Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected: Exploit.Java.Gimsh.b

Started by ebgenus , Aug 22 2009 06:29 AM

  • Please log in to reply

#1
ebgenus
Posted 22 August 2009 - 06:29 AM

ebgenus

    New Member

  • Member
  • Pip
  • 2 posts
Good morning/afternoon/evening ;-),

Upon originally being infected with Trojan.BHO, I attempted to self-troubleshoot via your forum for another user with the same issue. I know, not really the recommended path, but being the independent spirit I am I decided to give it a try. After Running Kapersky, it detected 3 different threats. Since these threats differed from that of the other user, rather than risk doing something inaccurately by following the remaining steps, I read your intial cleaning guide for removal and have followed the steps. Prior to posting the logs, I thought I'd already tell you the steps I took previously.

1. Ran MBAW. Results: Trojan.BHO detected
2. Ran Combo-Fix.exe (Don't shoot me, just glad computer still running..)
3. Ran MBAW. Results: Nothing detected
4. Ran Kepersky. Results: Exploit.Java.Gimsh.b, not-a-virus:AdWare.Win32.WinAD.f, and not-a-virus:AdWare.Win32.Gator.1019 detected

At this point I searched your site for folks having these issues, but didn't really find a solution as once you get to OTL, the troubleshooting becomes a bit more customized. So I did what I initially should have done and followed your guide for removal.

1. Ran RootRepeal. (Logs attached)
2. Ran OTL. (Logs attached)

Please let me know if you'd like to view any of my other logs from yesterday such as the Combo-Fix file. I will go ahead and include my Kepersky logfile as well. Any assistance you can provide is most appreciated.

E. Genus

====================== MBAM LOG FILE =====================
Malwarebytes' Anti-Malware 1.40
Database version: 2635
Windows 5.1.2600 Service Pack 3

8/21/2009 10:20:08 PM
mbam-log-2009-08-21 (22-20-08).txt

Scan type: Quick Scan
Objects scanned: 108589
Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
======================== END MBAM LOG FILE =====================

======================== ROOTREPEAL LOG FILE ===================
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/22 07:40
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\Combo-Fix\catchme.sys
Address: 0xEF0B0000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF88AF000 Size: 60416 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEEEFF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8DB5000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF8DBF000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE106000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

=================== END OF ROOTREPEAL LOG FILE =================

=================== OTL.TXT ====================================
OTL logfile created on: 8/22/2009 7:50:08 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\esonia orozco\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 260.84 Mb Available Physical Memory | 51.10% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 70.26% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 2.10 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D5Q48M21
Current User Name: esonia orozco
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2003/02/06 16:37:52 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2003/02/06 04:26:18 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2005/04/30 18:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
PRC - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2006/03/30 10:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2005/10/19 08:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/03/16 06:33:00 | 00,127,037 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/07/27 17:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/02/23 17:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2006/02/13 11:53:34 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
PRC - [2005/10/07 12:01:48 | 00,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
PRC - [2005/10/28 08:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcdcoms.exe
PRC - [2005/07/28 09:32:20 | 00,094,208 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2005/08/22 10:10:54 | 00,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
PRC - [2007/12/11 13:10:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/10/07 11:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2007/03/15 12:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2002/09/12 11:28:14 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2008/05/10 08:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/08/06 16:33:46 | 00,090,112 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2007/12/11 13:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/08/21 22:29:38 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/22 07:46:49 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\esonia orozco\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/04/30 18:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
SRV - [2006/03/30 10:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/10/28 08:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device [On_Demand | Running])
SRV - [2007/03/07 16:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/12/11 13:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2003/02/06 16:37:52 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2002/08/29 07:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing [Auto | Start_Pending])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2009/08/21 22:29:38 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 10:47:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/21 22:29:40 | 00,000,000 | ---D | M]

[2005/06/04 15:45:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\mozilla\Firefox\Profiles\rc22m436.default\extensions
[2005/06/04 15:45:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\mozilla\Firefox\Profiles\rc22m436.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/06/03 12:02:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2005/06/03 12:08:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2004/09/09 00:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (goodsearch) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch1.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (goodsearch) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch1.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/07/04 08:01:50 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Translate into English - c:\program files\google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/07/04 08:01:50 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/07/04 08:01:50 | 00,000,000 | ---D | M]
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} http://www.rovion.co...rols/Rovion.cab (BlueStream_Flash Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1192935077718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://us.dl1.yimg.c.../ymmapi_416.dll (YahooYMailTo Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_11)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/22 07:46:46 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\esonia orozco\Desktop\OTL.exe
[2009/08/22 07:35:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\esonia orozco\Desktop\settings.dat
[2009/08/22 07:34:38 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\esonia orozco\Desktop\RootRepeal.exe
[2009/08/21 22:06:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/08/21 22:04:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/21 21:11:54 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/21 21:11:45 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/21 21:11:37 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/21 21:08:29 | 00,228,864 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/21 21:08:29 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/21 21:08:29 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/21 21:08:29 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/21 21:08:29 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/21 21:08:29 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/21 21:08:29 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/21 21:08:29 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/21 21:08:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/21 21:08:22 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/08/21 21:08:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/21 21:05:37 | 03,181,630 | R--- | C] () -- C:\Documents and Settings\esonia orozco\Desktop\Combo-Fix.exe
[2009/08/21 19:10:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/21 18:52:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/16 13:41:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\esonia orozco\Application Data\Malwarebytes
[2009/08/16 13:41:41 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/16 13:41:36 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/16 13:41:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/16 13:41:33 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/16 13:41:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/16 10:19:18 | 00,015,262 | ---- | C] () -- C:\WINDOWS\isugar.bat
[2009/08/16 10:19:18 | 00,010,280 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\huqejicoca.com
[2009/08/16 10:19:17 | 00,019,766 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\beryxoqe.dat
[2009/08/16 10:19:17 | 00,019,313 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojoson.db
[2009/08/16 10:19:17 | 00,018,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\valur.inf
[2009/08/16 10:19:17 | 00,014,796 | ---- | C] () -- C:\Program Files\Common Files\ycohige.com
[2009/08/16 10:19:17 | 00,010,956 | ---- | C] () -- C:\WINDOWS\tevemy.vbs
[2009/08/16 10:19:17 | 00,010,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\viqysi.vbs
[2009/08/16 10:19:17 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\ducusoc.bat
[2009/08/16 08:17:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/16 04:00:05 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/16 01:52:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/08/16 01:52:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/08/16 01:52:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/08/16 00:48:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\esonia orozco\My Documents\My Received Files
[2009/08/15 20:59:31 | 00,015,799 | ---- | C] () -- C:\WINDOWS\anoziviky.inf
[2009/08/15 20:59:31 | 00,015,513 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\onilovofa.bat
[2009/08/15 20:59:30 | 00,019,916 | ---- | C] () -- C:\WINDOWS\System32\pexy.ban
[2009/08/15 20:59:30 | 00,019,052 | ---- | C] () -- C:\WINDOWS\pikozoqe.vbs
[2009/08/15 20:59:30 | 00,018,274 | ---- | C] () -- C:\WINDOWS\ufef.lib
[2009/08/15 20:59:30 | 00,016,129 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gibyru.bin
[2009/08/15 20:59:30 | 00,015,796 | ---- | C] () -- C:\WINDOWS\System32\qunoha.reg
[2009/08/15 20:59:30 | 00,015,760 | ---- | C] () -- C:\WINDOWS\vodedyb.dl
[2009/08/15 20:59:30 | 00,015,666 | ---- | C] () -- C:\WINDOWS\System32\cogy.bat
[2009/08/15 20:59:30 | 00,015,533 | ---- | C] () -- C:\WINDOWS\hugecitu.bat
[2009/08/15 20:59:30 | 00,015,530 | ---- | C] () -- C:\Program Files\Common Files\osup.dl
[2009/08/15 20:59:30 | 00,014,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\otiqukiq.com
[2009/08/15 20:59:30 | 00,012,162 | ---- | C] () -- C:\Program Files\Common Files\uqaf.pif
[2009/08/15 20:59:30 | 00,011,167 | ---- | C] () -- C:\WINDOWS\System32\venut.db
[2009/08/15 12:06:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\esonia orozco\Local Settings\Application Data\PCHealth
[2009/08/15 10:44:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/15 10:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/15 10:43:45 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/15 10:41:34 | 00,000,000 | ---D | C] -- C:\0c4c00e66ef55a3ec11444833a
[2009/08/15 08:55:16 | 00,000,000 | ---D | C] -- C:\e44043de76a2e99de3f8133e0f
[2009/08/15 07:41:37 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/08/15 07:40:24 | 00,000,000 | ---D | C] -- C:\01dbc1abc960ecce0993
[2009/08/15 07:40:08 | 00,000,000 | ---D | C] -- C:\88daa75317824163ee
[2009/08/15 00:02:25 | 00,019,843 | ---- | C] () -- C:\Program Files\Common Files\noludy.lib
[2009/08/15 00:02:25 | 00,017,545 | ---- | C] () -- C:\WINDOWS\ydahynujo.dl
[2009/08/15 00:02:25 | 00,016,946 | ---- | C] () -- C:\Program Files\Common Files\suxuv.bin
[2009/08/15 00:02:25 | 00,016,680 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\yqodolowo.scr
[2009/08/15 00:02:25 | 00,016,068 | ---- | C] () -- C:\Program Files\Common Files\etax.dll
[2009/08/15 00:02:25 | 00,013,942 | ---- | C] () -- C:\WINDOWS\System32\otax.dl
[2009/08/15 00:02:25 | 00,013,230 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yzysydob._dl
[2009/08/15 00:02:25 | 00,013,038 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\uxyridu.bin
[2009/08/15 00:02:25 | 00,011,456 | ---- | C] () -- C:\WINDOWS\rawumow.dat
[2009/08/15 00:02:25 | 00,011,094 | ---- | C] () -- C:\WINDOWS\jywewagal.bat
[2009/08/15 00:02:25 | 00,010,628 | ---- | C] () -- C:\WINDOWS\System32\ohujy._sy
[2009/08/15 00:02:24 | 00,018,500 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ekafy.bat
[2009/08/15 00:02:24 | 00,016,487 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\juno.vbs
[2009/08/15 00:02:24 | 00,014,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yven.reg
[2009/08/15 00:02:24 | 00,013,070 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\syvelu.lib
[2009/08/15 00:02:24 | 00,010,104 | ---- | C] () -- C:\WINDOWS\nasidaxi.bat
[2009/08/13 23:07:48 | 00,018,982 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uleze.sys
[2009/08/13 23:07:48 | 00,017,425 | ---- | C] () -- C:\WINDOWS\System32\xuhugep.reg
[2009/08/13 23:07:48 | 00,017,361 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ubumup.scr
[2009/08/13 23:07:48 | 00,015,737 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\povafohefu.bin
[2009/08/13 23:07:48 | 00,015,381 | ---- | C] () -- C:\WINDOWS\ogewama.vbs
[2009/08/13 23:07:48 | 00,013,449 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\isubuvo.pif
[2009/08/13 23:07:48 | 00,013,401 | ---- | C] () -- C:\WINDOWS\System32\omuqubaram.pif
[2009/08/13 23:07:48 | 00,013,140 | ---- | C] () -- C:\WINDOWS\mylew.bin
[2009/08/13 23:07:48 | 00,013,099 | ---- | C] () -- C:\WINDOWS\System32\cohodolaw.reg
[2009/08/13 23:07:48 | 00,012,776 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\jepufiqeh.dl
[2009/08/13 23:07:48 | 00,012,405 | ---- | C] () -- C:\WINDOWS\System32\maqisyryxy.lib
[2009/08/13 23:07:48 | 00,012,158 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\nuqudepa.ban
[2009/08/13 23:07:48 | 00,010,031 | ---- | C] () -- C:\Program Files\Common Files\gimuzy.ban
[2009/08/13 04:03:15 | 00,019,429 | ---- | C] () -- C:\WINDOWS\System32\aqadikem.dll
[2009/08/13 04:03:15 | 00,019,280 | ---- | C] () -- C:\WINDOWS\ogery.reg
[2009/08/13 04:03:15 | 00,018,138 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yvigohe.dll
[2009/08/13 04:03:15 | 00,018,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\egawubeky.exe
[2009/08/13 04:03:15 | 00,017,907 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\byzynyq.vbs
[2009/08/13 04:03:15 | 00,017,297 | ---- | C] () -- C:\WINDOWS\cimig._sy
[2009/08/13 04:03:15 | 00,016,642 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\wimyhawa.reg
[2009/08/13 04:03:15 | 00,016,194 | ---- | C] () -- C:\WINDOWS\ivucyryha.lib
[2009/08/13 04:03:15 | 00,015,923 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\nufyxo._sy
[2009/08/13 04:03:15 | 00,014,650 | ---- | C] () -- C:\WINDOWS\System32\dekomazux.exe
[2009/08/13 04:03:15 | 00,014,041 | ---- | C] () -- C:\WINDOWS\fivety.com
[2009/08/13 04:03:15 | 00,012,441 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\kiwe.bat
[2009/08/13 04:03:15 | 00,012,200 | ---- | C] () -- C:\WINDOWS\System32\zebydoq.pif
[2009/08/13 04:03:15 | 00,011,754 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\onyfaz.dat
[2009/08/13 04:03:15 | 00,010,750 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\lydar.reg
[2009/08/12 16:04:37 | 00,000,000 | ---D | C] -- C:\623b881923838fb20a2f1e
[2009/08/12 09:01:41 | 00,019,946 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ewacyzifo.vbs
[2009/08/12 09:01:41 | 00,019,546 | ---- | C] () -- C:\WINDOWS\pudimoz.sys
[2009/08/12 09:01:41 | 00,016,175 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\telaw.vbs
[2009/08/12 09:01:41 | 00,014,734 | ---- | C] () -- C:\WINDOWS\enumomedi.dl
[2009/08/12 09:01:41 | 00,013,512 | ---- | C] () -- C:\WINDOWS\System32\sufacis.dl
[2009/08/12 09:01:41 | 00,012,937 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madotokix._sy
[2009/08/12 09:01:41 | 00,011,932 | ---- | C] () -- C:\Program Files\Common Files\upox._sy
[2009/08/12 09:01:41 | 00,010,778 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\raru.vbs
[2009/08/12 09:01:41 | 00,010,563 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dytuz.inf
[2009/08/11 22:31:45 | 00,000,000 | ---D | C] -- C:\Program Files\Shared

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/22 07:46:49 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\esonia orozco\Desktop\OTL.exe
[2009/08/22 07:35:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\esonia orozco\Desktop\settings.dat
[2009/08/22 07:34:40 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\esonia orozco\Desktop\RootRepeal.exe
[2009/08/21 21:56:45 | 00,000,295 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/21 21:56:38 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/21 21:56:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/08/21 21:40:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/21 21:40:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/08/21 21:11:54 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/08/21 21:05:37 | 03,181,630 | R--- | M] () -- C:\Documents and Settings\esonia orozco\Desktop\Combo-Fix.exe
[2009/08/21 19:04:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/21 18:26:41 | 00,175,152 | ---- | M] () -- C:\Documents and Settings\esonia orozco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/20 22:17:15 | 00,228,864 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/16 16:26:30 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\esonia orozco\Desktop\Windows Explorer.lnk
[2009/08/16 13:41:41 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/16 10:19:18 | 00,015,262 | ---- | M] () -- C:\WINDOWS\isugar.bat
[2009/08/16 10:19:18 | 00,010,280 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\huqejicoca.com
[2009/08/16 10:19:17 | 00,019,766 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\beryxoqe.dat
[2009/08/16 10:19:17 | 00,019,313 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ojoson.db
[2009/08/16 10:19:17 | 00,018,774 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\valur.inf
[2009/08/16 10:19:17 | 00,014,796 | ---- | M] () -- C:\Program Files\Common Files\ycohige.com
[2009/08/16 10:19:17 | 00,010,956 | ---- | M] () -- C:\WINDOWS\tevemy.vbs
[2009/08/16 10:19:17 | 00,010,792 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\viqysi.vbs
[2009/08/16 10:19:17 | 00,010,225 | ---- | M] () -- C:\WINDOWS\System32\ducusoc.bat
[2009/08/16 10:10:14 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/16 08:21:49 | 00,440,936 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/08/16 08:21:49 | 00,071,844 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/08/16 08:21:48 | 00,522,264 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/16 08:17:57 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/16 08:16:34 | 00,549,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/16 01:33:54 | 00,250,048 | RHS- | M] () -- C:\NTLDR
[2009/08/15 20:59:31 | 00,015,799 | ---- | M] () -- C:\WINDOWS\anoziviky.inf
[2009/08/15 20:59:31 | 00,015,513 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\onilovofa.bat
[2009/08/15 20:59:30 | 00,019,916 | ---- | M] () -- C:\WINDOWS\System32\pexy.ban
[2009/08/15 20:59:30 | 00,019,052 | ---- | M] () -- C:\WINDOWS\pikozoqe.vbs
[2009/08/15 20:59:30 | 00,018,274 | ---- | M] () -- C:\WINDOWS\ufef.lib
[2009/08/15 20:59:30 | 00,016,129 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gibyru.bin
[2009/08/15 20:59:30 | 00,015,796 | ---- | M] () -- C:\WINDOWS\System32\qunoha.reg
[2009/08/15 20:59:30 | 00,015,760 | ---- | M] () -- C:\WINDOWS\vodedyb.dl
[2009/08/15 20:59:30 | 00,015,666 | ---- | M] () -- C:\WINDOWS\System32\cogy.bat
[2009/08/15 20:59:30 | 00,015,533 | ---- | M] () -- C:\WINDOWS\hugecitu.bat
[2009/08/15 20:59:30 | 00,015,530 | ---- | M] () -- C:\Program Files\Common Files\osup.dl
[2009/08/15 20:59:30 | 00,014,939 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\otiqukiq.com
[2009/08/15 20:59:30 | 00,012,162 | ---- | M] () -- C:\Program Files\Common Files\uqaf.pif
[2009/08/15 20:59:30 | 00,011,167 | ---- | M] () -- C:\WINDOWS\System32\venut.db
[2009/08/15 00:02:25 | 00,019,843 | ---- | M] () -- C:\Program Files\Common Files\noludy.lib
[2009/08/15 00:02:25 | 00,017,545 | ---- | M] () -- C:\WINDOWS\ydahynujo.dl
[2009/08/15 00:02:25 | 00,016,946 | ---- | M] () -- C:\Program Files\Common Files\suxuv.bin
[2009/08/15 00:02:25 | 00,016,680 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\yqodolowo.scr
[2009/08/15 00:02:25 | 00,016,068 | ---- | M] () -- C:\Program Files\Common Files\etax.dll
[2009/08/15 00:02:25 | 00,013,942 | ---- | M] () -- C:\WINDOWS\System32\otax.dl
[2009/08/15 00:02:25 | 00,013,230 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yzysydob._dl
[2009/08/15 00:02:25 | 00,013,038 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\uxyridu.bin
[2009/08/15 00:02:25 | 00,011,456 | ---- | M] () -- C:\WINDOWS\rawumow.dat
[2009/08/15 00:02:25 | 00,011,094 | ---- | M] () -- C:\WINDOWS\jywewagal.bat
[2009/08/15 00:02:25 | 00,010,628 | ---- | M] () -- C:\WINDOWS\System32\ohujy._sy
[2009/08/15 00:02:25 | 00,010,104 | ---- | M] () -- C:\WINDOWS\nasidaxi.bat
[2009/08/15 00:02:24 | 00,018,500 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ekafy.bat
[2009/08/15 00:02:24 | 00,016,487 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\juno.vbs
[2009/08/15 00:02:24 | 00,014,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yven.reg
[2009/08/15 00:02:24 | 00,013,070 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\syvelu.lib
[2009/08/13 23:07:48 | 00,018,982 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\uleze.sys
[2009/08/13 23:07:48 | 00,017,425 | ---- | M] () -- C:\WINDOWS\System32\xuhugep.reg
[2009/08/13 23:07:48 | 00,017,361 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ubumup.scr
[2009/08/13 23:07:48 | 00,015,737 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\povafohefu.bin
[2009/08/13 23:07:48 | 00,015,381 | ---- | M] () -- C:\WINDOWS\ogewama.vbs
[2009/08/13 23:07:48 | 00,013,449 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\isubuvo.pif
[2009/08/13 23:07:48 | 00,013,401 | ---- | M] () -- C:\WINDOWS\System32\omuqubaram.pif
[2009/08/13 23:07:48 | 00,013,140 | ---- | M] () -- C:\WINDOWS\mylew.bin
[2009/08/13 23:07:48 | 00,013,099 | ---- | M] () -- C:\WINDOWS\System32\cohodolaw.reg
[2009/08/13 23:07:48 | 00,012,776 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\jepufiqeh.dl
[2009/08/13 23:07:48 | 00,012,405 | ---- | M] () -- C:\WINDOWS\System32\maqisyryxy.lib
[2009/08/13 23:07:48 | 00,012,158 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\nuqudepa.ban
[2009/08/13 23:07:48 | 00,010,031 | ---- | M] () -- C:\Program Files\Common Files\gimuzy.ban
[2009/08/13 04:03:15 | 00,019,429 | ---- | M] () -- C:\WINDOWS\System32\aqadikem.dll
[2009/08/13 04:03:15 | 00,019,280 | ---- | M] () -- C:\WINDOWS\ogery.reg
[2009/08/13 04:03:15 | 00,018,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yvigohe.dll
[2009/08/13 04:03:15 | 00,018,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\egawubeky.exe
[2009/08/13 04:03:15 | 00,017,907 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\byzynyq.vbs
[2009/08/13 04:03:15 | 00,017,297 | ---- | M] () -- C:\WINDOWS\cimig._sy
[2009/08/13 04:03:15 | 00,016,642 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\wimyhawa.reg
[2009/08/13 04:03:15 | 00,016,194 | ---- | M] () -- C:\WINDOWS\ivucyryha.lib
[2009/08/13 04:03:15 | 00,015,923 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\nufyxo._sy
[2009/08/13 04:03:15 | 00,014,650 | ---- | M] () -- C:\WINDOWS\System32\dekomazux.exe
[2009/08/13 04:03:15 | 00,014,041 | ---- | M] () -- C:\WINDOWS\fivety.com
[2009/08/13 04:03:15 | 00,012,441 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\kiwe.bat
[2009/08/13 04:03:15 | 00,012,200 | ---- | M] () -- C:\WINDOWS\System32\zebydoq.pif
[2009/08/13 04:03:15 | 00,011,754 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\onyfaz.dat
[2009/08/13 04:03:15 | 00,010,750 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\lydar.reg
[2009/08/12 19:06:22 | 00,000,276 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/12 09:01:41 | 00,019,946 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ewacyzifo.vbs
[2009/08/12 09:01:41 | 00,019,546 | ---- | M] () -- C:\WINDOWS\pudimoz.sys
[2009/08/12 09:01:41 | 00,016,175 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\telaw.vbs
[2009/08/12 09:01:41 | 00,014,734 | ---- | M] () -- C:\WINDOWS\enumomedi.dl
[2009/08/12 09:01:41 | 00,013,512 | ---- | M] () -- C:\WINDOWS\System32\sufacis.dl
[2009/08/12 09:01:41 | 00,012,937 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madotokix._sy
[2009/08/12 09:01:41 | 00,011,932 | ---- | M] () -- C:\Program Files\Common Files\upox._sy
[2009/08/12 09:01:41 | 00,010,778 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\raru.vbs
[2009/08/12 09:01:41 | 00,010,563 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dytuz.inf

========== LOP Check ==========

[2009/08/16 13:41:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2006/09/04 21:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3ABF525B-E983-4C94-A5A3-0BD38AD30839}
[2006/09/04 21:51:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B4AFB535-25EC-4A60-8CFC-98C6F6B36088}
[2007/03/15 22:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2003/06/05 18:48:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/04/18 22:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2008/02/28 19:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2003/04/04 09:01:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2003/03/26 00:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2003/06/24 20:20:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2008/01/30 00:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/08/15 23:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2004/01/03 16:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/13 17:30:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/08/16 16:04:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\esonia orozco\Application Data
[2007/08/18 22:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\Corel
[2007/04/18 22:29:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\CVS
[2005/12/03 19:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\CyberLink
[2007/11/24 18:46:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\FUJIFILM
[2007/06/15 07:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\GOODSEARCH
[2005/02/16 23:30:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\Leadertech
[2005/07/25 21:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\MSN6
[2006/04/16 18:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\PhotoWorks
[2006/02/10 11:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\Research In Motion
[2008/07/04 09:01:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\Rex-Services
[2006/04/16 18:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\Seven Zip
[2008/07/04 09:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\Skinux
[2005/02/14 22:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\SmartDraw
[2008/07/07 21:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\Snapfish
[2007/08/15 23:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\Ulead Systems
[2009/05/17 21:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\Viewpoint
[2008/11/15 16:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\W Photo Studio Viewer
[2008/07/13 17:32:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\esonia orozco\Application Data\ZoomBrowser EX
[2009/08/04 12:31:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/08/21 21:40:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

======================= EXTRA.TXT ===============================
OTL Extras logfile created on: 8/22/2009 7:50:08 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\esonia orozco\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 260.84 Mb Available Physical Memory | 51.10% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 70.26% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 2.10 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D5Q48M21
Current User Name: esonia orozco
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{225DA7CB-C773-4F68-8068-184C4082C2F1}" = Scrapbook Factory Deluxe
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}" = MySoftware Fonts
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142110}" = Java 2 Runtime Environment, SE v1.4.2_11
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6

"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9770A25C-45A7-478E-AF50-4FDE53EED270}" = American Greetings CreataCard Select 6
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AB856C83-7CA0-4EB5-8D86-792B29EB4A10}" = MyDataBase
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BC019EBE-613F-491F-9A83-08E3E8A74CE6}" = EarthLink Free Trial
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E0150C73-3138-4FD2-B038-7F2637C9B5C7}" = CVS Photo Editor Plus
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E0F1D3B6-F50E-49AE-A942-FFDFFA16F9A9}" = PhotoStreamer 2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Blue Water Dolphins Demo-cs" = Blue Water Dolphins Demo-cs Screen Saver
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K DF PCI Modem
"CSCLIB" = Canon Camera Support Core Library
"Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
"EOS Utility" = Canon Utilities EOS Utility
"goodsearch" = goodsearch
"Home Improvement 1-2-3" = Home Improvement 1-2-3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PhotoStitch" = Canon Utilities PhotoStitch
"PhotoStreamer 2" = PhotoStreamer 2
"QVP" = Quick View Plus
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"TGTB" = WIN Tools
"ViewpointMediaPlayer" = Viewpoint Media Player
"VPTB" = WIN Tools
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WordPerfect Office 2002" = WordPerfect Office 2002
"World Book 2001" = World Book 2001
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2009 6:23:25 PM | Computer Name = D5Q48M21 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module unknown, version 0.0.0.0, fault address 0x1000480b.

Error - 8/21/2009 6:23:27 PM | Computer Name = D5Q48M21 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module unknown, version 0.0.0.0, fault address 0x1000480b.

Error - 8/21/2009 6:24:42 PM | Computer Name = D5Q48M21 | Source = Application Error | ID = 1001
Description = Fault bucket 1386927935.

Error - 8/21/2009 6:37:50 PM | Computer Name = D5Q48M21 | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB.
Verify that the file exists and that you can access it.

Error - 8/21/2009 6:37:57 PM | Computer Name = D5Q48M21 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 8/21/2009 7:00:32 PM | Computer Name = D5Q48M21 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module lib.dll, version 9.0.1.1, fault address 0x00015469.

Error - 8/21/2009 7:14:56 PM | Computer Name = D5Q48M21 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 8/21/2009 7:20:09 PM | Computer Name = D5Q48M21 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00028c0b.

Error - 8/21/2009 7:20:26 PM | Computer Name = D5Q48M21 | Source = Application Error | ID = 1000
Description = Faulting application DRWTSN32.EXE, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 8/21/2009 7:21:25 PM | Computer Name = D5Q48M21 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/21/2009 6:16:23 PM | Computer Name = D5Q48M21 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 8/21/2009 6:38:07 PM | Computer Name = D5Q48M21 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Office 2003 Service Pack 3 (SP3).

Error - 8/21/2009 7:15:05 PM | Computer Name = D5Q48M21 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 8/21/2009 8:43:40 PM | Computer Name = D5Q48M21 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 8/21/2009 9:00:07 PM | Computer Name = D5Q48M21 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 000BDB0F6F47 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 8/21/2009 9:21:10 PM | Computer Name = D5Q48M21 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 8/21/2009 9:36:26 PM | Computer Name = D5Q48M21 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 8/21/2009 9:37:29 PM | Computer Name = D5Q48M21 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 8/21/2009 9:41:11 PM | Computer Name = D5Q48M21 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 8/21/2009 9:56:24 PM | Computer Name = D5Q48M21 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.


< End of report >
  • 0

Advertisements

#2
ebgenus
Posted 22 August 2009 - 06:32 AM

ebgenus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I forgot the Kepersky file. Here you go:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 22, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 22, 2009 04:21:40
Records in database: 2674329
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 119911
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 03:47:13


File name / Threat / Threats count
C:\Documents and Settings\Mr. Orozco\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b44b06f-26216a9e.zip Infected: Exploit.Java.Gimsh.b 1
C:\Temp\WinCtlAdInstPack.exe Infected: not-a-virus:AdWare.Win32.WinAD.f 1
C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll Infected: not-a-virus:AdWare.Win32.Gator.1019 1

Selected area has been scanned.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP