Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Antimalware Doctor and Antivirus Action


  • Please log in to reply
21 replies to this topic

#1 mmartinez

mmartinez

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 05 December 2010 - 10:46 AM

Hello,

I have Windows XP and I believe I am infected by a virus. There are several "fake" antivirus programs running on my computer that I am unable to stop. I have Antimalware Doctor, Antivirus Action, and several pop-ups saying Windows Security Alert.

I ran Spybot Search and Destroy and A-squared. It found Trojan.Win32.Agent!IK but it could not delete the virus. I can't run any of my programs, like Google Chrome. Please help!

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:11 AM

Posted 05 December 2010 - 02:35 PM

Hi mmartinez,

Have you tried the removal instructions Here.
Let me know how things go.

Thanks

BBPP6nz.png


#3 mmartinez

mmartinez
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 05 December 2010 - 09:15 PM

Thank you very much for the reply. I ran the Malwarebytes' Anti-Malware and it removed all of the fake security programs. I re-booted and it appears to be fine, but Google Chrome and Internet Explorer do not work. I am also getting a pop-up that says "Just in time debugging" and it says to select a debugger. The pop-up won't go away.

Thank you.

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:11 AM

Posted 07 December 2010 - 07:45 AM

Hi mmartinez,

I am also getting a pop-up that says "Just in time debugging" and it says to select a debugger.

Try this:
Click on Start >> Control Panel >> Internet Options >> Advanced tab.
Make sure the following are ticked. (under Browsing)

Disable Script Debugging (Internet Explorer)
Disable Script Debugging (Other)


Let's try another program and see if that cleans off anything:

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (plus any recommended items):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.

    Scan with SUPERAntiSpyware as follows:
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure that all drives are checked.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

BBPP6nz.png


#5 mmartinez

mmartinez
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 07 December 2010 - 09:15 PM

Hi Starbuck,

Thanks for the reply. I went to control panel and followed your instructions. I also ran SuperAntiSypware and it removed several threats. When I re-booted, I now have a pop-up window for White Smoke Translator. I'm unable to close the window because it asks for my email. I'm also getting a pop-up for Microsoft Script Editor. Under Process it says [1920] C:\WINDOWS\system32\svchost.exe.

Below is the log from SuperAntiSpyware. Thanks for your help.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/07/2010 at 07:26 PM

Application Version : 4.46.1000

Core Rules Database Version : 5907
Trace Rules Database Version: 3719

Scan type : Complete Scan
Total Scan Time : 00:50:37

Memory items scanned : 521
Memory threats detected : 0
Registry items scanned : 8218
Registry threats detected : 1
File items scanned : 23036
File threats detected : 104

Malware.Trace
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman

Rogue.AntiMalwareDoctor
C:\Documents and Settings\Monui\Application Data\8AE5BDC947B07415DF004DC5EB4CAF5E

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
interclick.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\3YQJZ3YH ]
m1.2mdn.net [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\3YQJZ3YH ]
udn.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\3YQJZ3YH ]
.247realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.at.atwola.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.oasn04.247realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5pjpqjz5.default\cookies.txt ]
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt
C:\Documents and Settings\Guest\Cookies\guest@media6degrees[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt
C:\Documents and Settings\Guest\Cookies\guest@stat.onestat[2].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@revsci[2].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@iacas.adbureau[1].txt
C:\Documents and Settings\Guest\Cookies\guest@a1.interclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.lucidmedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adbureau[1].txt
C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
C:\Documents and Settings\Guest\Cookies\guest@statcounter[1].txt
C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[2].txt
C:\Documents and Settings\Guest\Cookies\guest@eas.apm.emediate[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adcentriconline[1].txt
C:\Documents and Settings\Guest\Cookies\guest@usatourist.advertserve[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt
C:\Documents and Settings\Guest\Cookies\guest@c7.zedo[1].txt
C:\Documents and Settings\Guest\Cookies\guest@andomedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@videoegg.adbureau[2].txt
C:\Documents and Settings\Guest\Cookies\guest@burstnet[1].txt
C:\Documents and Settings\Guest\Cookies\guest@cbs.112.2o7[2].txt
C:\Documents and Settings\Guest\Cookies\guest@f.blogads[1].txt
C:\Documents and Settings\Guest\Cookies\guest@data.coremetrics[1].txt
C:\Documents and Settings\Guest\Cookies\guest@specificclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@www.burstnet[2].txt
C:\Documents and Settings\Guest\Cookies\guest@twctsg.122.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@kontera[2].txt
C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt
C:\Documents and Settings\Guest\Cookies\guest@onlinerewardcenter[2].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
C:\Documents and Settings\Guest\Cookies\guest@insightexpressai[2].txt
C:\Documents and Settings\Guest\Cookies\guest@overture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@d3.zedo[2].txt
C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.bridgetrack[2].txt
C:\Documents and Settings\Guest\Cookies\guest@flightstats[1].txt
C:\Documents and Settings\Guest\Cookies\guest@collective-media[1].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt
adimages.scrippsnetworks.com [ C:\Documents and Settings\Monui\Application Data\Macromedia\Flash Player\#SharedObjects\GZLKYUXY ]
adsatt.espn.go.com [ C:\Documents and Settings\Monui\Application Data\Macromedia\Flash Player\#SharedObjects\GZLKYUXY ]
media.onsugar.com [ C:\Documents and Settings\Monui\Application Data\Macromedia\Flash Player\#SharedObjects\GZLKYUXY ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Monui\Application Data\Macromedia\Flash Player\#SharedObjects\GZLKYUXY ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KYUAX427 ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KYUAX427 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KYUAX427 ]

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\OJOQUKIV.DLL
C:\WINDOWS\OTIZOPESIQASOQE.DLL

Trojan.Downloader-Gen/Suspicious
C:\WINDOWS\TEMP\YADD\SETUP.EXE

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:11 AM

Posted 08 December 2010 - 03:42 AM

Hi mmartinez,

I need to get some other reports which you can't post in this forum.
Please bare with me while i get one of the mods to move this topic.

Thanks.

BBPP6nz.png


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:11 AM

Posted 08 December 2010 - 05:05 AM

Hi mmartinez

Now the thread has been moved:

  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Posted Image
  • Now copy the lines in bold below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
    .
  • Click the Run Scan button.

    Posted Image
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.


Thanks

BBPP6nz.png


#8 mmartinez

mmartinez
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 08 December 2010 - 07:52 PM

Hi Starbuck,

I downloaded OTL and ran the program. Below I pasted the results from OTL.txt and Extras.Txt. Thanks for you help.

OTL logfile created on: 12/8/2010 6:52:51 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Monui\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 91.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 41.91 Gb Free Space | 48.09% Space Free | Partition Type: NTFS

Computer Name: MONICA | User Name: Monui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Monui\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe ()
PRC - C:\Program Files\WhiteSmoke Translator\WhiteSmokeDictRegistration.exe (WhiteSmoke)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Monui\Desktop\OTL.scr (OldTimer Tools)
MOD - C:\WINDOWS\savedsvc.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\uyamecusuramujo.dll ()
MOD - C:\WINDOWS\system32\ddraw.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dciman32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\Monui\LOCALS~1\Temp\catchme.sys File not found
DRV - (cytxbtimb) -- C:\WINDOWS\System32\drivers\cytxbtimb.sys ()
DRV - (qqdhw) -- C:\WINDOWS\System32\drivers\qqdhw.sys ()
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090904.009\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090904.009\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (tifmsony) -- C:\WINDOWS\system32\drivers\tifmsony.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z007&form=ZGAADF&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{3EC64ACE-C229-471F-823A-DAD76455D717}: C:\Documents and Settings\Monui\Local Settings\Application Data\{3EC64ACE-C229-471F-823A-DAD76455D717} [2010/12/04 21:50:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/21 13:20:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/21 13:20:13 | 000,000,000 | ---D | M]

[2010/05/22 09:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\Mozilla\Firefox\Profiles\t3nfpkjo.default\extensions
[2009/10/14 18:59:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Monui\Application Data\Mozilla\Firefox\Profiles\t3nfpkjo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/22 09:16:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Monui\Application Data\Mozilla\Firefox\Profiles\t3nfpkjo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/03 20:52:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Monui\Application Data\Mozilla\Firefox\Profiles\t3nfpkjo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/05 02:09:46 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Monui\Application Data\Mozilla\Firefox\Profiles\t3nfpkjo.default\searchplugins\bing-zugo.xml
[2010/12/05 09:28:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/09/06 10:04:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/09/19 10:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/09/19 10:56:42 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/09/19 10:56:42 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/09/19 10:56:43 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/09/19 10:56:43 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/09/19 10:56:43 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/12/06 18:25:38 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2009/03/27 22:00:30 | 000,303,867 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.254.254.253 Xdrive
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127

#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:11 AM

Posted 09 December 2010 - 05:03 AM

Hi mmartinez,

Unfortunately the Otl report was cut off.
Please repost the 2 reports .... you may have to post them seperately.

Thanks.

BBPP6nz.png


#10 mmartinez

mmartinez
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 09 December 2010 - 09:54 AM

Hi Starbuck,
Sorry about that. Below I pasted the first file. I'll paste the Extras file in a second response. Thanks.

OTL logfile created on: 12/8/2010 6:52:51 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Monui\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 91.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 41.91 Gb Free Space | 48.09% Space Free | Partition Type: NTFS

Computer Name: MONICA | User Name: Monui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Monui\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe ()
PRC - C:\Program Files\WhiteSmoke Translator\WhiteSmokeDictRegistration.exe (WhiteSmoke)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Monui\Desktop\OTL.scr (OldTimer Tools)
MOD - C:\WINDOWS\savedsvc.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\uyamecusuramujo.dll ()
MOD - C:\WINDOWS\system32\ddraw.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dciman32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\Monui\LOCALS~1\Temp\catchme.sys File not found
DRV - (cytxbtimb) -- C:\WINDOWS\System32\drivers\cytxbtimb.sys ()
DRV - (qqdhw) -- C:\WINDOWS\System32\drivers\qqdhw.sys ()
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090904.009\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090904.009\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (tifmsony) -- C:\WINDOWS\system32\drivers\tifmsony.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z007&form=ZGAADF&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{3EC64ACE-C229-471F-823A-DAD76455D717}: C:\Documents and Settings\Monui\Local Settings\Application Data\{3EC64ACE-C229-471F-823A-DAD76455D717} [2010/12/04 21:50:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/21 13:20:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/21 13:20:13 | 000,000,000 | ---D | M]

[2010/05/22 09:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\Mozilla\Firefox\Profiles\t3nfpkjo.default\extensions
[2009/10/14 18:59:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Monui\Application Data\Mozilla\Firefox\Profiles\t3nfpkjo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/22 09:16:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Monui\Application Data\Mozilla\Firefox\Profiles\t3nfpkjo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/03 20:52:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Monui\Application Data\Mozilla\Firefox\Profiles\t3nfpkjo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/05 02:09:46 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Monui\Application Data\Mozilla\Firefox\Profiles\t3nfpkjo.default\searchplugins\bing-zugo.xml
[2010/12/05 09:28:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/09/06 10:04:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/09/19 10:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/09/19 10:56:42 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/09/19 10:56:42 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/09/19 10:56:43 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/09/19 10:56:43 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/09/19 10:56:43 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/12/06 18:25:38 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2009/03/27 22:00:30 | 000,303,867 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.254.254.253 Xdrive
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10469 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Hwudomebufebo] C:\WINDOWS\uyamecusuramujo.DLL ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk = C:\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.etoreports.com/viewer9/activeXViewer/activexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://m-cam.uchicago.edu/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Monui\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Monui\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/05 13:32:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8e51e3c0-86cd-11da-99c3-806d6172696f}\Shell\AutoRun\command - "" = E:\sony\Autorun.exe -- File not found
O33 - MountPoints2\{f9d0b70d-0a6f-11dc-a26c-00166f4c6745}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: cscrsmgr - (C:\WINDOWS\savedsvc.dll) - C:\WINDOWS\savedsvc.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "LiveUpdate Notice Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk.disabled - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk.disabled - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: nmapp - hkey= - key= - C:\Program Files\Pure Networks\Network Magic\nmapp.exe File not found
MsConfig - StartUpReg: nmctxth - hkey= - key= - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 18:51:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monui\Desktop\OTL.scr
[2010/12/07 18:30:36 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Monui\Desktop\SUPERAntiSpyware.exe
[2010/12/06 18:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monui\Desktop\gmer
[2010/12/06 18:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\WhiteSmokeTranslator
[2010/12/06 18:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke Translator
[2010/12/06 18:26:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[2010/12/05 19:49:44 | 000,755,552 | ---- | C] (Secunia) -- C:\Documents and Settings\Monui\Desktop\PSISetup.exe
[2010/12/05 19:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monui\Local Settings\Application Data\Secunia PSI
[2010/12/05 19:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/12/05 17:50:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/05 17:50:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/05 17:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/05 02:15:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Monui\Recent
[2010/12/05 02:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monui\Application Data\whitesmoketoolbar
[2010/12/05 02:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2010/12/04 22:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/04 22:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/04 22:04:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\winad
[2010/12/04 21:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monui\Local Settings\Application Data\{3EC64ACE-C229-471F-823A-DAD76455D717}
[2010/12/04 21:45:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/11/16 18:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monui\Application Data\Amazon
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/08 18:51:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monui\Desktop\OTL.scr
[2010/12/07 21:05:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/07 21:01:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 21:01:05 | 526,880,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/07 18:31:19 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/07 18:30:29 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Monui\Desktop\SUPERAntiSpyware.exe
[2010/12/06 18:27:17 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Buy Whitesmoke Translator.lnk
[2010/12/06 18:27:17 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/12/06 18:27:01 | 000,001,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch WhiteSmoke Translator.lnk
[2010/12/06 18:24:53 | 000,001,372 | ---- | M] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/12/06 18:20:14 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Monui\Desktop\dds.scr
[2010/12/06 18:19:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Monui\defogger_reenable
[2010/12/05 19:49:42 | 000,755,552 | ---- | M] (Secunia) -- C:\Documents and Settings\Monui\Desktop\PSISetup.exe
[2010/12/05 19:44:39 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/05 17:50:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/05 17:44:23 | 000,660,752 | ---- | M] () -- C:\Documents and Settings\Monui\Desktop\iExplore.exe
[2010/12/05 09:15:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\cytxbtimb.sys
[2010/12/05 02:09:39 | 000,046,080 | -H-- | M] () -- C:\WINDOWS\savedsvc.dll
[2010/12/04 22:57:41 | 000,000,387 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/12/04 21:55:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\qqdhw.sys
[2010/12/04 21:48:43 | 000,046,080 | -H-- | M] () -- C:\WINDOWS\System32\savedsvc.dll
[2010/12/04 19:11:46 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/04 10:47:37 | 000,194,353 | ---- | M] () -- C:\Documents and Settings\Monui\Desktop\She-Ra.jpg
[2010/12/04 10:43:47 | 000,024,560 | ---- | M] () -- C:\Documents and Settings\Monui\Desktop\sheracq5.jpg
[2010/12/02 16:16:25 | 000,583,770 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\PDFDocument (3).pdf
[2010/12/02 16:15:47 | 000,588,950 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\PDFDocument (2).pdf
[2010/12/02 16:15:13 | 000,008,688 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\PDFDocument (1).pdf
[2010/12/02 16:15:05 | 000,976,107 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\PDFDocument.pdf
[2010/12/02 14:50:15 | 000,058,273 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\Manager_of_Analysis_and_Reporting.pdf
[2010/11/30 11:22:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/30 11:22:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/22 19:09:58 | 000,963,363 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\Statement-20101115 (1).pdf
[2010/11/22 19:06:47 | 000,963,364 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\Statement-20101115.pdf
[2010/11/22 18:44:44 | 000,459,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/22 18:44:43 | 000,079,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/21 12:31:30 | 000,733,736 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\79960.pdf
[2010/11/20 18:39:25 | 000,573,291 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\Thai-Pavilion-Restaurant-Menu.pdf
[2010/11/16 18:32:53 | 000,005,697 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\AmazonMP3-1289950374.amz
[2010/11/16 18:30:38 | 001,008,936 | ---- | M] () -- C:\Documents and Settings\Monui\My Documents\AmazonMP3Installer.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 18:31:19 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/06 18:27:17 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy Whitesmoke Translator.lnk
[2010/12/06 18:27:17 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/12/06 18:27:01 | 000,001,453 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch WhiteSmoke Translator.lnk
[2010/12/06 18:24:53 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/12/06 18:20:15 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Monui\Desktop\dds.scr
[2010/12/06 18:19:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Monui\defogger_reenable
[2010/12/05 17:50:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/05 17:44:27 | 000,660,752 | ---- | C] () -- C:\Documents and Settings\Monui\Desktop\iExplore.exe
[2010/12/05 02:09:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\cytxbtimb.sys
[2010/12/05 02:09:39 | 000,046,080 | -H-- | C] () -- C:\WINDOWS\savedsvc.dll
[2010/12/04 21:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\qqdhw.sys
[2010/12/04 21:48:43 | 000,046,080 | -H-- | C] () -- C:\WINDOWS\System32\savedsvc.dll
[2010/12/04 10:47:37 | 000,194,353 | ---- | C] () -- C:\Documents and Settings\Monui\Desktop\She-Ra.jpg
[2010/12/04 10:43:46 | 000,024,560 | ---- | C] () -- C:\Documents and Settings\Monui\Desktop\sheracq5.jpg
[2010/12/02 16:16:25 | 000,583,770 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\PDFDocument (3).pdf
[2010/12/02 16:15:46 | 000,588,950 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\PDFDocument (2).pdf
[2010/12/02 16:15:13 | 000,008,688 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\PDFDocument (1).pdf
[2010/12/02 16:15:04 | 000,976,107 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\PDFDocument.pdf
[2010/12/02 14:50:11 | 000,058,273 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\Manager_of_Analysis_and_Reporting.pdf
[2010/11/22 19:09:57 | 000,963,363 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\Statement-20101115 (1).pdf
[2010/11/22 19:06:44 | 000,963,364 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\Statement-20101115.pdf
[2010/11/21 12:31:28 | 000,733,736 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\79960.pdf
[2010/11/20 18:39:23 | 000,573,291 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\Thai-Pavilion-Restaurant-Menu.pdf
[2010/11/16 18:32:53 | 000,005,697 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\AmazonMP3-1289950374.amz
[2010/11/16 18:30:34 | 001,008,936 | ---- | C] () -- C:\Documents and Settings\Monui\My Documents\AmazonMP3Installer.exe
[2010/04/01 20:24:58 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/03/20 17:44:55 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/12 22:13:08 | 000,694,681 | -HS- | C] () -- C:\WINDOWS\System32\pesntcwp.ini
[2007/10/12 22:06:48 | 000,694,441 | -HS- | C] () -- C:\WINDOWS\System32\vgcdsbqa.ini
[2007/10/12 06:24:13 | 000,694,312 | -HS- | C] () -- C:\WINDOWS\System32\ypiqbofb.ini
[2007/10/12 06:06:49 | 000,694,201 | -HS- | C] () -- C:\WINDOWS\System32\eeajegkh.ini
[2007/10/11 23:17:05 | 000,694,072 | -HS- | C] () -- C:\WINDOWS\System32\lyojdtek.ini
[2007/10/11 22:23:29 | 000,693,961 | -HS- | C] () -- C:\WINDOWS\System32\gwrhflfe.ini
[2007/10/11 21:16:10 | 000,693,721 | -HS- | C] () -- C:\WINDOWS\System32\ikoybipg.ini
[2007/10/11 11:43:22 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\twqwrvdc.ini
[2007/10/11 11:00:51 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\rdnpyjfx.ini
[2007/10/11 10:07:30 | 000,694,441 | -HS- | C] () -- C:\WINDOWS\System32\uevmglrl.ini
[2007/10/11 00:03:18 | 000,694,339 | -HS- | C] () -- C:\WINDOWS\System32\casilehp.ini
[2007/10/10 21:52:23 | 000,694,192 | -HS- | C] () -- C:\WINDOWS\System32\cggxucxa.ini
[2007/10/10 08:43:40 | 000,694,081 | -HS- | C] () -- C:\WINDOWS\System32\xkucrnej.ini
[2007/10/09 23:01:37 | 000,693,961 | -HS- | C] () -- C:\WINDOWS\System32\ylcblweg.ini
[2007/10/09 22:12:07 | 000,693,841 | -HS- | C] () -- C:\WINDOWS\System32\firdbluh.ini
[2007/10/09 10:21:14 | 000,693,721 | -HS- | C] () -- C:\WINDOWS\System32\skwdnjen.ini
[2007/10/08 23:44:10 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\grgtnyrp.ini
[2007/10/08 21:10:54 | 000,693,592 | -HS- | C] () -- C:\WINDOWS\System32\geqnwxlo.ini
[2007/10/08 20:40:56 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\xvgyshke.ini
[2007/10/08 19:44:18 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\rvgxrped.ini
[2007/10/08 19:10:37 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\geoxeijj.ini
[2007/10/08 18:58:57 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\vnvmdcof.ini
[2007/10/08 18:41:05 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\tfvvthgd.ini
[2007/10/08 13:10:12 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\nxvrisgt.ini
[2007/10/08 09:48:45 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\jaqqeqgm.ini
[2007/10/07 20:59:23 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\ehmhfxhk.ini
[2007/10/07 20:03:22 | 000,693,901 | -HS- | C] () -- C:\WINDOWS\System32\kbrsgeda.ini
[2007/10/07 19:53:09 | 000,693,781 | -HS- | C] () -- C:\WINDOWS\System32\onwajvnk.ini
[2007/10/07 19:31:28 | 000,693,661 | -HS- | C] () -- C:\WINDOWS\System32\mrokyapb.ini
[2007/10/07 18:50:12 | 000,693,532 | -HS- | C] () -- C:\WINDOWS\System32\xlpoietr.ini
[2007/10/07 11:42:03 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\uqriclys.ini
[2007/10/07 10:47:05 | 000,693,661 | -HS- | C] () -- C:\WINDOWS\System32\mfkpkxjx.ini
[2007/10/06 17:13:43 | 000,693,550 | -HS- | C] () -- C:\WINDOWS\System32\pkvqrvrr.ini
[2007/10/06 10:27:10 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\dlufises.ini
[2007/10/05 14:12:44 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\tbbvndxv.ini
[2007/10/05 12:36:22 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\aydjfawq.ini
[2007/10/05 00:16:48 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\xjolgjgt.ini
[2007/10/04 23:31:20 | 000,693,721 | -HS- | C] () -- C:\WINDOWS\System32\iorupftj.ini
[2007/10/04 22:31:04 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\qgcrksfo.ini
[2007/10/04 20:10:20 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\dbnlllrf.ini
[2007/10/04 13:31:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/10/04 11:13:24 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\xfvcyvrp.ini
[2007/10/04 09:11:51 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\yikdlnut.ini
[2007/10/03 23:16:54 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\gbckuenn.ini
[2007/10/03 13:05:47 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\nykylqem.ini
[2007/10/03 12:33:53 | 000,693,781 | -HS- | C] () -- C:\WINDOWS\System32\aejshwji.ini
[2007/10/03 12:04:50 | 000,693,661 | -HS- | C] () -- C:\WINDOWS\System32\kuxynjxv.ini
[2007/10/03 11:37:36 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\ynvbttxd.ini
[2007/10/03 10:05:00 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\adyresav.ini
[2007/10/03 09:20:58 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\fechrklb.ini
[2007/10/02 21:53:59 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\iiafqsvd.ini
[2007/10/01 17:32:57 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\paiptxhf.ini
[2007/09/30 15:32:45 | 000,693,592 | -HS- | C] () -- C:\WINDOWS\System32\aklynkfr.ini
[2007/09/30 10:33:46 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\ubcmbtrn.ini
[2007/09/29 17:56:00 | 000,693,652 | -HS- | C] () -- C:\WINDOWS\System32\ebggqofw.ini
[2007/09/28 13:25:03 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\fndkouht.ini
[2007/08/18 20:17:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/01/18 18:01:08 | 000,000,350 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2006/12/17 11:08:11 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2006/12/17 11:08:10 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2006/12/17 11:08:10 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\tvqdec.dll
[2006/11/30 23:02:02 | 000,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/09/13 20:08:23 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/13 20:08:04 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/06/25 16:52:41 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/25 16:32:43 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Monui\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/17 20:51:48 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Monui\Local Settings\Application Data\fusioncache.dat
[2006/01/16 15:48:55 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/01/16 15:41:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/01/16 15:38:46 | 000,000,074 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/16 15:38:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/16 15:38:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/16 15:38:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/16 15:38:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/16 15:38:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/16 15:38:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/16 15:36:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/06 06:58:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/06 06:24:32 | 000,000,387 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/06 06:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/01/05 13:38:40 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/05 12:16:49 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/01/05 12:16:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\uyamecusuramujo.dll
[2006/01/05 05:23:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/01 20:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== LOP Check ==========

[2008/04/26 12:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2006/06/30 18:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CopyPod
[2008/02/23 13:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/08/29 14:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2008/02/23 14:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/21 13:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/17 18:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/16 18:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\Amazon
[2008/04/26 12:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\AVG7
[2010/07/27 09:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\Business Objects
[2007/01/21 14:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\CopyPod
[2008/09/12 13:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\iLike
[2007/02/10 20:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\InterVideo
[2006/09/23 12:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\Leadertech
[2008/09/19 21:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\LimeWire
[2008/02/23 13:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\NCH Swift Sound
[2010/12/05 02:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\whitesmoketoolbar
[2008/03/20 17:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\Xdrive

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/29 14:28:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/29 14:28:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/29 14:28:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/29 14:28:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/09 08:38:00 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/09/09 08:38:00 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

#11 mmartinez

mmartinez
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 09 December 2010 - 09:55 AM

Here is the Extras log file. Thanks.


OTL Extras logfile created on: 12/8/2010 6:52:51 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Monui\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 91.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 41.91 Gb Free Space | 48.09% Space Free | Partition Type: NTFS

Computer Name: MONICA | User Name: Monui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Monui\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Documents and Settings\Monui\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Documents and Settings\Monui\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTimePlayer -- (Apple Inc.)
"C:\Program Files\InterVideo\DVDCopy\DVDCopy.exe" = C:\Program Files\InterVideo\DVDCopy\DVDCopy.exe:*:Enabled:InterVideo DVDCopy -- File not found
"C:\Program Files\Online Services\XDrive\launch.EXE" = C:\Program Files\Online Services\XDrive\launch.EXE:*:Enabled:Free Trial! 5GB Online Storage -- ()
"C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" = C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe:*:Enabled:Xdrive Desktop -- File not found
"C:\Program Files\Symantec AntiVirus\VPC32.exe" = C:\Program Files\Symantec AntiVirus\VPC32.exe:*:Enabled:Symantec AntiVirus -- (Symantec Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Documents and Settings\Monui\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Monui\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- File not found
"C:\Documents and Settings\Monui\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Monui\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- File not found
"C:\Documents and Settings\Monui\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Monui\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1ADB7BF5-F8EB-4F76-98FD-65A7FFBEAECE}" = Whitesmoke Translator
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
"{2238A301-6A20-4bdb-A655-C84AB629F6B6}" = hph_readme
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2D1FFF32-B3B6-4ac4-9AB0-0E44889CBD80}" = D2300
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9FF3BF5D-2641-40BF-9A6F-C41166BEB0A6}" = D2300_Help
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.5
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BBEB5679-6E2C-47C6-A9B5-3C6D4CD19B60}" = hph_software_req
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D6346347-B8CD-4B52-BF5F-9676CDE79801}" = hph_software
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 4.0
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"eCalc Calculator" = eCalc Calculator
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (2.0.0.7)" = Mozilla Firefox (2.0.0.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa2" = Picasa 2
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Secunia PSI" = Secunia PSI
"Soulseek2" = SoulSeek 157 NS 13c
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2009 4:23:05 AM | Computer Name = MONICA | Source = Google Update | ID = 20
Description =

Error - 7/27/2009 5:23:05 AM | Computer Name = MONICA | Source = Google Update | ID = 20
Description =

Error - 7/27/2009 6:23:05 AM | Computer Name = MONICA | Source = Google Update | ID = 20
Description =

Error - 7/27/2009 7:23:05 AM | Computer Name = MONICA | Source = Google Update | ID = 20
Description =

Error - 8/11/2009 6:23:30 PM | Computer Name = MONICA | Source = Google Update | ID = 20
Description =

Error - 8/17/2009 8:44:12 AM | Computer Name = MONICA | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2009 8:44:37 AM | Computer Name = MONICA | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 8.2.1.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/29/2009 11:37:26 AM | Computer Name = MONICA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\WINDOWS\system32\services.exe
(PID 1340) Time: Saturday, August 29, 2009 11:37:25 AM

Error - 9/5/2009 10:39:13 AM | Computer Name = MONICA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\WINDOWS\system32\services.exe
(PID 1344) Time: Saturday, September 05, 2009 10:39:12 AM

Error - 9/5/2009 10:39:37 AM | Computer Name = MONICA | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\WINDOWS\system32\services.exe
(PID 1344) Time: Saturday, September 05, 2009 10:39:37 AM

[ System Events ]
Error - 9/3/2009 11:46:54 PM | Computer Name = MONICA | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-4105E587B6 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{1AA1A08D-B2A. The master browser is stopping or an election is being
forced.

Error - 9/4/2009 12:58:43 AM | Computer Name = MONICA | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-4105E587B6 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{1AA1A08D-B2A. The master browser is stopping or an election is being
forced.

Error - 9/4/2009 2:09:17 AM | Computer Name = MONICA | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-4105E587B6 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{1AA1A08D-B2A. The master browser is stopping or an election is being
forced.

Error - 9/4/2009 3:15:51 AM | Computer Name = MONICA | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-4105E587B6 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{1AA1A08D-B2A. The master browser is stopping or an election is being
forced.

Error - 9/5/2009 10:39:06 AM | Computer Name = MONICA | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 9/5/2009 10:39:15 AM | Computer Name = MONICA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 9/5/2009 10:39:15 AM | Computer Name = MONICA | Source = Service Control Manager | ID = 7000
Description = The LiveUpdate service failed to start due to the following error:
%%1053

Error - 9/5/2009 10:39:37 AM | Computer Name = MONICA | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 9/5/2009 10:39:37 AM | Computer Name = MONICA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 9/5/2009 10:39:37 AM | Computer Name = MONICA | Source = Service Control Manager | ID = 7000
Description = The LiveUpdate service failed to start due to the following error:
%%1053


< End of report >

#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:11 AM

Posted 09 December 2010 - 12:34 PM

Hi mmartinez,

Step 1
Double click on OTL.exe to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

:Otl
PRC - C:\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe ()
PRC - C:\Program Files\WhiteSmoke Translator\WhiteSmokeDictRegistration.exe (WhiteSmoke)
MOD - C:\WINDOWS\uyamecusuramujo.dll ()
DRV - (cytxbtimb) -- C:\WINDOWS\System32\drivers\cytxbtimb.sys ()
DRV - (qqdhw) -- C:\WINDOWS\System32\drivers\qqdhw.sys ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Hwudomebufebo] C:\WINDOWS\uyamecusuramujo.DLL ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk = C:\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://m-cam.uchicago.edu/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O24 - Desktop Components:0 () -
O33 - MountPoints2\{8e51e3c0-86cd-11da-99c3-806d6172696f}\Shell\AutoRun\command - "" = E:\sony\Autorun.exe -- File not found
O33 - MountPoints2\{f9d0b70d-0a6f-11dc-a26c-00166f4c6745}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
[2010/12/06 18:27:17 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy Whitesmoke Translator.lnk
[2010/12/06 18:27:17 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/12/06 18:27:01 | 000,001,453 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch WhiteSmoke Translator.lnk
[2010/12/05 02:09:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\cytxbtimb.sys
[2010/12/05 02:09:39 | 000,046,080 | -H-- | C] () -- C:\WINDOWS\savedsvc.dll
[2010/12/04 21:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\qqdhw.sys
[2010/12/04 21:48:43 | 000,046,080 | -H-- | C] () -- C:\WINDOWS\System32\savedsvc.dll
[2007/10/12 22:13:08 | 000,694,681 | -HS- | C] () -- C:\WINDOWS\System32\pesntcwp.ini
[2007/10/12 22:06:48 | 000,694,441 | -HS- | C] () -- C:\WINDOWS\System32\vgcdsbqa.ini
[2007/10/12 06:24:13 | 000,694,312 | -HS- | C] () -- C:\WINDOWS\System32\ypiqbofb.ini
[2007/10/12 06:06:49 | 000,694,201 | -HS- | C] () -- C:\WINDOWS\System32\eeajegkh.ini
[2007/10/11 23:17:05 | 000,694,072 | -HS- | C] () -- C:\WINDOWS\System32\lyojdtek.ini
[2007/10/11 22:23:29 | 000,693,961 | -HS- | C] () -- C:\WINDOWS\System32\gwrhflfe.ini
[2007/10/11 21:16:10 | 000,693,721 | -HS- | C] () -- C:\WINDOWS\System32\ikoybipg.ini
[2007/10/11 11:43:22 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\twqwrvdc.ini
[2007/10/11 11:00:51 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\rdnpyjfx.ini
[2007/10/11 10:07:30 | 000,694,441 | -HS- | C] () -- C:\WINDOWS\System32\uevmglrl.ini
[2007/10/11 00:03:18 | 000,694,339 | -HS- | C] () -- C:\WINDOWS\System32\casilehp.ini
[2007/10/10 21:52:23 | 000,694,192 | -HS- | C] () -- C:\WINDOWS\System32\cggxucxa.ini
[2007/10/10 08:43:40 | 000,694,081 | -HS- | C] () -- C:\WINDOWS\System32\xkucrnej.ini
[2007/10/09 23:01:37 | 000,693,961 | -HS- | C] () -- C:\WINDOWS\System32\ylcblweg.ini
[2007/10/09 22:12:07 | 000,693,841 | -HS- | C] () -- C:\WINDOWS\System32\firdbluh.ini
[2007/10/09 10:21:14 | 000,693,721 | -HS- | C] () -- C:\WINDOWS\System32\skwdnjen.ini
[2007/10/08 23:44:10 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\grgtnyrp.ini
[2007/10/08 21:10:54 | 000,693,592 | -HS- | C] () -- C:\WINDOWS\System32\geqnwxlo.ini
[2007/10/08 20:40:56 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\xvgyshke.ini
[2007/10/08 19:44:18 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\rvgxrped.ini
[2007/10/08 19:10:37 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\geoxeijj.ini
[2007/10/08 18:58:57 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\vnvmdcof.ini
[2007/10/08 18:41:05 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\tfvvthgd.ini
[2007/10/08 13:10:12 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\nxvrisgt.ini
[2007/10/08 09:48:45 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\jaqqeqgm.ini
[2007/10/07 20:59:23 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\ehmhfxhk.ini
[2007/10/07 20:03:22 | 000,693,901 | -HS- | C] () -- C:\WINDOWS\System32\kbrsgeda.ini
[2007/10/07 19:53:09 | 000,693,781 | -HS- | C] () -- C:\WINDOWS\System32\onwajvnk.ini
[2007/10/07 19:31:28 | 000,693,661 | -HS- | C] () -- C:\WINDOWS\System32\mrokyapb.ini
[2007/10/07 18:50:12 | 000,693,532 | -HS- | C] () -- C:\WINDOWS\System32\xlpoietr.ini
[2007/10/07 11:42:03 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\uqriclys.ini
[2007/10/07 10:47:05 | 000,693,661 | -HS- | C] () -- C:\WINDOWS\System32\mfkpkxjx.ini
[2007/10/06 17:13:43 | 000,693,550 | -HS- | C] () -- C:\WINDOWS\System32\pkvqrvrr.ini
[2007/10/06 10:27:10 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\dlufises.ini
[2007/10/05 14:12:44 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\tbbvndxv.ini
[2007/10/05 12:36:22 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\aydjfawq.ini
[2007/10/05 00:16:48 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\xjolgjgt.ini
[2007/10/04 23:31:20 | 000,693,721 | -HS- | C] () -- C:\WINDOWS\System32\iorupftj.ini
[2007/10/04 22:31:04 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\qgcrksfo.ini
[2007/10/04 20:10:20 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\dbnlllrf.ini
[2007/10/04 13:31:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/10/04 11:13:24 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\xfvcyvrp.ini
[2007/10/04 09:11:51 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\yikdlnut.ini
[2007/10/03 23:16:54 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\gbckuenn.ini
[2007/10/03 13:05:47 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\nykylqem.ini
[2007/10/03 12:33:53 | 000,693,781 | -HS- | C] () -- C:\WINDOWS\System32\aejshwji.ini
[2007/10/03 12:04:50 | 000,693,661 | -HS- | C] () -- C:\WINDOWS\System32\kuxynjxv.ini
[2007/10/03 11:37:36 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\ynvbttxd.ini
[2007/10/03 10:05:00 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\adyresav.ini
[2007/10/03 09:20:58 | 000,693,601 | -HS- | C] () -- C:\WINDOWS\System32\fechrklb.ini
[2007/10/02 21:53:59 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\iiafqsvd.ini
[2007/10/01 17:32:57 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\paiptxhf.ini
[2007/09/30 15:32:45 | 000,693,592 | -HS- | C] () -- C:\WINDOWS\System32\aklynkfr.ini
[2007/09/30 10:33:46 | 000,693,481 | -HS- | C] () -- C:\WINDOWS\System32\ubcmbtrn.ini
[2007/09/29 17:56:00 | 000,693,652 | -HS- | C] () -- C:\WINDOWS\System32\ebggqofw.ini
[2007/09/28 13:25:03 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\fndkouht.ini
[2006/01/05 12:16:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\uyamecusuramujo.dll
[2010/12/05 02:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monui\Application Data\whitesmoketoolbar

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
  • Click the red Run Fix button.

    Posted Image
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

Step 2
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image

This is an example, you may rename ComboFix to anything you want.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Then:

    Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista, you may not see this screen
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please submit:
Otl fix report
Combofix.txt


Thanks.

BBPP6nz.png


#13 mmartinez

mmartinez
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 09 December 2010 - 06:53 PM

Hi Starbuck,

Below is the log from OTL after running the fix. Thanks.

All processes killed
========== OTL ==========
No active process named WSTrayDictMode.exe was found!
No active process named WhiteSmokeDictRegistration.exe was found!
Service cytxbtimb stopped successfully!
Service cytxbtimb deleted successfully!
C:\WINDOWS\system32\drivers\cytxbtimb.sys moved successfully.
Service qqdhw stopped successfully!
Service qqdhw deleted successfully!
C:\WINDOWS\system32\drivers\qqdhw.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Hwudomebufebo deleted successfully.
C:\WINDOWS\uyamecusuramujo.dll moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk moved successfully.
C:\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {B8BE5E93-A60C-4D26-A2DC-220313175592}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8BE5E93-A60C-4D26-A2DC-220313175592}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B8BE5E93-A60C-4D26-A2DC-220313175592}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8BE5E93-A60C-4D26-A2DC-220313175592}\ not found.
Starting removal of ActiveX control {DE625294-70E6-45ED-B895-CFFA13AEB044}
C:\WINDOWS\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\ deleted successfully.
File Protocol\Handler\AutorunsDisabled - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e51e3c0-86cd-11da-99c3-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e51e3c0-86cd-11da-99c3-806d6172696f}\ not found.
File E:\sony\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9d0b70d-0a6f-11dc-a26c-00166f4c6745}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9d0b70d-0a6f-11dc-a26c-00166f4c6745}\ not found.
File F:\setupSNK.exe not found.
C:\Documents and Settings\All Users\Desktop\Buy Whitesmoke Translator.lnk moved successfully.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk not found.
C:\Documents and Settings\All Users\Desktop\Launch WhiteSmoke Translator.lnk moved successfully.
File C:\WINDOWS\System32\drivers\cytxbtimb.sys not found.
C:\WINDOWS\savedsvc.dll moved successfully.
File C:\WINDOWS\System32\drivers\qqdhw.sys not found.
C:\WINDOWS\system32\savedsvc.dll moved successfully.
C:\WINDOWS\system32\pesntcwp.ini moved successfully.
C:\WINDOWS\system32\vgcdsbqa.ini moved successfully.
C:\WINDOWS\system32\ypiqbofb.ini moved successfully.
C:\WINDOWS\system32\eeajegkh.ini moved successfully.
C:\WINDOWS\system32\lyojdtek.ini moved successfully.
C:\WINDOWS\system32\gwrhflfe.ini moved successfully.
C:\WINDOWS\system32\ikoybipg.ini moved successfully.
C:\WINDOWS\system32\twqwrvdc.ini moved successfully.
C:\WINDOWS\system32\rdnpyjfx.ini moved successfully.
C:\WINDOWS\system32\uevmglrl.ini moved successfully.
C:\WINDOWS\system32\casilehp.ini moved successfully.
C:\WINDOWS\system32\cggxucxa.ini moved successfully.
C:\WINDOWS\system32\xkucrnej.ini moved successfully.
C:\WINDOWS\system32\ylcblweg.ini moved successfully.
C:\WINDOWS\system32\firdbluh.ini moved successfully.
C:\WINDOWS\system32\skwdnjen.ini moved successfully.
C:\WINDOWS\system32\grgtnyrp.ini moved successfully.
C:\WINDOWS\system32\geqnwxlo.ini moved successfully.
C:\WINDOWS\system32\xvgyshke.ini moved successfully.
C:\WINDOWS\system32\rvgxrped.ini moved successfully.
C:\WINDOWS\system32\geoxeijj.ini moved successfully.
C:\WINDOWS\system32\vnvmdcof.ini moved successfully.
C:\WINDOWS\system32\tfvvthgd.ini moved successfully.
C:\WINDOWS\system32\nxvrisgt.ini moved successfully.
C:\WINDOWS\system32\jaqqeqgm.ini moved successfully.
C:\WINDOWS\system32\ehmhfxhk.ini moved successfully.
C:\WINDOWS\system32\kbrsgeda.ini moved successfully.
C:\WINDOWS\system32\onwajvnk.ini moved successfully.
C:\WINDOWS\system32\mrokyapb.ini moved successfully.
C:\WINDOWS\system32\xlpoietr.ini moved successfully.
C:\WINDOWS\system32\uqriclys.ini moved successfully.
C:\WINDOWS\system32\mfkpkxjx.ini moved successfully.
C:\WINDOWS\system32\pkvqrvrr.ini moved successfully.
C:\WINDOWS\system32\dlufises.ini moved successfully.
C:\WINDOWS\system32\tbbvndxv.ini moved successfully.
C:\WINDOWS\system32\aydjfawq.ini moved successfully.
C:\WINDOWS\system32\xjolgjgt.ini moved successfully.
C:\WINDOWS\system32\iorupftj.ini moved successfully.
C:\WINDOWS\system32\qgcrksfo.ini moved successfully.
C:\WINDOWS\system32\dbnlllrf.ini moved successfully.
C:\WINDOWS\VPC32.INI moved successfully.
C:\WINDOWS\system32\xfvcyvrp.ini moved successfully.
C:\WINDOWS\system32\yikdlnut.ini moved successfully.
C:\WINDOWS\system32\gbckuenn.ini moved successfully.
C:\WINDOWS\system32\nykylqem.ini moved successfully.
C:\WINDOWS\system32\aejshwji.ini moved successfully.
C:\WINDOWS\system32\kuxynjxv.ini moved successfully.
C:\WINDOWS\system32\ynvbttxd.ini moved successfully.
C:\WINDOWS\system32\adyresav.ini moved successfully.
C:\WINDOWS\system32\fechrklb.ini moved successfully.
C:\WINDOWS\system32\iiafqsvd.ini moved successfully.
C:\WINDOWS\system32\paiptxhf.ini moved successfully.
C:\WINDOWS\system32\aklynkfr.ini moved successfully.
C:\WINDOWS\system32\ubcmbtrn.ini moved successfully.
C:\WINDOWS\system32\ebggqofw.ini moved successfully.
C:\WINDOWS\system32\fndkouht.ini moved successfully.
File C:\WINDOWS\uyamecusuramujo.dll not found.
C:\Documents and Settings\Monui\Application Data\whitesmoketoolbar folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Monui\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Monui\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1700 bytes
->Temporary Internet Files folder emptied: 1613825 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 54121 bytes
->Temporary Internet Files folder emptied: 542504089 bytes
->FireFox cache emptied: 30468097 bytes
->Flash cache emptied: 6093 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10075796 bytes

User: Monui
->Temp folder emptied: 101343558 bytes
->Temporary Internet Files folder emptied: 184978 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14682765 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 611 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1904045 bytes
->Flash cache emptied: 18667 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6140591 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51977114 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 288579 bytes

Total Files Cleaned = 727.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: Monui
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12092010_182754

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SZKVQMHX\afr[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SZKVQMHX\afr[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SZKVQMHX\antenna2[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SZKVQMHX\beacon[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SZKVQMHX\PreloadHandler[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SZKVQMHX\quant[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SZKVQMHX\rotate[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SZKVQMHX\search[4].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PXM0FQ1P\sweet-putt-minigolf[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PXM0FQ1P\xd_proxy[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8VWVSY5E\afr[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8VWVSY5E\ck[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8VWVSY5E\rotate[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0VLS3QHL\afr[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0VLS3QHL\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0VLS3QHL\empty[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0VLS3QHL\futueb15-webfont[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0VLS3QHL\futura_extra_bold[1].swf moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0VLS3QHL\XFBML[1] moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat moved successfully.

Registry entries deleted on Reboot...

#14 mmartinez

mmartinez
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 09 December 2010 - 07:52 PM

Hi Starbuck,

I downloaded Combo Fix and renamed it. When I clicked on it to launch, I got a black screen and the cursor kept moving. It was like this for about 10 minutes and then the computer just froze. So I did a hard re-boot. I'm not sure what happened.

Thanks.

#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:11 AM

Posted 10 December 2010 - 03:35 AM

Hi mmartinez,

Please check that all of your security programs have been closed and then try running Combofix again.
If you still have problems after that .... try rebooting into safe mode and try running it again.

Safe mode instructions if needed:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
You will need to use the 'keyboard arrow keys' to navigate on this menu.
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Then choose your usual account.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users