptied: 348 bytes
User: __sbs_netsetup__
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23947836 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 158.00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: Administrator.IAN
User: All Users
User: BB443B11-7D12-450c-9F85-2D32804655F9
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: M-Racing
->Flash cache emptied: 0 bytes
User: NetworkService
User: victoro
->Flash cache emptied: 0 bytes
User: __sbs_netsetup__
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.5.2 log created on 06012010_132538
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL logfile created on: 6/1/10 1:37:21 PM - Run 2
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\M-Racing\Desktop\New Folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy
1,023.00 Mb Total Physical Memory | 456.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.16 Gb Free Space | 70.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 298.09 Gb Total Space | 136.96 Gb Free Space | 45.95% Space Free | Partition Type: NTFS
Drive Q: | 1.00 Gb Total Space | 0.99 Gb Free Space | 98.53% Space Free | Partition Type: NTFS
Drive U: | 1.00 Gb Total Space | 0.99 Gb Free Space | 98.53% Space Free | Partition Type: NTFS
Computer Name: IAN
Current User Name: IanK
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/06/01 09:28:32 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\M-Racing\Desktop\New Folder\OTL.exe
PRC - [2010/04/02 08:24:05 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/04 14:44:04 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/03/04 14:44:03 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/03/04 14:44:02 | 001,831,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/03/04 14:44:02 | 001,775,344 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/03/04 14:44:02 | 001,447,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/12 21:41:42 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/11/12 20:59:54 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003/03/11 10:45:06 | 000,774,144 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (SafeList) ========== MOD - [2010/06/01 09:28:32 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\M-Racing\Desktop\New Folder\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
SRV - [2010/03/04 14:44:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/03/04 14:44:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/03/04 14:44:02 | 001,831,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/03/04 14:44:02 | 001,775,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/03/04 14:44:02 | 000,345,416 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/06/17 14:50:58 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/11/12 20:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ========== DRV - [2010/05/28 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100531.040\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100531.040\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/04 14:54:55 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/04 14:44:04 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/03/04 14:44:04 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/03/04 14:44:04 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/03/04 14:43:59 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/10/08 12:45:03 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/02/12 09:39:30 | 000,034,978 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2003/02/06 23:13:58 | 000,032,197 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2002/09/20 11:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/11/05 09:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 09:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sonyhcb.sys -- (sonyhcb)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 9F 73 BD E9 FC CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=H67nu3tDHhXV2POMbfbw_Q&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 08:24:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 08:24:16 | 000,000,000 | ---D | M]
[2009/03/18 07:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M-Racing\Application Data\Mozilla\Extensions
[2010/06/01 07:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M-Racing\Application Data\Mozilla\Firefox\Profiles\lwajtmzt.default\extensions
[2009/09/02 17:43:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\M-Racing\Application Data\Mozilla\Firefox\Profiles\lwajtmzt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/06 18:21:31 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\M-Racing\Application Data\Mozilla\Firefox\Profiles\lwajtmzt.default\searchplugins\mywebsearch.xml
[2010/06/01 07:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2003/03/31 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Outlook\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MENDEOLA.local
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\M-Racing\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\M-Racing\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/11 13:10:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b928f212-570e-11df-8d15-0007e941973f}\Shell - "" = AutoRun
O33 - MountPoints2\{b928f212-570e-11df-8d15-0007e941973f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b928f212-570e-11df-8d15-0007e941973f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/06/01 13:25:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/29 08:38:07 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/05/27 08:23:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\M-Racing\Recent
[2010/05/26 08:40:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\M-Racing\IECompatCache
[2010/05/25 08:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M-Racing\Desktop\New Folder
[2010/05/24 09:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M-Racing\Application Data\MailWasherFree
[2010/05/04 13:04:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\M-Racing\My Documents\My Videos
[2010/05/04 09:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/04 09:49:36 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2010/05/04 09:49:36 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2010/05/04 09:49:36 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2010/05/03 17:16:32 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/05/03 17:05:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/05/03 17:05:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/05/03 08:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M-Racing\Application Data\Malwarebytes
========== Files - Modified Within 30 Days ========== [2010/06/01 13:40:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{059452C5-40F9-413E-B209-2EE8BE39459F}.job
[2010/06/01 13:37:40 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\M-Racing\Desktop\mbr.exe
[2010/06/01 13:29:31 | 000,021,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/01 13:28:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/01 13:28:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/01 13:26:47 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\M-Racing\NTUSER.DAT
[2010/06/01 13:26:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\M-Racing\ntuser.ini
[2010/06/01 06:38:14 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\M-Racing\Desktop\Microsoft Office Outlook 2003.lnk
[2010/05/27 17:57:38 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\M-Racing\My Documents\FAILURE REPORT WARRANTY FORM.doc
[2010/05/20 13:05:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/05 15:00:54 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\M-Racing\ntuser.dat.rmbak
[2010/05/05 13:58:36 | 000,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/05 13:58:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/05 13:58:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/04 03:18:08 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/04 03:18:08 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/03 17:12:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/03 17:06:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/05/03 16:53:15 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\M-Racing\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ========== [2010/06/01 13:37:40 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\M-Racing\Desktop\mbr.exe
[2010/05/27 17:57:35 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\M-Racing\My Documents\FAILURE REPORT WARRANTY FORM.doc
[2010/05/05 15:00:34 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\M-Racing\S-1-5-21-4198696314-1075109031-3583544771-1149.rrr.LOG
[2010/05/03 17:06:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/10/17 12:05:00 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Tda50.INI
[2008/10/17 12:05:00 | 000,000,736 | ---- | C] () -- C:\WINDOWS\Tda200.INI
[2008/08/20 14:08:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/17 14:50:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/06/28 10:02:49 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/08/24 18:04:13 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/24 17:55:31 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/08/24 17:53:11 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/08/24 17:18:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/08/24 17:14:35 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/08/24 17:11:19 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/24 17:09:22 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/07/15 15:28:36 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/13 10:12:15 | 000,000,708 | ---- | C] () -- C:\WINDOWS\System32\dxamph3.dll
[2005/10/26 12:44:19 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/03 17:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/07 10:38:02 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2003/09/23 14:40:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2003/09/23 14:26:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/11 13:22:39 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/08/12 22:26:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/10 16:37:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/07/31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
This topic is locked
ark.log 2.77KB
5 downloads
Back to top
