Smitfraud Infection? [Solved] |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
  |
 May 15 2009, 02:17 AM
Post
#1
|
|
|
New Member  Posts: 8 OS: Windows XP  |
Hello. Based on my symptoms, I believe that I've been infected with Smitfraud, although I'm not sure. I read through the Malware Guide and followed the instructions. Malwarebytes' Anti-Malware would not run even when I renamed the file. I normally run McAfee Security Center, yet I have tried AVG Free, Spybot Search & Destroy, and most recently Ad-Aware. All of these have failed to fix the problem, as Google search results still redirect to useless sites and just today access to Task Manager has been disabled by the administrator, even when my account has access to administrator functions and the other admin account hasn't been used in awhile. I downloaded Windows Updates, but they will not install onto my computer. I downloaded the Windows Malicious Software Removal tool myself and ran it properly, yet with no success. Hopefully this helps!
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3 C:\ [Fixed] - NTFS - (Total:111199 Mo/Free:2413 Mo) D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) 15/05/2009| 1:53 ----------------------\\ Processes.. --Locked-- [System Process] ---------- System ---------- \SystemRoot\System32\smss.exe ---------- \??\C:\WINDOWS\system32\csrss.exe ---------- \??\C:\WINDOWS\system32\winlogon.exe ---------- C:\WINDOWS\system32\services.exe ---------- C:\WINDOWS\system32\lsass.exe ---------- C:\WINDOWS\system32\Ati2evxx.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\WINDOWS\system32\Ati2evxx.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\System32\WLTRYSVC.EXE ---------- C:\WINDOWS\System32\bcmwltry.exe ---------- C:\WINDOWS\system32\spoolsv.exe ---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---------- C:\Program Files\Bonjour\mDNSResponder.exe ---------- C:\Program Files\Java\jre6\bin\jqs.exe ---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe ---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe ---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe ---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe ---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE ---------- C:\Program Files\McAfee\MPF\MPFSrv.exe ---------- C:\Program Files\McAfee\MSK\MskSrver.exe ---------- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe ---------- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\wbem\wmiprvse.exe ---------- C:\WINDOWS\system32\wbem\unsecapp.exe ---------- C:\WINDOWS\System32\alg.exe ---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe ---------- C:\WINDOWS\Explorer.EXE ---------- C:\WINDOWS\system32\ctfmon.exe ---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ---------- C:\WINDOWS\system32\WLTRAY.exe ---------- C:\WINDOWS\stsystra.exe ---------- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE ---------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe ---------- C:\WINDOWS\System32\DLA\DLACTRLW.EXE ---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ---------- C:\Program Files\Java\jre6\bin\jusched.exe ---------- C:\Program Files\iTunes\iTunesHelper.exe ---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ---------- C:\Program Files\RocketDock\RocketDock.exe ---------- C:\Program Files\Digital Line Detect\DLG.exe ---------- C:\WINDOWS\system32\rundll32.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\Program Files\iPod\bin\iPodService.exe ---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe ---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe ---------- C:\WINDOWS\system32\wuauclt.exe ---------- C:\Program Files\iTunes\iTunes.exe ---------- C:\Program Files\Last.fm\LastFM.exe ---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---------- C:\Program Files\Windows Live\Contacts\wlcomm.exe ---------- c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe ---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe ---------- C:\Program Files\Mozilla Firefox\firefox.exe ---------- C:\WINDOWS\system32\wuauclt.exe ---------- C:\Program Files\Internet Explorer\Iexplore.exe ---------- C:\Program Files\Internet Explorer\Iexplore.exe ---------- C:\WINDOWS\system32\cmd.exe ---------- C:\Rooter$\RK.exe ----------------------\\ Search.. ----------------------\\ ROOTKIT !! 1 - "C:\Rooter$\Rooter_1.txt" - 15/05/2009| 1:54 ----------------------\\ Scan completed at 1:54 OTListIt logfile created on: 15/05/2009 1:55:58 AM - Run 1 OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Brandon Wolfram\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 894.04 Mb Total Physical Memory | 274.35 Mb Available Physical Memory | 30.69% Memory free 2.12 Gb Paging File | 1.24 Gb Available in Paging File | 58.72% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 108.59 Gb Total Space | 82.36 Gb Free Space | 75.84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WOLFRAMLAPTOP Current User Name: Brandon Wolfram Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\System32\WLTRYSVC.EXE () PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.) PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE (ATI Technologies Inc.) PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\RocketDock\RocketDock.exe () PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Program Files\Last.fm\LastFM.exe (Last.fm) PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - c:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Brandon Wolfram\Desktop\OTListIt2.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee) SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (McODS [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (MSSQL$MICROSOFTSMLBIZ [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation) SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation) SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE () SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices) DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc) DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation) DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation) DRV - (BCMWLNPF [Auto | Running]) -- C:\WINDOWS\system32\drivers\bcmwlnpf.sys (CACE Technologies) DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (dbbin [System | Stopped]) -- C:\WINDOWS\system32\dbbin.sys () DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mferkdk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.) DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC) DRV - (RT25USBAP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt25usbap.sys (Ralink Technology Inc.) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.) DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbsermpt.sys (Microsoft Corporation) DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (WmBEnum [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmVirHid [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmXlCore [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3061211 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3061211 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3061211 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.gamefaqs.com/" FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:2.026 FF - prefs.js..extensions.enabledItems: filtersetg@updater:0.3.1.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.5 FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.8.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4 FF - prefs.js..extensions.enabledItems: joao_albertoni@hotmail.com:0.8 FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6 FF - prefs.js..extensions.enabledItems: resizeabletextarea@bristol.ac.uk:0.1d FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.0 FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/03 01:14:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 14:19:43 | 00,000,000 | ---D | M] [2008/08/25 19:04:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Extensions [2008/08/25 19:04:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/05/14 19:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions [2009/03/24 12:52:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2009/02/09 16:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2009/04/28 16:29:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1} [2008/08/25 19:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900} [2009/03/07 14:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} [2009/05/12 14:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/04/15 22:32:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/02/18 17:58:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/05/07 00:10:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c} [2009/04/23 13:01:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\bettergmail2@ginatrapani.org [2008/08/25 19:11:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\elemhidehelper@adblockplus.org [2008/08/25 19:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\filtersetg@updater [2009/05/14 19:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\joao_albertoni@hotmail.com [2008/08/25 19:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\resizeabletextarea@bristol.ac.uk [2009/05/10 11:51:44 | 00,001,137 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\dictionarycom.xml [2009/05/08 12:49:37 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\facebook.xml [2009/05/08 12:49:37 | 00,002,603 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\gamefaqs.xml [2008/08/25 19:20:44 | 00,001,504 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\imdb.xml [2008/08/25 19:20:46 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\webster.xml [2009/05/08 12:49:37 | 00,001,593 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\wikifaqs.xml [2008/08/25 19:20:31 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\wikipedia-eng.xml [2009/05/08 12:49:37 | 00,002,431 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\youtube.xml [2009/05/14 15:05:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/04/28 14:19:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/10 11:50:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/04/01 11:09:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/04/28 14:19:31 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/04/28 14:19:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008/07/02 10:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2008/07/02 10:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2008/07/02 10:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008/11/12 20:33:25 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2008/07/02 10:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008/07/02 10:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (218538 Class) - {5E5EFA8F-9F53-418E-B78E-44866667A404} - C:\WINDOWS\system32\218538\218538.dll () O2 - BHO: (199638 Class) - {65768B48-B004-4B26-9BAC-A3BAC39643D1} - C:\WINDOWS\system32\199638\199638.dll File not found O2 - BHO: (MS extension) - {BE83C3B6-0F77-436c-88B1-A56124A743CB} - C:\WINDOWS\system32\fagw32.dll (Microsoft Corporation) O2 - BHO: (MS extension) - {C3221010-0AD7-4c09-B17B-EDCFFDA4B7F9} - File not found O2 - BHO: (796525 Class) - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" () O4 - HKLM..\Run: [brastia] brastia.exeFILES\ATI T File not found O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.) O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.) O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.) O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.) O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found O4 - HKLM..\Run: [pp] C:\windows\pp06.exe File not found O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe () O4 - HKCU..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Brandon Wolfram\Start Menu\Programs\Startup\winupd32.exe (Lcnegay Cjnpjqufseh) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\dbbin: DllName - dbbin.dll - File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [1 C:\WINDOWS\*.tmp files] [2009/05/15 01:53:43 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon Wolfram\Desktop\OTListIt2.exe [2009/05/15 01:52:58 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/05/15 01:52:49 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Rooter.exe [2009/05/15 01:29:51 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\o hai.exe [2009/05/15 01:29:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/05/15 01:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/05/15 01:26:57 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\erunt_setup.exe [2009/05/15 01:18:10 | 23,510,720 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Brandon Wolfram\Desktop\dotnetfx.exe [2009/05/15 01:16:30 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Brandon Wolfram\Desktop\SysRestorePoint.exe [2009/05/14 23:11:10 | 09,615,808 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Brandon Wolfram\Desktop\windows-kb890830-v2.10.exe [2009/05/14 11:30:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2009/05/13 23:01:41 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Resume & Cover Letter - Event Planner & Outreach Coordinator (5041801).doc [2009/05/13 20:52:49 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Food Miles Committee, Researcher Job Posting.doc [2009/05/13 18:52:21 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/05/13 18:38:53 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/05/13 18:38:50 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/05/13 18:14:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [2009/05/13 18:14:02 | 00,000,867 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ad-Aware.lnk [2009/05/13 18:13:47 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009/05/13 18:13:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/05/13 18:04:44 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\Ad-AwareAE.exe [2009/05/13 12:15:30 | 00,033,792 | R-S- | C] (Lcnegay Cjnpjqufseh) -- C:\Documents and Settings\Brandon Wolfram\Start Menu\Programs\Startup\winupd32.exe [2009/05/12 12:44:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\218538 [2009/05/10 11:40:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\199638 [2009/05/07 13:27:53 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fagw32.dll [2009/05/07 13:27:52 | 00,000,056 | ---- | C] () -- C:\WINDOWS\System32\mjwa [2009/05/07 13:27:51 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\inform.dat [2009/05/05 18:20:54 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys [2009/05/05 18:20:54 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2009/05/05 18:19:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech [2009/05/05 18:19:40 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech [2009/05/05 12:05:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\796525 [2009/05/04 21:42:04 | 00,000,268 | ---- | C] () -- C:\WINDOWS\System32\kjs [2009/05/03 01:21:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/05/02 13:46:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2009/05/02 13:45:35 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll [2009/05/02 13:42:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/05/02 01:10:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\st_1241266714.exe [2009/05/02 01:10:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\st_1241248286.exe [2009/05/01 22:53:23 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23 [2009/04/30 14:11:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\dbbin.sys [2009/04/30 11:19:25 | 00,000,007 | ---- | C] () -- C:\WINDOWS\System32\nar.bin [2009/04/30 00:32:16 | 00,000,166 | ---- | C] () -- C:\Documents and Settings\Brandon Wolfram\Local Settings\Tempdelself.bat [2009/04/30 00:31:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\a9k.bin [2009/04/30 00:31:15 | 00,004,707 | ---- | C] () -- C:\WINDOWS\System32\z98a.bin [2009/04/16 12:16:56 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe [2009/04/16 12:16:56 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll [2009/04/16 12:16:55 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb [2008/11/13 00:32:36 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/11/11 13:32:36 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/11/11 13:32:36 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2007/04/16 21:38:56 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/04/16 21:38:56 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5203381BA3.sys [2007/01/23 15:15:22 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006/12/26 22:15:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2006/12/26 22:13:45 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL [2006/12/11 23:48:32 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/12/11 23:41:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/12/11 23:37:07 | 00,000,454 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/12/11 23:27:41 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2006/12/11 23:27:39 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2006/12/11 23:03:30 | 00,000,491 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 12:51:28 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/10 12:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [1 C:\WINDOWS\*.tmp files] [2009/05/15 01:53:46 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon Wolfram\Desktop\OTListIt2.exe [2009/05/15 01:52:49 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Rooter.exe [2009/05/15 01:39:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/05/15 01:30:10 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\o hai.exe [2009/05/15 01:27:04 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\erunt_setup.exe [2009/05/15 01:25:05 | 00,502,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/05/15 01:25:05 | 00,423,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/05/15 01:25:05 | 00,072,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/05/15 01:20:16 | 23,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Brandon Wolfram\Desktop\dotnetfx.exe [2009/05/15 01:16:31 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Brandon Wolfram\Desktop\SysRestorePoint.exe [2009/05/15 01:00:03 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/05/14 23:12:05 | 09,615,808 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Brandon Wolfram\Desktop\windows-kb890830-v2.10.exe [2009/05/14 11:26:02 | 00,011,117 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/05/14 11:25:08 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Brandon Wolfram\Local Settings\desktop.ini [2009/05/14 11:24:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/05/14 11:24:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/05/14 11:24:09 | 93,753,7536 | -HS- | M] () -- C:\hiberfil.sys [2009/05/13 23:01:41 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Resume & Cover Letter - Event Planner & Outreach Coordinator (5041801).doc [2009/05/13 20:52:51 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Food Miles Committee, Researcher Job Posting.doc [2009/05/13 20:34:53 | 00,000,197 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2009/05/13 18:38:51 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/05/13 18:38:34 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2009/05/13 18:38:15 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/05/13 18:14:02 | 00,000,867 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ad-Aware.lnk [2009/05/13 18:09:13 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\Ad-AwareAE.exe [2009/05/13 12:15:25 | 00,033,792 | R-S- | M] (Lcnegay Cjnpjqufseh) -- C:\Documents and Settings\Brandon Wolfram\Start Menu\Programs\Startup\winupd32.exe [2009/05/08 21:40:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/05/07 13:27:53 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fagw32.dll [2009/05/07 13:27:52 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\mjwa [2009/05/07 13:27:51 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\inform.dat [2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/05/04 21:42:04 | 00,000,268 | ---- | M] () -- C:\WINDOWS\System32\kjs [2009/05/03 03:05:10 | 00,000,454 | ---- | M] () -- C:\WINDOWS\wininit.ini [2009/05/02 14:45:02 | 00,000,086 | -HS- | M] () -- C:\DOCUME~1\BRANDO~1\My Documents\desktop.ini [2009/05/02 13:45:28 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/05/02 01:10:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\st_1241266714.exe [2009/05/02 01:10:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\st_1241248286.exe [2009/05/01 22:53:23 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23 [2009/05/01 01:00:06 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/04/30 14:20:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\a9k.bin [2009/04/30 14:11:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\dbbin.sys [2009/04/30 11:20:05 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\nar.bin [2009/04/30 00:32:16 | 00,000,166 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Local Settings\Tempdelself.bat [2009/04/30 00:31:15 | 00,004,707 | ---- | M] () -- C:\WINDOWS\System32\z98a.bin [2009/04/19 21:33:28 | 00,000,583 | ---- | M] () -- C:\WINDOWS\win.ini < End of report > OTListIt Extras logfile created on: 15/05/2009 1:55:58 AM - Run 1 OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Brandon Wolfram\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 894.04 Mb Total Physical Memory | 274.35 Mb Available Physical Memory | 30.69% Memory free 2.12 Gb Paging File | 1.24 Gb Available in Paging File | 58.72% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 108.59 Gb Total Space | 82.36 Gb Free Space | 75.84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WOLFRAMLAPTOP Current User Name: Brandon Wolfram Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "EnableFirewall" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "80:TCP" = 80:TCP:*:Enabled:DL32 "7171:TCP" = 7171:TCP:*:Enabled:DL32 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire () %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) C:\Documents and Settings\Brandon Wolfram\Local Settings\Application Data\Skype\Phone\Skype.exe:*:Enabled:Skype File not found C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian File not found C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation) C:\Documents and Settings\Brandon Wolfram\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player (Octoshape ApS) C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation) C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation) C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.) C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7 "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module "{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio "{AC6AE077-1566-4655-BE73-38A869C150DC}" = ATI Catalyst Control Center "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Beginner Guitar Lessons "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software "{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver "Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1 "Canon Setup Utility 2.0" = Canon Setup Utility 2.0 "Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter "CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-WebPrint" = Easy-WebPrint "ERUNT_is1" = ERUNT 1.1j "FlexPhotoDB_is1" = FlexPhotoDB Version 1.10 "FlexVCD_is1" = FlexVCD Tools 1.10 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "LastFM_is1" = Last.fm 1.5.4.24567 "LimeWire" = LimeWire 4.12.6 "McAfee Uninstall Utility" = McAfee Uninstaller "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10) "MSC" = McAfee SecurityCenter "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "RemoteCapture" = Canon Utilities RemoteCapture 2.2 "RocketDock_is1" = RocketDock 1.3.5 "SearchAssist" = SearchAssist "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/05/2009 7:50:52 PM | Computer Name = WOLFRAMLAPTOP | Source = McLogEvent | ID = 5051 Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 604 (0x25c) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.423 / 5301.4018 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\ntoskrnl.exe by C:\WINDOWS\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 12/05/2009 10:16:59 PM | Computer Name = WOLFRAMLAPTOP | Source = McLogEvent | ID = 5051 Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 2956 (0xb8c) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.423 / 5301.4018 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\ntoskrnl.exe by C:\WINDOWS\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 13/05/2009 12:55:58 AM | Computer Name = WOLFRAMLAPTOP | Source = McLogEvent | ID = 5051 Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 596 (0x254) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.423 / 5301.4018 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\ntoskrnl.exe by C:\WINDOWS\SoftwareDistribution\Download\1a66fb04ca5d82b48a8d0d53d2bcd01b\update\update.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 13/05/2009 8:35:27 PM | Computer Name = WOLFRAMLAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 13/05/2009 10:02:27 PM | Computer Name = WOLFRAMLAPTOP | Source = Application Error | ID = 1000 Description = Faulting application mcods.exe, version 13.3.127.0, faulting module mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0. Error - 13/05/2009 10:31:42 PM | Computer Name = WOLFRAMLAPTOP | Source = Application Error | ID = 1000 Description = Faulting application mcods.exe, version 13.3.127.0, faulting module mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0. Error - 14/05/2009 1:57:47 PM | Computer Name = WOLFRAMLAPTOP | Source = Application Error | ID = 1000 Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module smitfraudfix.exe, version 0.0.0.0, fault address 0x00001000. Error - 14/05/2009 1:58:20 PM | Computer Name = WOLFRAMLAPTOP | Source = Application Error | ID = 1000 Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module smitfraudfix.exe, version 0.0.0.0, fault address 0x00001000. Error - 15/05/2009 12:54:20 AM | Computer Name = WOLFRAMLAPTOP | Source = Application Error | ID = 1000 Description = Faulting application mcods.exe, version 13.3.127.0, faulting module mvsscan.dll, version 13.3.130.0, fault address 0x00019fc0. Error - 15/05/2009 12:54:43 AM | Computer Name = WOLFRAMLAPTOP | Source = Application Error | ID = 1001 Description = Fault bucket 1228226507. [ System Events ] Error - 15/05/2009 1:04:46 AM | Computer Name = WOLFRAMLAPTOP | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 15/05/2009 1:04:49 AM | Computer Name = WOLFRAMLAPTOP | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 15/05/2009 1:04:51 AM | Computer Name = WOLFRAMLAPTOP | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 15/05/2009 1:04:54 AM | Computer Name = WOLFRAMLAPTOP | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 15/05/2009 3:47:30 AM | Computer Name = WOLFRAMLAPTOP | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 15/05/2009 3:47:44 AM | Computer Name = WOLFRAMLAPTOP | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 15/05/2009 3:47:55 AM | Computer Name = WOLFRAMLAPTOP | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 15/05/2009 3:47:57 AM | Computer Name = WOLFRAMLAPTOP | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 15/05/2009 3:47:59 AM | Computer Name = WOLFRAMLAPTOP | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 15/05/2009 3:48:02 AM | Computer Name = WOLFRAMLAPTOP | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. < End of report > Thanks in advance! |
 |
 
|
|
May 15 2009, 05:31 AM
Post
#2
|
|
 RIP 10/2009  Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3 |
Hi FaultlineXR,
Welcome to Geeks to Go! I am sage5, and I will be helping you with this problem. There are a some things that I need to make clear to you, before we continue, that will help us both:
OK, on with the fix: Please download the following & save to your Desktop: SmitfraudFix (by S!Ri) Start the Smitfraud scan:
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Cheers, sage5 |
|
|
|
|
May 15 2009, 11:44 AM
Post
#3
|
|
|
New Member Posts: 8 OS: Windows XP |
Smitfraud Fix would not run from the desktop. I got the generic error message saying that there was an error and it needed to close. I moved it to C:/ and it still would not run - same message. I recall seeing another similar program yesterday (before I came here, obviously) and trying to run that as well. No luck either way.
|
|
|
|
|
May 15 2009, 03:53 PM
Post
#4
|
|
|
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3 |
Hi FaultlineXR,
Lets try this then, Please download the following & save to your Desktop: ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the text from C:\ComboFix.txt in your next reply. |
|
|
|
|
May 15 2009, 04:03 PM
Post
#5
|
|
|
New Member Posts: 8 OS: Windows XP |
ComboFix.exe will not run from the desktop, just like SmitfraudFix.
|
|
|
|
|
May 15 2009, 05:02 PM
Post
#6
|
|
|
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3 |
Try this then, but delete the existing ComboFix first
Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
**Note: Do not mouse click combo-fix's window while it's running. That may cause it to stall** |
|
|
|
|
May 15 2009, 05:54 PM
Post
#7
|
|
|
New Member Posts: 8 OS: Windows XP |
Thanks for the quick reply. That seemed to work. Here's the log file and another OTListIt2 log (I hope that's okay, but it's what I used before).
ComboFix ComboFix 09-05-15.01 - Brandon Wolfram 15/05/2009 17:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.563 [GMT -6:00] Running from: c:\documents and settings\Brandon Wolfram\Desktop\Combo-Fix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Brandon Wolfram\Application Data\wiaserva.log c:\windows\st_1241248286.exe c:\windows\st_1241266714.exe c:\windows\system32\218538 c:\windows\system32\218538\218538.dll c:\windows\system32\a9k.bin c:\windows\system32\drivers\UACyfulksibmiqxumo.sys c:\windows\system32\dz1.txt c:\windows\system32\inform.dat c:\windows\system32\kjs c:\windows\system32\p1.txt c:\windows\system32\r24.txt c:\windows\system32\UACagxroppctplsohx.log c:\windows\system32\UACdqafwysekleuvqk.log c:\windows\system32\UACehexturvxnscdjo.dat c:\windows\system32\UACfjpwmrqfoeipjcb.dll c:\windows\system32\UAChevitkbxffqxtkx.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACmxpotflqqikxoql.dll c:\windows\system32\UACrnuhpdcomksdwbp.log c:\windows\system32\UACwbpnqigfviptvks.dll c:\windows\system32\UACwouejkwbvalkmlq.dll c:\windows\system32\wbem\grpconv.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 ))))))))))))))))))))))))))))))) . 2009-05-15 07:28 . 2009-05-15 07:28 -------- d-----w c:\program files\ERUNT 2009-05-14 02:36 . 2009-05-14 02:36 -------- d-sh--w c:\documents and settings\Brandon Wolfram\PrivacIE 2009-05-14 00:52 . 2009-05-14 00:38 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-05-14 00:38 . 2009-05-14 00:38 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-05-14 00:14 . 2009-05-14 00:14 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-05-14 00:13 . 2009-05-14 00:13 -------- d-----w c:\program files\Lavasoft 2009-05-14 00:13 . 2009-05-14 00:38 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-05-10 17:40 . 2009-05-14 00:52 -------- d-----w c:\windows\system32\199638 2009-05-07 19:27 . 2009-05-07 19:27 33792 ----a-w c:\windows\system32\fagw32.dll 2009-05-06 00:20 . 2008-04-13 18:39 14592 ----a-w c:\windows\system32\dllcache\kbdhid.sys 2009-05-06 00:20 . 2008-04-13 18:39 14592 ----a-w c:\windows\system32\drivers\kbdhid.sys 2009-05-06 00:19 . 2004-04-14 17:08 5600 ----a-w c:\windows\system32\drivers\WmVirHid.sys 2009-05-06 00:19 . 2004-04-14 17:08 21280 ----a-w c:\windows\system32\drivers\WmFilter.sys 2009-05-06 00:19 . 2004-04-14 17:08 10144 ----a-w c:\windows\system32\drivers\WmBEnum.sys 2009-05-06 00:19 . 2004-04-14 17:08 44064 ----a-w c:\windows\system32\drivers\WmXlCore.sys 2009-05-06 00:19 . 2009-05-06 00:19 -------- d-----w c:\program files\Common Files\Logitech 2009-05-06 00:19 . 2009-05-06 00:19 -------- d-----w c:\program files\Logitech 2009-05-05 18:05 . 2009-05-14 00:52 -------- d-----w c:\windows\system32\796525 2009-05-03 07:21 . 2009-05-14 01:02 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-02 23:32 . 2009-05-02 23:32 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache 2009-05-02 20:45 . 2009-05-02 20:45 -------- d-sh--w c:\documents and settings\Brandon Wolfram\IETldCache 2009-05-02 19:46 . 2009-05-02 19:46 -------- d-----w c:\windows\ie8updates 2009-05-02 19:45 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll 2009-05-02 19:42 . 2009-05-02 19:44 -------- dc-h--w c:\windows\ie8 2009-04-30 20:11 . 2009-04-30 20:11 0 ----a-w c:\windows\system32\dbbin.sys 2009-04-30 17:19 . 2009-04-30 17:20 7 ----a-w c:\windows\system32\nar.bin 2009-04-30 06:31 . 2009-04-30 06:31 4707 ----a-w c:\windows\system32\z98a.bin 2009-04-16 18:16 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-16 18:16 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-15 17:36 . 2009-05-15 17:34 1883662 ----a-w C:\SmitfraudFix.exe 2009-05-06 00:19 . 2006-12-12 05:25 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-20 03:18 . 2009-02-15 20:05 -------- d-----w c:\program files\Messenger Plus! Live 2009-04-14 04:09 . 2006-12-12 05:36 -------- d-----w c:\program files\McAfee 2009-04-14 04:04 . 2009-04-14 04:02 -------- d-----w c:\program files\Common Files\McAfee 2009-04-14 04:03 . 2009-04-14 04:02 -------- d-----w c:\program files\McAfee.com 2009-04-11 03:53 . 2008-08-26 03:18 -------- d-----w c:\program files\iTunes 2009-04-11 03:53 . 2009-04-11 03:53 -------- d-----w c:\program files\iPod 2009-04-11 03:53 . 2007-10-20 19:53 -------- d-----w c:\program files\Common Files\Apple 2009-04-11 03:50 . 2009-04-11 03:50 -------- d-----w c:\program files\Bonjour 2009-04-10 23:13 . 2009-04-10 23:12 -------- d-----w c:\program files\DivX 2009-04-10 23:12 . 2009-04-10 23:12 -------- d-----w c:\program files\Common Files\DivX Shared 2009-04-09 04:14 . 2006-12-12 05:38 -------- d-----w c:\program files\Google 2009-04-01 17:08 . 2006-12-12 05:22 -------- d-----w c:\program files\Java 2009-03-31 00:07 . 2009-03-31 00:07 -------- d-----w c:\program files\RocketDock 2009-03-28 04:28 . 2008-08-26 04:58 -------- d-----w c:\program files\Last.fm 2009-03-26 02:19 . 2008-10-21 04:11 -------- d-----w c:\program files\eMedia Beginner Guitar Lessons 2009-03-25 17:06 . 2008-04-06 23:24 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys 2009-03-25 17:06 . 2008-04-06 23:24 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys 2009-03-25 17:06 . 2008-04-06 23:24 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys 2009-03-25 17:06 . 2008-04-06 23:24 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys 2009-03-25 17:05 . 2008-04-06 23:24 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys 2009-03-22 23:55 . 2009-03-22 23:55 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-03-19 22:32 . 2008-01-29 18:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-09 11:19 . 2008-12-09 21:47 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 10:34 . 2004-08-10 18:51 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 10:34 . 2004-08-10 18:51 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 10:33 . 2004-08-10 18:50 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 10:33 . 2004-08-10 18:51 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 10:32 . 2004-08-10 18:50 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 10:32 . 2004-08-10 18:51 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 10:31 . 2004-08-10 18:51 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 10:31 . 2004-08-10 18:51 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 10:31 . 2004-08-10 18:51 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 10:22 . 2004-08-10 18:51 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 05:59 . 2009-03-14 08:52 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-03-06 05:59 . 2007-10-20 19:53 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-02-24 19:35 . 2009-04-10 23:13 9464 ------w c:\windows\system32\drivers\cdralw2k.sys 2009-02-24 19:35 . 2009-04-10 23:13 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2009-02-24 19:35 . 2009-04-10 23:13 120056 ------w c:\windows\system32\pxcpyi64.exe 2009-02-24 19:35 . 2009-04-10 23:13 118520 ------w c:\windows\system32\pxinsi64.exe 2009-02-24 19:35 . 2009-04-10 23:13 129784 ------w c:\windows\system32\pxafs.dll 2009-02-24 19:35 . 2005-01-26 08:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys 2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll 2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll 2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll 2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll 2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll 2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll 2009-02-15 20:20 . 2006-12-27 01:59 73136 ----a-w c:\documents and settings\Brandon Wolfram\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll 2008-03-09 19:42 . 2007-04-17 03:38 88 --sh--r c:\windows\system32\5203381BA3.sys 2008-03-09 20:02 . 2007-04-17 03:38 2828 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE83C3B6-0F77-436c-88B1-A56124A743CB}] 2009-05-07 19:27 33792 ----a-w c:\windows\system32\fagw32.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-23 1392640] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-14 516440] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624] c:\documents and settings\Brandon Wolfram\Start Menu\Programs\Startup\ winupd32.exe [2009-5-13 33792] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-11 24576] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableProfileQuota"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dbbin.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Documents and Settings\\Brandon Wolfram\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/05/2009 6:38 PM 64160] R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [11/12/2006 11:27 PM 33664] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 1:06 PM 953168] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13/04/2009 10:10 PM 210216] S1 dbbin;SQL-T Database Driver;c:\windows\system32\dbbin.sys [30/04/2009 2:11 PM 0] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{901A929E-1477-4b67-94FA-7A8EE43ED159}] rundll32 fagw32.dll,InitO . Contents of the 'Scheduled Tasks' folder 2009-05-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:38] 2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34] 2009-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-14 16:53] 2009-05-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-14 16:53] . - - - - ORPHANS REMOVED - - - - BHO-{5E5EFA8F-9F53-418E-B78E-44866667A404} - c:\windows\system32\218538\218538.dll BHO-{65768B48-B004-4B26-9BAC-A3BAC39643D1} - c:\windows\system32\199638\199638.dll BHO-{C3221010-0AD7-4c09-B17B-EDCFFDA4B7F9} - fow64.dll BHO-{E7F15AC4-E0A9-43F0-921B-70DFEA621220} - c:\windows\system32\796525\796525.dll HKLM-Run-brastia - brastia.exe Notify-dbbin - dbbin.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.gamefaqs.com/ uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Brandon Wolfram\Application Data\Mozilla\Firefox\Profiles\wuculypj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/ FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 4 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-15 17:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4149209963-840099696-4217254620-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) @SACL= . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . Completion time: 2009-05-15 17:46 ComboFix-quarantined-files.txt 2009-05-15 23:46 Pre-Run: 88,217,440,256 bytes free Post-Run: 89,372,966,912 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 260 --- E O F --- 2009-05-15 19:47 OTListIt2 OTListIt logfile created on: 15/05/2009 5:51:10 PM - Run 2 OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Brandon Wolfram\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 894.04 Mb Total Physical Memory | 465.59 Mb Available Physical Memory | 52.08% Memory free 2.12 Gb Paging File | 1.82 Gb Available in Paging File | 85.92% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 108.59 Gb Total Space | 83.25 Gb Free Space | 76.66% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WOLFRAMLAPTOP Current User Name: Brandon Wolfram Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\System32\WLTRYSVC.EXE () PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.) PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Documents and Settings\Brandon Wolfram\Desktop\OTListIt2.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee) SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (mcmscsvc [Auto | Stopped]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McNASvc [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McProxy [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McShield [Unknown | Stopped]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon [Disabled | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (MpfService [Auto | Stopped]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (MSK80Service [Auto | Stopped]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (MSSQL$MICROSOFTSMLBIZ [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation) SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation) SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE () SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices) DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc) DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation) DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation) DRV - (BCMWLNPF [Auto | Running]) -- C:\WINDOWS\system32\drivers\bcmwlnpf.sys (CACE Technologies) DRV - (catchme [Disabled | Running]) -- File not found DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (dbbin [System | Stopped]) -- C:\WINDOWS\system32\dbbin.sys () DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (mfeavfk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfebopk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.) DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC) DRV - (RT25USBAP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt25usbap.sys (Ralink Technology Inc.) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.) DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbsermpt.sys (Microsoft Corporation) DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (WmBEnum [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmVirHid [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmXlCore [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3061211 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3061211 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.gamefaqs.com/" FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:2.026 FF - prefs.js..extensions.enabledItems: filtersetg@updater:0.3.1.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.5 FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.8.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4 FF - prefs.js..extensions.enabledItems: joao_albertoni@hotmail.com:0.8 FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6 FF - prefs.js..extensions.enabledItems: resizeabletextarea@bristol.ac.uk:0.1d FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.0 FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/03 01:14:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 14:19:43 | 00,000,000 | ---D | M] [2008/08/25 19:04:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Extensions [2008/08/25 19:04:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/05/15 15:13:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions [2009/03/24 12:52:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2009/02/09 16:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2009/04/28 16:29:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1} [2008/08/25 19:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900} [2009/03/07 14:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} [2009/05/12 14:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/04/15 22:32:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/02/18 17:58:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/05/07 00:10:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c} [2009/04/23 13:01:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\bettergmail2@ginatrapani.org [2008/08/25 19:11:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\elemhidehelper@adblockplus.org [2008/08/25 19:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\filtersetg@updater [2009/05/14 19:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\joao_albertoni@hotmail.com [2008/08/25 19:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Wolfram\Application Data\mozilla\Firefox\Profiles\wuculypj.default\extensions\resizeabletextarea@bristol.ac.uk [2009/05/10 11:51:44 | 00,001,137 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\dictionarycom.xml [2009/05/08 12:49:37 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\facebook.xml [2009/05/08 12:49:37 | 00,002,603 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\gamefaqs.xml [2008/08/25 19:20:44 | 00,001,504 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\imdb.xml [2008/08/25 19:20:46 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\webster.xml [2009/05/08 12:49:37 | 00,001,593 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\wikifaqs.xml [2008/08/25 19:20:31 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\wikipedia-eng.xml [2009/05/08 12:49:37 | 00,002,431 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Application Data\Mozilla\FireFox\Profiles\wuculypj.default\searchplugins\youtube.xml [2009/05/15 15:13:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/04/28 14:19:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/10 11:50:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/04/01 11:09:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/04/28 14:19:31 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/04/28 14:19:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008/07/02 10:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2008/07/02 10:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2008/07/02 10:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008/11/12 20:33:25 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2008/07/02 10:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008/07/02 10:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (MS extension) - {BE83C3B6-0F77-436c-88B1-A56124A743CB} - C:\WINDOWS\system32\fagw32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" () O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.) O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.) O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.) O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.) O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe () O4 - HKCU..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Brandon Wolfram\Start Menu\Programs\Startup\winupd32.exe (Lcnegay Cjnpjqufseh) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [1 C:\WINDOWS\*.tmp files] [2009/05/15 17:46:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Wolfram\Local Settings\temp [2009/05/15 17:27:44 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/05/15 17:27:37 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/05/15 17:27:33 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/05/15 17:25:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/05/15 17:25:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/05/15 17:25:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/05/15 17:25:33 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe [2009/05/15 17:25:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/05/15 17:25:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/05/15 17:25:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/05/15 17:25:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/05/15 17:24:58 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/05/15 17:23:07 | 02,988,563 | R--- | C] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Combo-Fix.exe [2009/05/15 11:34:00 | 01,883,662 | ---- | C] () -- C:\SmitfraudFix.exe [2009/05/15 01:53:43 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon Wolfram\Desktop\OTListIt2.exe [2009/05/15 01:52:58 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/05/15 01:52:49 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Rooter.exe [2009/05/15 01:29:51 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\o hai.exe [2009/05/15 01:29:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/05/15 01:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/05/15 01:26:57 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\erunt_setup.exe [2009/05/15 01:18:10 | 23,510,720 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Brandon Wolfram\Desktop\dotnetfx.exe [2009/05/15 01:16:30 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Brandon Wolfram\Desktop\SysRestorePoint.exe [2009/05/14 23:11:10 | 09,615,808 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Brandon Wolfram\Desktop\windows-kb890830-v2.10.exe [2009/05/13 23:01:41 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Resume & Cover Letter - Event Planner & Outreach Coordinator (5041801).doc [2009/05/13 20:52:49 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Food Miles Committee, Researcher Job Posting.doc [2009/05/13 18:52:21 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/05/13 18:38:53 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/05/13 18:38:50 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/05/13 18:14:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [2009/05/13 18:14:02 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/05/13 18:13:47 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009/05/13 18:13:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/05/13 18:04:44 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\Ad-AwareAE.exe [2009/05/13 12:15:30 | 00,033,792 | R-S- | C] (Lcnegay Cjnpjqufseh) -- C:\Documents and Settings\Brandon Wolfram\Start Menu\Programs\Startup\winupd32.exe [2009/05/10 11:40:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\199638 [2009/05/07 13:27:53 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fagw32.dll [2009/05/07 13:27:52 | 00,000,056 | ---- | C] () -- C:\WINDOWS\System32\mjwa [2009/05/05 18:20:54 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys [2009/05/05 18:20:54 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2009/05/05 18:19:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech [2009/05/05 18:19:40 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech [2009/05/05 12:05:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\796525 [2009/05/03 01:21:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/05/02 13:46:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2009/05/02 13:45:35 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll [2009/05/02 13:42:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/05/01 22:53:23 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23 [2009/04/30 14:11:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\dbbin.sys [2009/04/30 11:19:25 | 00,000,007 | ---- | C] () -- C:\WINDOWS\System32\nar.bin [2009/04/30 00:32:16 | 00,000,166 | ---- | C] () -- C:\Documents and Settings\Brandon Wolfram\Local Settings\Tempdelself.bat [2009/04/30 00:31:15 | 00,004,707 | ---- | C] () -- C:\WINDOWS\System32\z98a.bin [2009/04/16 12:16:56 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe [2009/04/16 12:16:56 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll [2009/04/16 12:16:55 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb [2008/11/13 00:32:36 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/11/11 13:32:36 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/11/11 13:32:36 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2007/04/16 21:38:56 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/04/16 21:38:56 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5203381BA3.sys [2007/01/23 15:15:22 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006/12/26 22:15:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2006/12/26 22:13:45 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL [2006/12/11 23:48:32 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/12/11 23:41:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/12/11 23:37:07 | 00,000,454 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/12/11 23:27:41 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2006/12/11 23:27:39 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2006/12/11 23:03:30 | 00,000,491 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 12:51:28 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [1 C:\WINDOWS\*.tmp files] [2009/05/15 17:46:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/05/15 17:44:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/05/15 17:36:19 | 00,011,129 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/05/15 17:36:17 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Brandon Wolfram\Local Settings\desktop.ini [2009/05/15 17:36:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/05/15 17:35:58 | 93,753,7536 | -HS- | M] () -- C:\hiberfil.sys [2009/05/15 17:27:44 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/05/15 17:23:07 | 02,988,563 | R--- | M] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Combo-Fix.exe [2009/05/15 11:36:07 | 01,883,662 | ---- | M] () -- C:\SmitfraudFix.exe [2009/05/15 01:53:46 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon Wolfram\Desktop\OTListIt2.exe [2009/05/15 01:52:49 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Rooter.exe [2009/05/15 01:39:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/05/15 01:30:10 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\o hai.exe [2009/05/15 01:27:04 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\erunt_setup.exe [2009/05/15 01:25:05 | 00,502,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/05/15 01:25:05 | 00,423,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/05/15 01:25:05 | 00,072,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/05/15 01:20:16 | 23,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Brandon Wolfram\Desktop\dotnetfx.exe [2009/05/15 01:16:31 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Brandon Wolfram\Desktop\SysRestorePoint.exe [2009/05/15 01:00:03 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/05/14 23:12:05 | 09,615,808 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Brandon Wolfram\Desktop\windows-kb890830-v2.10.exe [2009/05/14 17:50:08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe [2009/05/13 23:01:41 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Resume & Cover Letter - Event Planner & Outreach Coordinator (5041801).doc [2009/05/13 20:52:51 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Desktop\Food Miles Committee, Researcher Job Posting.doc [2009/05/13 20:34:53 | 00,000,197 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2009/05/13 18:38:51 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/05/13 18:38:34 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2009/05/13 18:38:15 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/05/13 18:14:02 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/05/13 18:09:13 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Brandon Wolfram\Desktop\Ad-AwareAE.exe [2009/05/13 12:15:25 | 00,033,792 | R-S- | M] (Lcnegay Cjnpjqufseh) -- C:\Documents and Settings\Brandon Wolfram\Start Menu\Programs\Startup\winupd32.exe [2009/05/08 21:40:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/05/07 13:27:53 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fagw32.dll [2009/05/07 13:27:52 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\mjwa [2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/05/03 03:05:10 | 00,000,454 | ---- | M] () -- C:\WINDOWS\wininit.ini [2009/05/02 14:45:02 | 00,000,086 | -HS- | M] () -- C:\Documents and Settings\Brandon Wolfram\My Documents\desktop.ini [2009/05/02 13:45:28 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/05/01 22:53:23 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23 [2009/05/01 01:00:06 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/04/30 14:11:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\dbbin.sys [2009/04/30 11:20:05 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\nar.bin [2009/04/30 00:32:16 | 00,000,166 | ---- | M] () -- C:\Documents and Settings\Brandon Wolfram\Local Settings\Tempdelself.bat [2009/04/30 00:31:15 | 00,004,707 | ---- | M] () -- C:\WINDOWS\System32\z98a.bin [2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/04/19 21:33:28 | 00,000,583 | ---- | M] () -- C:\WINDOWS\win.ini < End of report > |
|
|
|
|
May 15 2009, 07:48 PM
Post
#8
|
|
|
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3 |
Hi FaultlineXR,
Run OTListIt2.exe
Please do an online scan with Kaspersky WebScanner Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below, to download and install the latest vesion. Upgrading Java:
Proceed with the Scan:
Please also post the new OTL2 log. Cheers, sage5 |
|
|
|
|
May 16 2009, 12:27 AM
Post
#9
|
|
|
New Member Posts: 8 OS: Windows XP |
Hello sage5, thanks so much for your help. I followed your steps and the Kaspersky scan came up clean. Even if this means the virus is gone, what are the next steps? And what do I do with all of the .sqm files in :C/?
OTL2 Log ========== OTLISTIT ========== Process explorer.exe killed successfully! Service\Driver dbbin deleted successfully. C:\WINDOWS\system32\dbbin.sys moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE83C3B6-0F77-436c-88B1-A56124A743CB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE83C3B6-0F77-436c-88B1-A56124A743CB}\ deleted successfully. LoadLibrary failed for C:\WINDOWS\system32\fagw32.dll C:\WINDOWS\system32\fagw32.dll NOT unregistered. C:\WINDOWS\system32\fagw32.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. C:\Documents and Settings\Brandon Wolfram\Start Menu\Programs\Startup\winupd32.exe moved successfully. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== File\Folder c:\windows\system32\fagw32.dll not found. File\Folder c:\windows\system32\dbbin.sys not found. c:\windows\system32\nar.bin moved successfully. File\Folder C:\Documents and Settings\Brandon Wolfram\Start Menu\Programs\Startup\winupd32.exe not found. C:\WINDOWS\System32\199638 moved successfully. C:\WINDOWS\System32\796525 moved successfully. C:\WINDOWS\System32\mjwa moved successfully. C:\WINDOWS\9g2234wesdf3dfgjf23 moved successfully. File\Folder C:\WINDOWS\System32\dbbin.sys not found. File\Folder C:\WINDOWS\System32\nar.bin not found. C:\WINDOWS\System32\z98a.bin moved successfully. ========== COMMANDS ========== File delete failed. C:\Documents and Settings\Brandon Wolfram\Local Settings\temp\etilqs_jqCLqCfNM0qS5ZpmVJsw scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_270.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_780.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_jfOmyCCW7yUamRN scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_vy87TwSuwjNKCIT scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_XzyYbwF37xrZTLV scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Explorer started successfully OTListIt2 by OldTimer - Version 2.0.15.7 log created on 05152009_200312 Files moved on Reboot... File C:\Documents and Settings\Brandon Wolfram\Local Settings\temp\etilqs_jqCLqCfNM0qS5ZpmVJsw not found! File C:\WINDOWS\temp\Perflib_Perfdata_270.dat not found! File C:\WINDOWS\temp\Perflib_Perfdata_780.dat not found! C:\WINDOWS\temp\sqlite_jfOmyCCW7yUamRN moved successfully. C:\WINDOWS\temp\sqlite_vy87TwSuwjNKCIT moved successfully. C:\WINDOWS\temp\sqlite_XzyYbwF37xrZTLV moved successfully. Registry entries deleted on Reboot... Kaspersky Online Scan Report -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Saturday, May 16, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Saturday, May 16, 2009 02:26:28 Records in database: 2184046 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 72092 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 02:37:57 No malware has been detected. The scan area is clean. The selected area was scanned. |
|
|
|
|
May 16 2009, 01:20 AM
Post
#10
|
|
|
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3 |
Hi FaultlineXR,
Congratulations, your new log looks clear, so we can now deal with some final clean up jobs. But first, those .sqm files: See Here Clean out cookies, temp files etc: Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only
Cleanup with OTListIt2:
To Clear Restore points, please do the following:
Lastly, some extra or better security for your PC: The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:- Spyware Prevention: Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources. IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here Spyware Detection: Malwarebytes Anti-Malware is my favourite here. Anti-Virus: The first line of defence, especially since some will now detect trojans as well. Avira's Avira AntiVir Personal and Grisoft's Avast! Free Edition are among the best freebies. *Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts. Firewall: A Firewall is an essential tool in the security of any PC connected to the Internet. Sunbelt Personal Firewall and Comodo are both excellent freeware. Alternate Browsers: Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed. A couple of good examples are: Firefox and Opera Other Updates: Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site It is equally important to update the other security software you use, on a regular basis. Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01) All the best & safe surfing in the future, sage5 |
|
|
|
|
May 16 2009, 01:25 PM
Post
#11
|
|
|
New Member Posts: 8 OS: Windows XP |
Alright, that seems to do the trick! Thank you so much, sage5! I do have a couple more issues, though:
* The first time I rebooted my PC after running ComboFix I got a blue screen that said that my C:\ drive was dirty. It replaced an orphan file, MSI172.tmp (38829), into directory file 8936. Is this normal and is the problem dealt with, or should I do something here? * When I ran a McAfee Quick Scan while I was infected, it would always run indefinitely on one specific system32 file, C:\\WINDOWS/system32/ntoskrnl.exe. The scan gets to about 12% and continues to run here, yet it may not show any progress for at least an hour (or many hours). It does not freeze or display any error message. My system always slows down to a crawl while McAfee is running, yet here it was virtually unusable. This seems like a major issue to me. What can I do to fix it? * Yesterday night, before I ran ComboFix, MSN Live Messenger Plus! stopped working. I would always get an error saying that the service was temporarily unavailable. I checked the website and it said the service was up and running normally. I still get this message now. Is this as simple as reinstalling the program? I haven't tried many other programs, but from what I can see they run fine. * I also have a number of files left on my desktop and in C:\, including: - Thumbs.db (desktop), and the rest on C:\... - INFcache.1; - mdcons, MSOCache, RECYCLER, and System Volume Information folders; - AUTOEXEC.bat; - Boot.bak and boot.ini; - cmldr; - CONFIG.SYS; - dell.sdr; - hiberfil.sys; - IO.SYS and MSDOS.SYS; - NTDETECT.COM; - ntldr; - pagefile.sys Am I free to delete these files? I am unsure exactly how they are important or what they do. Thank you yet again, and I'll be recommending Geeks to Go to anyone who has malware issues. |
|
|
|
|
May 16 2009, 06:49 PM
Post
#12
|
|
|
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3 |
Hi FaultlineXR,
Let's deal with these in order: QUOTE * The first time I rebooted my PC after running ComboFix I got a blue screen that said that my C:\ drive was dirty. It replaced an orphan file, MSI172.tmp (38829), into directory file 8936. Is this normal and is the problem dealt with, or should I do something here? I am presuming that would have been legitimate, it looks like an MS install file of some sort. QUOTE * When I ran a McAfee Quick Scan while I was infected, it would always run indefinitely on one specific system32 file, C:\\WINDOWS/system32/ntoskrnl.exe. The scan gets to about 12% and continues to run here, yet it may not show any progress for at least an hour (or many hours). It does not freeze or display any error message. My system always slows down to a crawl while McAfee is running, yet here it was virtually unusable. This seems like a major issue to me. What can I do to fix it? If you are happy with how McAfee performs, an uninstall/re -nstall may fix the issue. If you are not happy with McAfee, replace it with a free, better alternative. If you decide to remove the McAfee components, please download the following & save to your Desktop: McAfee Removal Tool Run the McAfee Remover:
Freeware Alternatives: Antivirus: Avira AntiVir Personal avast! Home Edition Firewall: Comodo Internet Security (only install the firewall component) Sunbelt Personal Firewall QUOTE * Yesterday night, before I ran ComboFix, MSN Live Messenger Plus! stopped working. I would always get an error saying that the service was temporarily unavailable. I checked the website and it said the service was up and running normally. I still get this message now. Is this as simple as reinstalling the program? I haven't tried many other programs, but from what I can see they run fine. Yes, try the uninstall/re-install routine with that as well. QUOTE * I also have a number of files left on my desktop and in C:\, including: - Thumbs.db (desktop), and the rest on C:\... - INFcache.1; - mdcons, MSOCache, RECYCLER, and System Volume Information folders; - AUTOEXEC.bat; - Boot.bak and boot.ini; - cmldr; - CONFIG.SYS; - dell.sdr; - hiberfil.sys; - IO.SYS and MSDOS.SYS; - NTDETECT.COM; - ntldr; - pagefile.sys Do NOT try to delete any of those, they are all important system files, & need to remain. Cheers, sage5 |
|
|
|
|
May 16 2009, 10:13 PM
Post
#13
|
|
|
New Member Posts: 8 OS: Windows XP |
Thanks, sage5! I've followed everything you've said so far and things seem to be looking up. I have just a couple more issues:
* I uninstalled and reinstalled McAfee and it still pauses on C:\\WINDOWS/system32/ntoskrnl.exe. I no longer think this is a McAfee problem. I ran a disk defrag and that same file was badly fragmented and unable to be defragmented. Could the problem be on that file's end? * I have tried to download Windows Updates from the official site and automatic updates have been set to be installed on my computer every time I shut it down. However, none can install properly. The updates include security updates for XP and PowerPoint as well as a Java Runtime Environment update. What could be going wrong? On the plus side, Windows Live Messenger Plus! appears to be working fine now that I've reinstalled McAfee. There was no need to uninstall it. 
|
|
|
|
|
May 17 2009, 06:00 AM
Post
#14
|
|
|
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3 |
Right let's see if we can get a replacement copy of that file installed, using the Recovery Console, which you installed earlier with ComboFix.
Please print these instructions, and have the hard copy handy, to complete the steps below. Boot to the Recovery Console at Startup:
At the command prompt carefully type the following commands, 1 at a time & hit the Enter key after each. cd "c:\windows\driver cache\i386" -->> This is typed cd^"c:\windows\driver^cache\i386" (The quotation marks are essential & the ^ indicates a space.) Hit Enter expand sp1.cab -F:ntoskrnl.exe c:\windows\system32 -->> Type expand^sp3.cab^-F:ntoskrnl.exe^c:\windows\system32 (Again the ^ indicates a space.) Hit Enter If you are prompted to overwrite the file, type y and then Enter. Now reboot normally & check if McAfee can scan that file. |
|
|
|
|
May 17 2009, 11:58 AM
Post
#15
|
|
|
New Member Posts: 8 OS: Windows XP |
Alright, that worked! A McAfee Quick Scan completed just fine (and also very quickly, may I add). I then tried to install the Windows Updates and they're all going to take effect on reboot.
Thank you so much for your help. I just want you to know that I appreciate that you took the time to help me. Your replies were always very clear and you weren't condescending in the slightest. One day all the help you're giving people here will come back to you. Thanks! - Brandon |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
25 / 470 | 21st December 2008 - 07:25 PM fermier started - last by emeraldnzl |
|||||
|
16 / 202 | 4th November 2009 - 05:13 PM owen2 started - last by Rorschach112 |
|||||
|
14 / 175 | 1st November 2009 - 07:33 PM Powdercake started - last by JSntgRvr |
|||||
|
 |
14 / 144 | Today, 10:38 AM Wozman started - last by Essexboy |
||||
|
Time is now: 7th November 2009 - 10:00 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising