Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

security.hijack [Solved]


  • This topic is locked This topic is locked

#1
Sinoito

Sinoito

    Member

  • Member
  • PipPip
  • 58 posts
I"m trying to help my friend out with his computer. It had problems with System Security but after running Malware Bytes and McAfee I was able to get rid of it. Now, IE will not work but the internet connection is fine as his skype client is working. I am using my home computer to post until his IE works again. Everytime I run Malware Bytes, I receive multiple security.hijack detections. I think this might be the reason for the disfunctional IE. Please provide assistance. Here are the logs:

MBAM
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2

5/23/2009 3:58:39 PM
mbam-log-2009-05-23 (15-58-39).txt

Scan type: Quick Scan
Objects scanned: 73848
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 53
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Rooter
Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:76308 Mo/Free:3447 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:1990 Mo/Free:383 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
K:\ [Removable] (Total:0 Mo/Free:0 Mo)

Sat 05/23/2009|16:02

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
---------- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
---------- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Skype\Phone\Skype.exe
---------- C:\Program Files\McAfee\Common Framework\McTray.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Skype\Plugin Manager\skypePM.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 05/23/2009|16:03

----------------------\\ Scan completed at 16:03

OTListIt
OTListIt logfile created on: 5/23/2009 4:04:27 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Steve\Desktop\Virus
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 160.06 Mb Available Physical Memory | 31.84% Memory free
1.20 Gb Paging File | 0.90 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 43.37 Gb Free Space | 58.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.94 Gb Total Space | 0.37 Gb Free Space | 19.25% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHENARCHER
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Documents and Settings\Steve\Desktop\Virus\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance [On_Demand | Stopped]) -- C:\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (srserviceSharedAccess [Auto | Stopped]) -- C:\WINDOWS\system32\ansih.exe ()
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (BANTExt [System | Running]) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (irsir [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\NPF.sys (CACE Technologies)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13966
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/02/25 18:46:23 | 00,000,000 | ---D | M]

[2008/11/27 12:20:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\mozilla\Extensions
[2008/11/27 12:20:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/01 10:54:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\mozilla\Firefox\Profiles\chh3mfpz.default\extensions
[2009/05/21 13:57:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/19 23:38:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/05/21 00:44:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\browserhighlighter@ebay.com

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - SITEguard - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [PromoReg] C:\WINDOWS\Temp\wpv191242765100.exe File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1180916108750 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (digiwet.dll) - C:\WINDOWS\system32\digiwet.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/31 23:34:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8892c13c-1490-11dc-85d5-001111dcb295}\Shell - "" = AutoRun
O33 - MountPoints2\{8892c13c-1490-11dc-85d5-001111dcb295}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8892c13c-1490-11dc-85d5-001111dcb295}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/23 14:03:29 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/23 16:02:11 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/23 15:15:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/23 14:21:15 | 00,000,000 | ---D | C] -- C:\QUARANTINE
[2009/05/23 14:07:05 | 01,495,552 | ---- | C] (PGP Corporation) -- C:\WINDOWS\System32\epoPGPsdk.dll
[2009/05/23 14:07:05 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/05/23 14:07:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2009/05/23 14:07:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/05/23 14:06:40 | 00,064,360 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2009/05/23 14:06:40 | 00,034,152 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/05/23 14:06:39 | 00,072,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/05/23 14:06:39 | 00,052,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2009/05/23 14:06:37 | 00,168,776 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/05/23 14:06:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/05/23 14:06:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/05/23 13:37:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Malwarebytes
[2009/05/23 13:37:47 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/23 13:37:47 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/23 13:37:44 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/23 13:37:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/23 13:37:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/23 13:36:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/23 13:36:33 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\NTREGOPT.lnk
[2009/05/23 13:36:33 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\ERUNT.lnk
[2009/05/23 13:36:33 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/23 13:31:01 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Steve\Desktop\Virus
[2009/05/23 13:13:52 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/05/23 13:13:52 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/05/23 13:13:48 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/05/23 13:13:48 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/05/22 21:36:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/05/21 22:08:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\96811556.ini
[2009/05/21 22:08:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\96811556
[2009/05/21 22:08:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\16801564
[2009/05/21 14:13:53 | 00,349,696 | ---- | C] (iS3, Inc.) -- C:\DOCUME~1\Steve\Desktop\STOPzilla_Setup.exe
[2009/05/21 00:42:47 | 07,526,856 | ---- | C] (Mozilla) -- C:\DOCUME~1\Steve\Desktop\Firefox Setup 3.0.10.exe
[2009/05/20 20:02:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\870159
[2009/05/20 10:49:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\547372
[2009/05/20 10:05:00 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\sto452730.dat
[2009/05/20 10:04:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\st_1242846756.exe
[2009/05/20 10:04:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\st_1242828320.exe
[2009/05/20 00:37:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/05/20 00:34:11 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/05/20 00:34:08 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\sto452856.dat
[2009/05/20 00:34:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\796525
[2009/05/19 23:56:44 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/19 23:52:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\skypePM
[2009/05/19 23:43:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Skype
[2009/05/19 23:39:09 | 00,002,265 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Skype.lnk
[2009/05/19 23:38:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/05/19 23:38:22 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/05/19 23:36:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/05/19 22:59:41 | 00,000,392 | ---- | C] () -- C:\WINDOWS\st_1242806847.exe
[2009/05/19 22:59:40 | 00,000,393 | ---- | C] () -- C:\WINDOWS\st_1242788419.exe
[2009/05/19 22:47:01 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2009/05/19 22:46:11 | 00,000,032 | --S- | C] () -- C:\WINDOWS\System32\2956598322.dat
[2009/05/19 22:45:31 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\sto453250.dat
[2009/05/19 22:45:30 | 00,000,393 | ---- | C] () -- C:\WINDOWS\st_1242787561.exe
[2009/05/19 22:45:30 | 00,000,392 | ---- | C] () -- C:\WINDOWS\st_1242805997.exe
[2009/05/19 22:44:31 | 00,053,248 | RHS- | C] () -- C:\WINDOWS\System32\ansih.exe
[2009/05/19 22:43:12 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\digiwet.dll
[2009/05/12 15:09:20 | 00,031,496 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\05) Instrumentals - Fabolous - Make you Mine.HMP
[2009/05/11 18:41:14 | 00,042,044 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\10) Instrumentals - Fabolous ft Young Jeezy Bleu Di.HMP
[2009/05/11 18:01:08 | 01,121,834 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\mp3.mp3
[2009/05/11 17:52:28 | 00,045,636 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\Kiss Mine.HMP
[2009/05/11 17:48:03 | 00,040,316 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\Jin ft. Kanye West - I Gotta Love (Instrumental).HMP
[2009/05/09 01:47:46 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSTEE.sys
[2009/05/09 01:47:46 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2009/05/09 01:47:42 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NdisIP.sys
[2009/05/09 01:47:42 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2009/05/09 01:47:40 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/05/09 01:47:40 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2009/05/09 01:47:40 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\StreamIP.sys
[2009/05/09 01:47:40 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2009/05/09 01:47:37 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SLIP.sys
[2009/05/09 01:47:37 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2009/05/09 01:47:34 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS
[2009/05/09 01:47:34 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2009/05/09 01:47:31 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NABTSFEC.sys
[2009/05/09 01:47:31 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009/05/09 01:47:28 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CCDECODE.sys
[2009/05/09 01:47:28 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2009/05/09 01:47:18 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/05/09 01:47:18 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/05/09 01:47:11 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/05/09 01:47:11 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009/05/09 01:47:11 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/05/09 01:47:11 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2009/05/09 01:47:11 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/05/09 01:47:11 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2009/05/09 01:47:10 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/05/09 01:47:10 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2009/05/09 01:47:10 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/05/09 01:47:10 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009/05/09 01:47:10 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/05/09 01:47:10 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009/05/09 01:47:10 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/05/09 01:47:10 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/05/09 01:46:58 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/05/09 01:46:58 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/05/07 12:14:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/05/07 12:14:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/05/07 12:13:47 | 00,055,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2009/05/07 12:09:32 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/05/07 12:08:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/05/07 12:07:24 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/05/07 12:06:27 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/05/07 12:06:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/05/07 12:04:01 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/05/07 12:03:49 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Documents\microsoft
[2009/05/07 12:03:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/05/07 11:59:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/05/03 15:08:54 | 51,643,344 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\Da_Instrumentals_Fabolous_Hype_Radio_Edition-(DatPiff.com).zip
[2009/05/02 20:49:10 | 04,401,109 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\Kiss Mine.mp3
[2009/05/02 00:48:54 | 91,279,156 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\Motion_Picture_The_Mixtape_Final.zip
[2009/05/01 19:15:50 | 00,560,134 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\stage_red_curtain-1000x620 copy.jpg
[2009/05/01 19:15:21 | 00,075,510 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\stage_red_curtain-1000x620.jpg
[2009/05/01 11:22:10 | 00,000,694 | ---- | C] () -- C:\DOCUME~1\Steve\Desktop\BearShare.lnk
[2009/04/11 00:35:35 | 00,000,707 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2009/04/10 23:51:18 | 00,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2009/04/10 23:40:49 | 00,002,992 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/05/29 22:59:49 | 00,000,019 | ---- | C] () -- C:\WINDOWS\ws.ini
[2008/05/29 22:59:40 | 00,002,059 | ---- | C] () -- C:\WINDOWS\ws1.ini
[2008/05/29 22:59:40 | 00,002,059 | ---- | C] () -- C:\WINDOWS\timew.ini
[2008/05/29 22:59:40 | 00,002,059 | ---- | C] () -- C:\WINDOWS\hist.ini
[2008/05/29 22:59:40 | 00,002,059 | ---- | C] () -- C:\WINDOWS\boxw.ini
[2008/05/29 22:59:37 | 00,002,059 | ---- | C] () -- C:\WINDOWS\ws2.ini
[2008/05/29 22:59:19 | 00,002,059 | ---- | C] () -- C:\WINDOWS\norm.ini
[2008/05/29 22:59:12 | 00,002,059 | ---- | C] () -- C:\WINDOWS\wsd.ini
[2007/07/14 09:57:33 | 00,000,305 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/07/14 09:57:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2007/07/14 09:56:57 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2007/07/03 02:10:02 | 00,036,580 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/24 12:05:53 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/06/11 21:55:49 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/06/10 22:04:52 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/06/07 20:26:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/03 21:26:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/01 00:16:58 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/04/22 19:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/04 08:00:00 | 00,000,998 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/23 15:49:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/23 15:46:23 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Steve\Local Settings\desktop.ini
[2009/05/23 15:46:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/23 15:46:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/23 15:15:53 | 00,000,998 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/23 15:15:53 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/23 15:15:53 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/05/23 13:37:47 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/23 13:36:33 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\NTREGOPT.lnk
[2009/05/23 13:36:33 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\ERUNT.lnk
[2009/05/23 13:22:55 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-527237240-839522115-1004.job
[2009/05/21 22:08:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\96811556.ini
[2009/05/21 14:13:55 | 00,349,696 | ---- | M] (iS3, Inc.) -- C:\DOCUME~1\Steve\Desktop\STOPzilla_Setup.exe
[2009/05/21 00:43:06 | 07,526,856 | ---- | M] (Mozilla) -- C:\DOCUME~1\Steve\Desktop\Firefox Setup 3.0.10.exe
[2009/05/20 22:36:59 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/05/20 10:05:00 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\sto452730.dat
[2009/05/20 10:04:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\st_1242846756.exe
[2009/05/20 10:04:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\st_1242828320.exe
[2009/05/20 00:35:08 | 00,002,265 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Skype.lnk
[2009/05/20 00:34:11 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/05/20 00:34:09 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\sto452856.dat
[2009/05/19 23:56:44 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/19 22:59:41 | 00,000,392 | ---- | M] () -- C:\WINDOWS\st_1242806847.exe
[2009/05/19 22:59:40 | 00,000,393 | ---- | M] () -- C:\WINDOWS\st_1242788419.exe
[2009/05/19 22:46:12 | 00,000,032 | --S- | M] () -- C:\WINDOWS\System32\2956598322.dat
[2009/05/19 22:45:31 | 00,000,392 | ---- | M] () -- C:\WINDOWS\st_1242805997.exe
[2009/05/19 22:45:31 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\sto453250.dat
[2009/05/19 22:45:30 | 00,000,393 | ---- | M] () -- C:\WINDOWS\st_1242787561.exe
[2009/05/19 22:43:38 | 00,053,248 | RHS- | M] () -- C:\WINDOWS\System32\ansih.exe
[2009/05/19 22:43:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\digiwet.dll
[2009/05/15 19:28:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/15 14:33:53 | 00,000,707 | ---- | M] () -- C:\WINDOWS\AudStu.INI
[2009/05/15 14:33:49 | 00,045,636 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\Kiss Mine.HMP
[2009/05/15 14:33:46 | 00,042,044 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\10) Instrumentals - Fabolous ft Young Jeezy Bleu Di.HMP
[2009/05/15 14:04:23 | 00,031,496 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\05) Instrumentals - Fabolous - Make you Mine.HMP
[2009/05/15 14:04:19 | 00,040,316 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\Jin ft. Kanye West - I Gotta Love (Instrumental).HMP
[2009/05/12 18:44:40 | 00,036,580 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/05/11 18:01:08 | 01,121,834 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\mp3.mp3
[2009/05/11 16:59:46 | 04,401,109 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\Kiss Mine.mp3
[2009/05/08 09:46:59 | 00,462,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/08 09:46:59 | 00,395,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/08 09:46:59 | 00,059,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/08 09:42:34 | 00,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/07 12:05:12 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/03 15:57:19 | 91,279,156 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\Motion_Picture_The_Mixtape_Final.zip
[2009/05/03 15:09:21 | 51,643,344 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\Da_Instrumentals_Fabolous_Hype_Radio_Edition-(DatPiff.com).zip
[2009/05/01 18:55:56 | 00,560,134 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\stage_red_curtain-1000x620 copy.jpg
[2009/05/01 11:22:10 | 00,000,694 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\BearShare.lnk
[2009/04/30 10:40:52 | 00,075,510 | ---- | M] () -- C:\DOCUME~1\Steve\Desktop\stage_red_curtain-1000x620.jpg
< End of report >

Extras
OTListIt Extras logfile created on: 5/23/2009 4:04:27 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Steve\Desktop\Virus
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 160.06 Mb Available Physical Memory | 31.84% Memory free
1.20 Gb Paging File | 0.90 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 43.37 Gb Free Space | 58.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.94 Gb Total Space | 0.37 Gb Free Space | 19.25% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHENARCHER
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare (Free Peers, Inc.)
C:\Program Files\Ares Ultra\Ares Ultra.exe:*:Enabled:Ares Ultra p2p for windows File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\Common Files\AOL\1181527538\ee\aolsoftware.exe:*:Enabled:AOL Services (America Online, Inc.)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE (Lexmark International, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService (Apple Inc.)
C:\WINDOWS\system32\LEXBCES.EXE:*:Enabled:LEXBCES (Lexmark International, Inc.)
C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus (Vuze Inc.)
C:\WINDOWS\svcho.exe:*:Enabled:enable File not found
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware (Malwarebytes Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BearShare" = BearShare
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition (US)
"hp deskjet 656c series" = hp deskjet 656c series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"MAGIX Music Studio 11 deluxe US" = MAGIX Music Studio 11 deluxe (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"ViewpointMediaPlayer" = Viewpoint Media Player
"VisualTool" = VisualTool
"Vuze" = Vuze
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2009 10:00:21 PM | Computer Name = STEPHENARCHER | Source = MsiInstaller | ID = 11406
Description = Product: Symantec Endpoint Protection -- Error 1406.Could not write
value EventMessageFile to key \System\CurrentControlSet\Services\EventLog\System\SRTSP.
System error . Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 5/22/2009 10:00:22 PM | Computer Name = STEPHENARCHER | Source = MsiInstaller | ID = 11406
Description = Product: Symantec Endpoint Protection -- Error 1406.Could not write
value SettingsPath to key \System\CurrentControlSet\Services\SRTSP\Parameters.
System error . Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 5/22/2009 10:00:23 PM | Computer Name = STEPHENARCHER | Source = MsiInstaller | ID = 11406
Description = Product: Symantec Endpoint Protection -- Error 1406.Could not write
value Version to key \Software\Symantec\SRTSP. System error . Verify that you
have sufficient access to that key, or contact your support personnel.

Error - 5/23/2009 2:21:20 PM | Computer Name = STEPHENARCHER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/23/2009 3:06:36 PM | Computer Name = STEPHENARCHER | Source = McLogEvent | ID = 259
Description = The file c:\WINDOWS\system32\SYS32DLL.exe contains the New Malware.j
Trojan. No cleaner available, file deleted successfully. Detected using Scan engine
version 5301.4018 DAT version 5624.0000.

Error - 5/23/2009 3:12:57 PM | Computer Name = STEPHENARCHER | Source = McLogEvent | ID = 259
Description = The scan found detections. Scan engine version 5301.4018 DAT version
5624.

Error - 5/23/2009 3:23:19 PM | Computer Name = STEPHENARCHER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3940 (0xf64) Thread address : 0x7C90EB94 Thread message : Build VSCORE.13.3.1.100
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Program Files\Skype\Plugin
Manager\ezPMUtils.dll by C:\Program Files\Skype\Plugin Manager\skypePM.exe 17018(88594)(0)

232(87750)(0) 231(87562)(0) 22305(87562)(0) 22304(87562)(0) 22302(87562)(0) 22301(87562)(0)

226(87500)(0)

Error - 5/23/2009 3:23:22 PM | Computer Name = STEPHENARCHER | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 5/23/2009 3:32:34 PM | Computer Name = STEPHENARCHER | Source = Application Hang | ID = 1002
Description = Hanging application InstStub.exe, version 16.2.0.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/23/2009 3:39:53 PM | Computer Name = STEPHENARCHER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

[ System Events ]
Error - 5/22/2009 12:52:20 AM | Computer Name = STEPHENARCHER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the service.

Error - 5/22/2009 1:12:06 AM | Computer Name = STEPHENARCHER | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/22/2009 1:12:06 AM | Computer Name = STEPHENARCHER | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/22/2009 1:12:06 AM | Computer Name = STEPHENARCHER | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/22/2009 1:12:06 AM | Computer Name = STEPHENARCHER | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 5/22/2009 1:12:06 AM | Computer Name = STEPHENARCHER | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/22/2009 1:12:06 AM | Computer Name = STEPHENARCHER | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/22/2009 1:12:06 AM | Computer Name = STEPHENARCHER | Source = Service Control Manager | ID = 7034
Description = The LexBce Server service terminated unexpectedly. It has done this
1 time(s).

Error - 5/22/2009 1:21:28 AM | Computer Name = STEPHENARCHER | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 82002020, parameter3
82002194, parameter4 805fa1f0.

Error - 5/22/2009 1:22:16 AM | Computer Name = STEPHENARCHER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde


< End of report >
  • 0

Similar Topics: security.hijack [Solved]     x


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
OTListIt2 Fix step

Open OTListIt2 then do below..

Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.

:processes
explorer.exe

:OTLI
SRV - (srserviceSharedAccess [Auto | Stopped]) -- C:\WINDOWS\system32\ansih.exe ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (digiwet.dll) - C:\WINDOWS\system32\digiwet.dll ()
[2009/05/21 22:08:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\96811556.ini
[2009/05/21 22:08:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\96811556
[2009/05/21 22:08:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\16801564
[2009/05/20 20:02:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\870159
[2009/05/20 10:49:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\547372
[2009/05/20 10:05:00 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\sto452730.dat
[2009/05/20 10:04:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\st_1242846756.exe
[2009/05/20 10:04:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\st_1242828320.exe
[2009/05/20 00:34:11 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/05/20 00:34:08 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\sto452856.dat
[2009/05/20 00:34:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\796525
[2009/05/19 22:59:41 | 00,000,392 | ---- | C] () -- C:\WINDOWS\st_1242806847.exe
[2009/05/19 22:59:40 | 00,000,393 | ---- | C] () -- C:\WINDOWS\st_1242788419.exe
[2009/05/19 22:46:11 | 00,000,032 | --S- | C] () -- C:\WINDOWS\System32\2956598322.dat
[2009/05/19 22:45:31 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\sto453250.dat
[2009/05/19 22:45:30 | 00,000,393 | ---- | C] () -- C:\WINDOWS\st_1242787561.exe
[2009/05/19 22:45:30 | 00,000,392 | ---- | C] () -- C:\WINDOWS\st_1242805997.exe
[2009/05/19 22:44:31 | 00,053,248 | RHS- | C] () -- C:\WINDOWS\System32\ansih.exe
[2009/05/19 22:43:12 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\digiwet.dll

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply...
  • 0

#3
Sinoito

Sinoito

    Member

  • Member
  • PipPip
  • 58 posts
Thanks a lot fenzodahl512. I wasn't expecting such a quick response with Memorial Day weekend. Here's the log:

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== OTLISTIT ==========

Service\Driver srserviceSharedAccess deleted successfully.
File move failed. C:\WINDOWS\system32\ansih.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digiwet.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\digiwet.dll
C:\WINDOWS\system32\digiwet.dll NOT unregistered.
C:\WINDOWS\system32\digiwet.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\96811556.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\96811556 moved successfully.
C:\Documents and Settings\All Users\Application Data\16801564 moved successfully.
C:\WINDOWS\System32\870159 moved successfully.
C:\WINDOWS\System32\547372 moved successfully.
C:\WINDOWS\sto452730.dat moved successfully.
C:\WINDOWS\st_1242846756.exe moved successfully.
C:\WINDOWS\st_1242828320.exe moved successfully.
C:\WINDOWS\9g2234wesdf3dfgjf23 moved successfully.
C:\WINDOWS\sto452856.dat moved successfully.
C:\WINDOWS\System32\796525 moved successfully.
C:\WINDOWS\st_1242806847.exe moved successfully.
C:\WINDOWS\st_1242788419.exe moved successfully.
File move failed. C:\WINDOWS\System32\2956598322.dat scheduled to be moved on reboot.
C:\WINDOWS\sto453250.dat moved successfully.
C:\WINDOWS\st_1242787561.exe moved successfully.
C:\WINDOWS\st_1242805997.exe moved successfully.
File move failed. C:\WINDOWS\System32\ansih.exe scheduled to be moved on reboot.
File C:\WINDOWS\System32\digiwet.dll not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Steve\Local Settings\Temp\Temporary Directory 1 for Da_Instrumentals_Fabolous_Hype_Radio_Edition-(DatPiff.com).zip\Fabolous - Da Instrumentals Fabolous Hype Radio (DatPiff.com)\10) Instrumentals - Fabolous ft Young Jeezy Bleu Di.mp3 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Temp\NAILogs\UpdaterUI_STEPHENARCHER.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\WFV6.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05242009_140831

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\ansih.exe scheduled to be moved on reboot.
C:\WINDOWS\System32\2956598322.dat moved successfully.
File C:\Documents and Settings\Steve\Local Settings\Temp\Temporary Directory 1 for Da_Instrumentals_Fabolous_Hype_Radio_Edition-(DatPiff.com).zip\Fabolous - Da Instrumentals Fabolous Hype Radio (DatPiff.com)\10) Instrumentals - Fabolous ft Young Jeezy Bleu Di.mp3 not found!
C:\Documents and Settings\Steve\Local Settings\Temp\NAILogs\UpdaterUI_STEPHENARCHER.log moved successfully.
File C:\WINDOWS\temp\WFV6.tmp not found!

Registry entries deleted on Reboot...
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.
Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#5
Sinoito

Sinoito

    Member

  • Member
  • PipPip
  • 58 posts
Cool IE works on this computer now. Here are the logs:

Combofix
ComboFix 09-05-23.04 - Steve 05/24/2009 14:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.307 [GMT -4:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 18:20 . 2009-05-24 18:20 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-24 18:08 . 2009-05-24 18:08 -------- d-----w C:\_OTListIt
2009-05-23 20:02 . 2009-05-23 20:03 -------- d-----w C:\Rooter$
2009-05-23 18:21 . 2009-05-24 18:11 -------- d-----w C:\QUARANTINE
2009-05-23 18:07 . 2009-05-23 18:07 -------- d-----w c:\program files\Common Files\Cisco Systems
2009-05-23 18:07 . 2006-11-17 07:06 1495552 ----a-w c:\windows\system32\epoPGPsdk.dll
2009-05-23 18:03 . 2009-05-23 18:03 -------- d-----w c:\temp\McAfee
2009-05-23 17:37 . 2009-05-23 17:37 -------- d-----w c:\documents and settings\Steve\Application Data\Malwarebytes
2009-05-23 17:37 . 2009-02-11 14:19 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 17:37 . 2009-02-11 14:19 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 17:37 . 2009-05-23 17:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 17:37 . 2009-05-23 17:37 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-23 17:36 . 2009-05-23 17:36 -------- d-----w c:\program files\ERUNT
2009-05-23 17:13 . 2004-08-04 04:56 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-05-23 17:13 . 2004-08-04 04:56 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-23 17:13 . 2004-08-04 02:58 14848 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-05-23 17:13 . 2004-08-04 02:58 14848 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-05-23 01:38 . 2009-05-23 01:38 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-05-20 04:37 . 2009-05-20 04:37 -------- d-----w c:\windows\system32\LogFiles
2009-05-20 03:56 . 2009-05-20 03:56 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-20 03:52 . 2009-05-24 18:07 -------- d-----w c:\documents and settings\Steve\Application Data\skypePM
2009-05-20 03:43 . 2009-05-24 18:39 -------- d-----w c:\documents and settings\Steve\Application Data\Skype
2009-05-20 03:38 . 2009-05-20 03:38 -------- d-----w c:\program files\Common Files\Skype
2009-05-20 03:38 . 2009-05-20 03:39 -------- d-----r c:\program files\Skype
2009-05-20 03:36 . 2009-05-20 03:38 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-18 16:39 . 2009-05-18 16:39 10684866 ----a-w c:\documents and settings\Steve\Application Data\Azureus\plugins\azump\mplayer.exe
2009-05-16 04:41 . 2009-05-16 04:41 390664 ----a-w c:\documents and settings\Jean\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-09 05:46 . 2004-08-04 03:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-09 05:46 . 2004-08-04 03:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-07 16:14 . 2009-05-07 16:14 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-07 16:14 . 2009-05-07 16:14 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-05-07 16:13 . 2009-02-06 22:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-05-07 16:08 . 2009-05-22 02:16 -------- d-----w c:\documents and settings\Jean\Tracing
2009-05-07 16:07 . 2009-05-07 16:07 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-07 16:06 . 2006-11-29 17:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-07 16:06 . 2009-05-07 16:06 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-07 16:04 . 2009-05-07 16:14 -------- d-----w c:\program files\Microsoft
2009-05-07 16:03 . 2009-05-21 18:01 -------- d-----w c:\program files\Windows Live
2009-05-07 15:59 . 2009-05-07 15:59 -------- d-----w c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 19:40 . 2007-06-08 00:01 -------- d-----w c:\program files\Symantec
2009-05-23 19:36 . 2009-03-07 13:26 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-05-23 19:36 . 2008-12-30 06:53 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-05-23 19:26 . 2008-12-30 06:38 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-23 02:02 . 2007-06-08 00:01 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-21 04:41 . 2007-06-14 04:24 -------- d-----w c:\program files\Real
2009-05-20 04:32 . 2009-03-07 07:45 -------- d-----w c:\documents and settings\Steve\Application Data\Azureus
2009-05-16 19:07 . 2009-03-07 07:44 -------- d-----w c:\program files\Vuze
2009-05-09 15:54 . 2007-07-11 17:40 46704 ----a-w c:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 15:22 . 2007-06-11 02:51 -------- d-----w c:\program files\BearShare
2009-04-12 02:58 . 2009-03-07 13:27 -------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2009-04-11 07:48 . 2007-06-07 00:46 -------- d-----w c:\documents and settings\Steve\Application Data\U3
2009-04-11 03:53 . 2009-04-11 03:53 -------- d-----w c:\documents and settings\All Users\Application Data\MAGIX
2009-04-11 03:51 . 2009-04-11 03:51 -------- d-----w c:\program files\Common Files\MAGIX Shared
2009-03-08 09:16 . 2008-02-18 06:24 1915520 ----a-w c:\documents and settings\Steve\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-03-06 23:36 . 2007-06-04 03:06 46120 ----a-w c:\documents and settings\Jean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-11 02:51 . 2007-06-11 02:51 3498312 ----a-w c:\program files\BSLITEINSTALL.exe
2007-06-11 02:22 . 2007-06-11 02:22 6010424 ----a-w c:\program files\Firefox Setup 2.0.0.4.exe
2007-06-11 02:00 . 2007-06-11 01:59 5837464 ----a-w c:\program files\netscape-navigator-9.0b1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-25 185896]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1181527538\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\system32\\LEXBCES.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/7/2009 12:13 PM 55152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/30/2008 11:37 AM 24652]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [4/10/2009 11:53 PM 1527900]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-527237240-839522115-1004.job
- c:\documents and settings\Nick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-27 02:00]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
Notify-NavLogon - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 14:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-05-24 14:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 18:56

Pre-Run: 47,788,888,064 bytes free
Post-Run: 47,741,661,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

178 --- E O F --- 2008-12-18 05:47

HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:37 PM, on 5/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1180916108750
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7744 bytes
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Awesome! Please uninstall Viewpoint from the computer if you don't use it..

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


How's the computer now? :)

Edited by fenzodahl512, 24 May 2009 - 01:22 PM.
to add HijackThis entries

  • 0

#7
Sinoito

Sinoito

    Member

  • Member
  • PipPip
  • 58 posts
I think I'm clean now. The ESET scanner found nothing. Thanks so much. Here's the ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16762 (vista_gdr.081013-1507)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=ada9872a252df84ba2da1825214cbe21
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-05-24 09:02:59
# local_time=2009-05-24 05:02:59 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# scanned=49149
# found=0
# cleaned=0
# scan_time=1736
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#9
Sinoito

Sinoito

    Member

  • Member
  • PipPip
  • 58 posts
It's running like it should now. Thanks a lot.
  • 0

#10
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured