Troj/Virtum-Gen on my Computer~ [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Troj/Virtum-Gen on my Computer~ [Solved]

#1 bossfan91

Group: Member
Posts: 8
Joined: 05-November 09

Posted 05 November 2009 - 11:47 PM

Hi there. In a recent sweep of my computer, using Webroot AntiVirus Spy Sweeper, it showed that I had Troj/Virtum-Gen and Virtumonde on my computer. I tried to quarantine them, but they kept coming back.I've done some research on the virus, and I know that a simple quarantine will not fully delete it. I just downloaded Highjack This, hoping it would be of some help. The HJT log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:54 AM, on 11/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.v.../main/vzcentral
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe" /boot
O4 - HKLM\..\Run: [DLCCCATS] "rundll32" C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [yayulunov] Rundll32.exe "c:\windows\system32\kejajumo.dll",a
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: badusuke.dll c:\windows\system32\kejajumo.dll
O21 - SSODL: romuvodun - {5c04d51f-f296-4763-ab9b-1b5ecf350f7c} - c:\windows\system32\kejajumo.dll
O22 - SharedTaskScheduler: kupuhivus - {0c54be08-c61a-46d3-b9cd-dc99f03ae539} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {6e546ce4-a7b9-4a3a-9d38-d585de04542e} - (no file)
O22 - SharedTaskScheduler: jugezatag - {5c04d51f-f296-4763-ab9b-1b5ecf350f7c} - c:\windows\system32\kejajumo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 6871 bytes

It may be of note that my computer has not been noticeably slower, and there have only been minimal pop ups. I also downloaded Trojan Remover and Vundofix. Vundofix said there were no infected files on my computer, but I tend to doubt that. If this is in the wrong forum, I apologize. I am not the most computer savvy person, so please bear with me. This has been driving me nuts for the past week and any help would be appreciated. Thank you!

#2 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 06 November 2009 - 01:31 PM

Hello bossfan91 and welcome to GeeksToGo.
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
Please do no attach logs or post them in Quote/Code boxes unless requested.
When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
If in doubt about anything, please ask.

Can you please go to the Malware and Spyware Cleaning Guide and follow the steps in the guide.

These steps will remove the majority of infections. If you still need assistance, post the following logs in a reply to this topic.

1. RootRepeal log
2. Malwarebytes log
3. OTL logs

#3 bossfan91

Group: Member
Posts: 8
Joined: 05-November 09

Posted 06 November 2009 - 08:19 PM

Thanks for the reply. Malwarebyte's seemed to remove every file, but it said it could not delete two of them. Here is the malawarebytes log, the RootRepeal log and the OLT logs:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

11/6/2009 3:38:03 PM
mbam-log-2009-11-06 (15-38-03).txt

Scan type: Quick Scan
Objects scanned: 103739
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\yudufiyo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\goyetude.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bdf8d61d-3fe6-4ae6-ab84-476615dea85f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yayulunov (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{bdf8d61d-3fe6-4ae6-ab84-476615dea85f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fapalovaw (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yudufiyo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yudufiyo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\yudufiyo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\badusuke.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fusigoka.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kiropevu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\momayabe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dowikabu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gajiname.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goyetude.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hiniripa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lesohufu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nejefiju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\papubovu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pubulasi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\woheluba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

RR Log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/06 15:53
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA348000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B1C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8A1C000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x865c6fa8

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x865a57a8

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x8659e190

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x86569200

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x86568628

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x865de188

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x8659e208

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x865c6020

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x865c6eb8

#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x8659e6c0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x865684c0

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x865df250

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x86568718

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x86568538

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x8659f238

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x865686a0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x86568448

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x86569188

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x865685b0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x865c6f30

==EOF==

OTL Log

OTL logfile created on: 11/6/2009 3:55:02 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 296.14 Mb Available Physical Memory | 29.20% Memory free
2.38 Gb Paging File | 1.93 Gb Available in Paging File | 81.13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 1524 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 35.38 Gb Free Space | 50.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNYBOY
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/06 15:54:36 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\My Documents\Downloads\OTL.exe
PRC - [2009/10/31 20:35:24 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/20 15:26:09 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2009/10/09 13:24:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/09 13:24:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/09/18 13:08:42 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/09/18 12:42:04 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/09/18 12:42:02 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2009/07/13 13:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/21 12:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 16:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/10/11 08:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/07/22 08:03:00 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2005/06/21 09:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2004/08/10 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

========== Modules (SafeList) ==========

MOD - [2009/11/06 15:54:36 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 06:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004/08/10 06:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\serwvdrv.dll
MOD - [2004/08/10 06:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umdmxfrm.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/10/20 15:26:09 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/09/18 12:42:04 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/05/17 16:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/12/15 15:02:21 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2005/10/11 08:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/06/21 09:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/10 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999/12/13 16:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://netservices.v.../main/vzcentral
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/04 11:03:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 08:09:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 08:09:04 | 00,000,000 | ---D | M]

[2009/05/29 23:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2009/05/29 23:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/01 14:50:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\extensions
[2009/09/27 22:42:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/04 17:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/11/23 20:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009/04/05 21:28:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/11/01 00:08:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 08:09:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/26 21:12:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/10/29 08:08:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 08:08:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/30 16:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2008/09/26 11:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/10/29 08:08:57 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/07/24 00:45:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/07/24 00:45:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/07/24 00:45:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/07/24 00:45:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/07/24 00:45:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/07/24 00:45:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/07/24 00:45:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/03/07 18:18:00 | 00,002,038 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml
[2009/05/29 23:56:49 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/05/29 23:56:49 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/05/29 23:56:49 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/05/29 23:56:49 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/05/29 23:56:49 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/05/29 23:56:49 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/05/29 23:56:50 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (51 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\8qIIDaX7c.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (badusuke.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {0c54be08-c61a-46d3-b9cd-dc99f03ae539} - kupuhivus - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {6e546ce4-a7b9-4a3a-9d38-d585de04542e} - mujuzedij - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\Shell - "" = AutoRun
O33 - MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\Shell - "" = AutoRun
O33 - MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (찬몥粑) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 05:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: NtmlSvc - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/06 15:31:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/06 15:30:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/06 15:23:38 | 01,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Dan\My Documents\8qIIDaX7c.exe
[2009/11/06 15:23:07 | 01,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Dan\Desktop\8qIIDaX7c.exe
[2009/11/06 15:22:10 | 01,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Dan\Desktop\ZImId4O7Y.exe
[2009/11/06 15:02:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/06 15:02:10 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/06 00:05:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/02 22:48:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Simply Super Software
[2009/11/02 22:48:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/02 22:48:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009/11/02 22:48:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Simply Super Software
[2009/11/02 22:48:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/11/01 15:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/11/01 15:07:12 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/11/01 15:03:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/06 15:42:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/06 15:42:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/06 15:40:14 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/06 15:39:30 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\Dan\NTUSER.DAT
[2009/11/06 15:39:15 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan\ntuser.ini
[2009/11/06 15:31:17 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\lozumase
[2009/11/06 15:30:47 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2009/11/06 15:30:47 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2009/11/06 15:23:07 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Dan\My Documents\8qIIDaX7c.exe
[2009/11/06 15:23:07 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Dan\Desktop\8qIIDaX7c.exe
[2009/11/06 15:22:15 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Dan\Desktop\ZImId4O7Y.exe
[2009/11/06 15:12:25 | 00,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/06 15:06:58 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/06 15:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\tepwucfg.job
[2009/11/06 14:58:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/06 14:40:00 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3082972669-420718603-2511425773-1005UA.job
[2009/11/06 01:45:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/06 00:39:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\HijackThis.lnk
[2009/11/06 00:30:35 | 00,055,904 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/04 21:40:00 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3082972669-420718603-2511425773-1005Core.job
[2009/11/04 21:25:52 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/03 11:02:07 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Office Word 2003.lnk
[2009/11/03 00:22:01 | 00,000,557 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\My Sharing Folders.lnk
[2009/11/02 22:48:39 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2009/11/02 22:00:06 | 00,001,602 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_1A749F46055F4D72B72D4A20A5EE80D8.job
[2009/11/01 01:49:28 | 00,522,782 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 01:49:28 | 00,105,886 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 01:49:28 | 00,004,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/29 20:26:56 | 00,106,496 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Mandatos.ppt
[2009/10/25 23:24:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/10/25 23:24:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/06 15:30:47 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2009/11/06 15:30:47 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2009/11/06 15:16:08 | 10,634,07616 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/06 15:02:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/06 09:49:39 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\tepwucfg.job
[2009/11/06 00:39:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\HijackThis.lnk
[2009/11/02 22:48:39 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2009/11/02 22:48:34 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/11/02 22:48:34 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/11/02 22:48:33 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/11/02 22:48:33 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/29 20:26:56 | 00,106,496 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Mandatos.ppt
[2009/10/25 23:24:32 | 00,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2009/10/25 23:24:32 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2009/09/18 12:42:10 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/06 09:49:38 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\zezurula.dll
[2009/08/03 23:33:24 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\nebososu.dll
[2009/08/03 11:33:24 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\hugimizu.dll
[2009/08/02 10:32:58 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\nijopido.dll
[2009/08/01 13:23:44 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\fopijunu.dll
[2009/07/31 22:27:49 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\zibuweti.dll
[2009/07/31 22:27:49 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\kunologa.dll
[2009/07/31 10:27:49 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\jayoriji.dll
[2009/07/30 14:18:08 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\vepineto.dll
[2009/07/30 14:18:07 | 00,089,600 | -HS- | C] () -- C:\WINDOWS\System32\jonefede.dll
[2009/07/29 08:31:46 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\kafadogi.dll
[2009/01/03 23:47:56 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/05/24 20:44:35 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/13 06:18:32 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/15 12:49:49 | 00,013,940 | -HS- | C] () -- C:\WINDOWS\System32\vyadd.ini2
[2007/12/15 12:49:42 | 00,013,940 | -HS- | C] () -- C:\WINDOWS\System32\vyadd.ini
[2007/11/25 21:49:32 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2006/12/11 19:21:04 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/11 19:21:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/08/25 14:03:59 | 00,002,189 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/01/22 15:44:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/25 22:53:31 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/25 18:19:38 | 00,055,904 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/12/25 14:31:52 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\EnumDevLib.dll
[2005/12/25 10:09:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dan\Application Data\desktop.ini
[2005/12/25 10:09:01 | 02,111,998 | -H-- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\IconCache.db
[2005/12/25 10:09:01 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2005/12/15 15:17:09 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 15:08:47 | 00,000,195 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/15 15:02:50 | 00,005,872 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2005/12/15 14:29:52 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2005/12/15 14:29:52 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2005/12/15 14:29:52 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2005/12/15 14:29:52 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2005/12/15 14:29:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2005/12/15 14:29:52 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2005/12/15 14:29:52 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2005/12/15 14:29:52 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2005/12/15 14:29:52 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/12/15 14:29:52 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2005/12/15 14:29:50 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2005/12/15 14:29:50 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2005/12/15 14:29:50 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2005/12/15 14:29:50 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2005/12/15 14:29:50 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2005/12/15 14:29:50 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2005/12/15 14:29:48 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2005/12/15 14:29:48 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2005/12/15 14:29:46 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/12/15 14:29:36 | 00,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2005/12/15 14:29:36 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/12/15 14:28:34 | 01,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2005/12/15 14:27:32 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 05:18:43 | 00,000,789 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 05:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 15:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 18:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/03/07 18:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2005/08/16 21:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2006/12/11 16:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2009/11/02 22:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/01 10:50:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2009/11/04 21:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/07 18:17:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/16 16:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0B2B6CE1-83F3-4BD2-9CF7-F8688A75BA47}
[2009/07/24 00:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/01 10:48:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9ECEFAAC-75E3-4CC9-864C-D1071F1F0CDF}
[2009/09/01 10:51:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A6F22B7B-0306-4618-9CE3-02EC7A1F223D}
[2007/01/21 18:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\acccore
[2005/12/25 23:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Aim
[2008/12/01 18:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Amazon
[2006/04/26 16:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\COREL
[2006/06/03 14:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Corel Photo Album
[2006/05/28 11:43:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2007/11/23 20:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Megaupload
[2009/04/26 21:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\OpenOffice.org
[2007/12/25 09:53:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dan\Application Data\SecuROM
[2009/11/02 22:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Simply Super Software
[2007/08/25 08:48:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Smith Micro
[2009/09/01 10:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Stardock
[2009/07/17 23:20:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Viewpoint
[2009/11/06 14:58:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/06 01:45:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/11/06 15:42:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/06 15:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\tepwucfg.job
[2009/11/02 22:00:06 | 00,001,602 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_1A749F46055F4D72B72D4A20A5EE80D8.job

========== Purity Check ==========

[2007/12/15 12:46:13 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\aѕsembly\ASEMBL~1

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/10/02 15:31:32 | 00,204,800 | ---- | M] (Windows fax and image viewer.) -- C:\h06I2q.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/10 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/10 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Files - Unicode (All) ==========
[2007/12/15 12:46:09 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2007/12/15 13:48:38 | 00,000,000 | ---D | M](C:\Program Files\Common Files\a?sembly) -- C:\Program Files\Common Files\aѕsembly
[2006/12/11 17:01:08 | 00,000,000 | ---D | M](C:\Documents and Settings\Dan\My Documents\?ecurity) -- C:\Documents and Settings\Dan\My Documents\ѕecurity
[2006/11/08 19:16:54 | 00,000,000 | ---D | C](C:\Documents and Settings\Dan\My Documents\?ecurity) -- C:\Documents and Settings\Dan\My Documents\ѕecurity
[2006/12/28 23:34:19 | 00,000,000 | ---D | M](C:\Documents and Settings\Dan\My Documents\s?stem32) -- C:\Documents and Settings\Dan\My Documents\sуstem32
[2006/12/28 23:34:19 | 00,000,000 | ---D | C](C:\Documents and Settings\Dan\My Documents\s?stem32) -- C:\Documents and Settings\Dan\My Documents\sуstem32

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

OTL Extras logfile created on: 11/6/2009 3:55:02 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 296.14 Mb Available Physical Memory | 29.20% Memory free
2.38 Gb Paging File | 1.93 Gb Available in Paging File | 81.13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 1524 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 35.38 Gb Free Space | 50.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNYBOY
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1135569405\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1135569405\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1135569405\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1135569405\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\EA SPORTS\Madden NFL 06\updater.exe" = C:\Program Files\EA SPORTS\Madden NFL 06\updater.exe:*:Enabled:Updater -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\WINDOWS\system32\dlcccoms.exe" = C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:Dell 924 Server -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccPSWX.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccPSWX.EXE:*:Enabled:Dell 924 Printer Status -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Stardock Games\The Political Machine 2008 Express\PolMachine2008Express.exe" = C:\Program Files\Stardock Games\The Political Machine 2008 Express\PolMachine2008Express.exe:*:Enabled:The Political Machine 2008 -- (Stardock)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" = C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe:*:Enabled:SpySweeper -- (Webroot Software, Inc. (www.webroot.com))
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService -- (Apple Inc.)
"C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe" = C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe:*:Enabled:WRConsumerService -- (Webroot Software, Inc. )

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{152D98A0-1A4A-11DE-72AE-0C3234F92CD6}" = Baseball Mogul 2010 DEMO
"{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3B73666D-49F4-41A0-9D08-CD8CF3FD22AD}" = The Political Machine 2008 Express
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{448F1553-2A5C-432A-AD4F-FA3C203A682A}" = Baseball Mogul 2009 DEMO
"{44AFDB86-1509-4CDC-9B2E-1C73B2DEE5F0}" = Mobile Broadband Drivers
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{55209711-652B-4560-00AB-53D9DB7D73AF}" = NFL Head Coach
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746EC26B-9A80-4FD5-9861-545E0CD2A795}" = Mega Manager
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C93CE61-2752-43C9-A72A-EF8145AE634D}" = Baseball Mogul 2007
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A3071D0-B51E-11DD-72AE-01EFE8642CD6}" = Baseball Mogul 2009
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Baseball Mogul 2009 DEMO" = Baseball Mogul 2009 DEMO
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"GTRemote Client" = DellConnect
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Impulse" = Impulse
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"P4E8_DEMO_is1" = President Forever 2008 + Primaries Demo - v. 1.6.0.7
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Political Machine 2008 Express" = The Political Machine 2008 Express
"The Political Machine Demo" = The Political Machine Demo
"Trojan Remover_is1" = Trojan Remover 6.8.1
"Unlocker" = Unlocker 1.8.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2009 3:04:29 PM | Computer Name = DANNYBOY | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 10/29/2009 8:14:38 AM | Computer Name = DANNYBOY | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 10/29/2009 10:22:13 PM | Computer Name = DANNYBOY | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 10/30/2009 3:17:56 PM | Computer Name = DANNYBOY | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 10/31/2009 11:27:39 AM | Computer Name = DANNYBOY | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 11/1/2009 2:45:06 AM | Computer Name = DANNYBOY | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 11/1/2009 2:49:24 AM | Computer Name = DANNYBOY | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 11/1/2009 2:49:24 AM | Computer Name = DANNYBOY | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/1/2009 2:23:34 PM | Computer Name = DANNYBOY | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 11/1/2009 4:18:23 PM | Computer Name = DANNYBOY | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

[ System Events ]
Error - 11/6/2009 4:14:00 PM | Computer Name = DANNYBOY | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/6/2009 4:14:00 PM | Computer Name = DANNYBOY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 11/6/2009 4:14:28 PM | Computer Name = DANNYBOY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/6/2009 4:14:28 PM | Computer Name = DANNYBOY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/6/2009 4:14:30 PM | Computer Name = DANNYBOY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/6/2009 4:15:02 PM | Computer Name = DANNYBOY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/6/2009 4:16:13 PM | Computer Name = DANNYBOY | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 11/6/2009 4:16:25 PM | Computer Name = DANNYBOY | Source = Service Control Manager | ID = 7024
Description = The Media Center Extender Service service terminated with service-specific
error 2147500037 (0x80004005).

Error - 11/6/2009 4:42:03 PM | Computer Name = DANNYBOY | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 11/6/2009 4:42:12 PM | Computer Name = DANNYBOY | Source = Service Control Manager | ID = 7024
Description = The Media Center Extender Service service terminated with service-specific
error 2147500037 (0x80004005).

< End of report >

Thanks again!

#4 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 07 November 2009 - 02:58 AM

Hi,

Please follow these steps.

-- Step 1 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O20 - AppInit_DLLs: (badusuke.dll) - File not found
O22 - SharedTaskScheduler: {0c54be08-c61a-46d3-b9cd-dc99f03ae539} - kupuhivus - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {6e546ce4-a7b9-4a3a-9d38-d585de04542e} - mujuzedij - Reg Error: Key error. File not found
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\Shell - "" = AutoRun
O33 - MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\Shell - "" = AutoRun
O33 - MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
[2009/11/06 15:31:17 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\lozumase
[2009/11/06 15:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\tepwucfg.job
[2009/08/06 09:49:38 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\zezurula.dll
[2009/08/03 23:33:24 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\nebososu.dll
[2009/08/03 11:33:24 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\hugimizu.dll
[2009/08/02 10:32:58 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\nijopido.dll
[2009/08/01 13:23:44 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\fopijunu.dll
[2009/07/31 22:27:49 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\zibuweti.dll
[2009/07/31 22:27:49 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\kunologa.dll
[2009/07/31 10:27:49 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\jayoriji.dll
[2009/07/30 14:18:08 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\vepineto.dll
[2009/07/30 14:18:07 | 00,089,600 | -HS- | C] () -- C:\WINDOWS\System32\jonefede.dll
[2009/07/29 08:31:46 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\kafadogi.dll
[2007/12/15 12:49:49 | 00,013,940 | -HS- | C] () -- C:\WINDOWS\System32\vyadd.ini2
[2007/12/15 12:49:42 | 00,013,940 | -HS- | C] () -- C:\WINDOWS\System32\vyadd.ini

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

-- Step 2 --

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

-- Step 3 --

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\h06I2q.exe
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

#5 bossfan91

Group: Member
Posts: 8
Joined: 05-November 09

Posted 07 November 2009 - 03:44 PM

Hi,

Here is the logs of the OTL, ComboFix and the virus scan. The virus scan would not let me save it to the clipboard, so I have attatched the link instead. If this is a problem, please let me know.

OTL Log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:badusuke.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0c54be08-c61a-46d3-b9cd-dc99f03ae539} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c54be08-c61a-46d3-b9cd-dc99f03ae539}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{6e546ce4-a7b9-4a3a-9d38-d585de04542e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e546ce4-a7b9-4a3a-9d38-d585de04542e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ not found.
File E:\LaunchU3.exe not found.
C:\WINDOWS\system32\lozumase moved successfully.
C:\WINDOWS\tasks\tepwucfg.job moved successfully.
C:\WINDOWS\system32\zezurula.dll moved successfully.
C:\WINDOWS\system32\nebososu.dll moved successfully.
C:\WINDOWS\system32\hugimizu.dll moved successfully.
C:\WINDOWS\system32\nijopido.dll moved successfully.
C:\WINDOWS\system32\fopijunu.dll moved successfully.
C:\WINDOWS\system32\zibuweti.dll moved successfully.
C:\WINDOWS\system32\kunologa.dll moved successfully.
C:\WINDOWS\system32\jayoriji.dll moved successfully.
C:\WINDOWS\system32\vepineto.dll moved successfully.
C:\WINDOWS\system32\jonefede.dll moved successfully.
File C:\WINDOWS\System32\kafadogi.dll not found.
C:\WINDOWS\system32\vyadd.ini2 moved successfully.
C:\WINDOWS\system32\vyadd.ini moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Program Files\Common Files\aѕsembly\ASEMBL~1 folder moved successfully.
C:\Program Files\Common Files\aѕsembly folder moved successfully.
C:\Program Files\Common Files\ѕуstem32 folder moved successfully.
C:\Documents and Settings\Dan\My Documents\ѕecurity folder moved successfully.
C:\Documents and Settings\Dan\My Documents\sуstem32 folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dan
->Temp folder emptied: 109348715 bytes
->Temporary Internet Files folder emptied: 48851684 bytes
->Java cache emptied: 4332585 bytes
->FireFox cache emptied: 29792417 bytes
->Google Chrome cache emptied: 361346434 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 120095 bytes
RecycleBin emptied: 24528155 bytes

Total Files Cleaned = 551.59 mb

OTL by OldTimer - Version 3.1.4.0 log created on 11072009_153621

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

The Combo-Fix Log:

ComboFix 09-11-07.02 - Dan 11/07/2009 16:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.535 [GMT -5:00]
Running from: c:\documents and settings\Dan\My Documents\Downloads\Combo-Fix.exe
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
c:\windows\system32\abc2
c:\windows\system32\Data
c:\windows\system32\ex1
c:\windows\system32\ineWc01
c:\windows\system32\oc9
c:\windows\system32\shel9
c:\windows\system32\wcpcc.exe

----- BITS: Possible infected sites -----

hxxp://77.74.48.111
.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 20:36 . 2009-11-07 20:36 -------- d-----w- C:\_OTL
2009-11-07 02:33 . 2009-11-07 21:09 -------- d-----w- c:\documents and settings\Dan\Tracing
2009-11-07 02:32 . 2009-11-07 02:32 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-07 02:30 . 2009-11-07 02:30 -------- d-----w- c:\program files\Microsoft
2009-11-07 02:29 . 2009-11-07 02:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-06 20:30 . 2009-11-06 20:30 -------- d-----w- c:\program files\ERUNT
2009-11-06 20:02 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 20:02 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 05:05 . 2009-11-06 05:05 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-05 02:12 . 2009-09-21 20:59 3101560 ----a-w- c:\documents and settings\Dan\Application Data\Simply Super Software\Trojan Remover\fad1.exe
2009-11-03 03:48 . 2009-11-05 02:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-03 03:48 . 2006-06-19 18:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-03 03:48 . 2006-05-25 20:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-03 03:48 . 2005-08-26 06:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-03 03:48 . 2003-02-03 01:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-03 03:48 . 2002-03-06 06:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-03 03:48 . 2009-11-03 03:48 -------- d-----w- c:\program files\Trojan Remover
2009-11-03 03:48 . 2009-11-03 03:48 -------- d-----w- c:\documents and settings\Dan\Application Data\Simply Super Software
2009-11-03 03:48 . 2009-11-03 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-11-01 20:37 . 2009-11-03 03:23 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-01 20:07 . 2009-11-01 20:07 -------- d-----w- C:\VundoFix Backups
2009-11-01 20:03 . 2009-11-06 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 12:20 . 2009-10-05 19:11 2314768 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AIMLang.exe
2009-10-29 12:20 . 2009-10-05 19:11 3547096 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AIMinst.exe
2009-10-20 20:25 . 2009-10-20 20:25 -------- d-----w- c:\program files\MSSOAP
2009-10-20 20:25 . 2009-09-18 18:08 1563008 ----a-w- c:\windows\WRSetup.dll
2009-10-20 20:19 . 2009-10-20 20:19 164 ----a-w- c:\windows\install.dat
2009-10-20 20:09 . 2009-11-07 20:50 -------- d-----w- c:\windows\system32\NtmsData
2009-10-20 19:46 . 2009-10-20 19:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Webroot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 02:32 . 2009-01-04 04:30 -------- d-----w- c:\program files\Windows Live
2009-11-07 02:32 . 2009-01-04 04:35 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-06 05:39 . 2006-12-11 23:16 -------- d-----w- c:\program files\Trend Micro
2009-11-06 05:30 . 2005-12-25 23:19 55904 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 18:00 . 2006-01-25 00:05 -------- d-----w- c:\program files\Dl_cats
2009-10-23 03:00 . 2006-12-11 23:55 -------- d-----w- c:\documents and settings\Dan\Application Data\Webroot
2009-10-20 20:28 . 2006-12-12 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-10-20 20:03 . 2005-12-15 20:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 20:02 . 2009-01-04 21:58 -------- d-----w- c:\program files\Yahoo!
2009-10-20 19:47 . 2006-12-11 22:04 -------- d-----w- c:\program files\CCleaner
2009-10-08 18:15 . 2009-10-07 21:41 -------- d-----w- c:\documents and settings\Dan\Application Data\Move Networks
2009-10-08 02:07 . 2005-12-25 19:29 -------- d-----w- c:\documents and settings\Dan\Application Data\AdobeUM
2009-10-07 21:41 . 2009-10-07 21:41 127872 ----a-w- c:\documents and settings\Dan\Application Data\Move Networks\uninstall.exe
2009-10-07 21:41 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Dan\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-10-05 19:11 . 2009-10-29 12:21 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\unregister.bat
2009-10-05 19:11 . 2009-10-29 12:21 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\register.bat
2009-10-05 19:11 . 2009-10-29 12:21 180824 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\dlupd.exe
2009-10-05 19:11 . 2009-10-29 12:21 97128 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\bsetutil.exe
2009-10-05 19:11 . 2009-10-29 12:21 30568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\Uninstaller.exe
2009-10-05 19:11 . 2009-10-29 12:21 11624 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\tbinst.dll
2009-10-05 19:11 . 2009-10-29 12:21 111976 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AOLSearch.dll
2009-10-05 19:11 . 2009-10-29 12:21 404568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\tbsetup.exe
2009-10-05 19:11 . 2009-10-29 12:21 243048 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\migrator.exe
2009-10-05 19:11 . 2009-10-29 12:21 1225352 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\msvc9rt.exe
2009-10-05 19:11 . 2009-10-29 12:21 10088 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\imappver.dll
2009-10-05 19:10 . 2009-10-29 12:21 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\ProgUpd.dll
2009-10-05 19:10 . 2009-10-29 12:21 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\postproc.exe
2009-10-05 19:10 . 2009-10-29 12:21 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\setup.exe
2009-10-05 19:10 . 2009-10-29 12:21 1025384 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\gui.dll
2009-10-05 19:10 . 2009-10-29 12:21 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AOLFirewallMgr.dll
2009-10-02 21:22 . 2009-10-02 21:21 -------- d-----w- c:\program files\Unlocker
2009-10-02 20:31 . 2009-10-02 20:31 204800 ----a-w- C:\h06I2q.exe
2009-09-28 05:34 . 2008-07-20 19:47 -------- d-----w- c:\documents and settings\Dan\Application Data\Skype
2009-09-20 01:24 . 2009-09-20 01:24 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2009-09-20 01:23 . 2009-09-20 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-18 17:42 . 2006-12-12 00:21 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-09-18 17:42 . 2009-09-18 17:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-09-18 17:42 . 2006-12-12 00:21 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-09-01 00:21 . 2009-09-01 00:21 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-14 21:04 . 2009-08-14 21:04 239088 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-09-18 18:02 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"Google Update"="c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-16 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\8qIIDaX7c.exe" [2009-11-06 1312080]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-09-18 6515784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ?????

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Dan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Stardock Games\\The Political Machine 2008 Express\\PolMachine2008Express.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\WRConsumerService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [9/18/2009 12:42 PM 29808]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/25/2005 2:31 PM 66048]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/7/2009 6:17 PM 24652]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/20/2009 3:26 PM 1201640]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 2:02 PM 287232]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [12/25/2005 2:31 PM 112384]
S3 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082972669-420718603-2511425773-1005Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-16 23:44]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082972669-420718603-2511425773-1005UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-16 23:44]

2009-01-04 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]

2009-05-27 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
- c:\windows\vVX3000.exe [2009-01-04 21:46]

2009-11-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-11-03 c:\windows\Tasks\wrSpySweeper_1A749F46055F4D72B72D4A20A5EE80D8.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-12-12 18:08]

2009-11-03 c:\windows\Tasks\wrSpySweeper_1A749F46055F4D72B72D4A20A5EE80D8.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-12-12 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://netservices.verizon.net/portal/link/main/vzcentral
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Dan\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - d:\malware\Utilities\Trend Micro\HijackThis\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 16:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3632)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dlcccoms.exe
c:\program files\iPod\bin\iPodService.exe
c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Webroot\Spy Sweeper\SSU.EXE
.
**************************************************************************
.
Completion time: 2009-11-07 16:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 21:14

Pre-Run: 38,302,437,376 bytes free
Post-Run: 38,171,488,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - DF5F82BEAEF69AF6F7C07A76E965F60A

And the Virus Scan link:

http://virscan.org/report/37fc6d1166af148d...d9ebe9733b.html

#6 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 07 November 2009 - 04:44 PM

Hello,

The link was fine. Please follow these steps and then give me an update on how your computer's running.

-- Step 1 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Services

:Reg

:Files
C:\h06I2q.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

-- Step 2 --

Run Malwarebytes' Anti-Malware.

Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
Select the Scanner tab, select "Perform full scan", then click Scan
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

-- Step 3 --

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

-- Step 4 --

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

#7 bossfan91

Group: Member
Posts: 8
Joined: 05-November 09

Posted 07 November 2009 - 11:50 PM

Hi,

My computer seems to be running great, and seems to be a bit faster. I don't know how to tell for sure if the virus is gone, but it does seem to be better. Here are the logs:

OTL Log:

ll processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:badusuke.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0c54be08-c61a-46d3-b9cd-dc99f03ae539} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c54be08-c61a-46d3-b9cd-dc99f03ae539}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{6e546ce4-a7b9-4a3a-9d38-d585de04542e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e546ce4-a7b9-4a3a-9d38-d585de04542e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e21ba7-8963-11db-8e7a-000fb5cc1b39}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee05b6ab-8ff8-11dd-91d7-000fb5cc1b39}\ not found.
File E:\LaunchU3.exe not found.
C:\WINDOWS\system32\lozumase moved successfully.
C:\WINDOWS\tasks\tepwucfg.job moved successfully.
C:\WINDOWS\system32\zezurula.dll moved successfully.
C:\WINDOWS\system32\nebososu.dll moved successfully.
C:\WINDOWS\system32\hugimizu.dll moved successfully.
C:\WINDOWS\system32\nijopido.dll moved successfully.
C:\WINDOWS\system32\fopijunu.dll moved successfully.
C:\WINDOWS\system32\zibuweti.dll moved successfully.
C:\WINDOWS\system32\kunologa.dll moved successfully.
C:\WINDOWS\system32\jayoriji.dll moved successfully.
C:\WINDOWS\system32\vepineto.dll moved successfully.
C:\WINDOWS\system32\jonefede.dll moved successfully.
File C:\WINDOWS\System32\kafadogi.dll not found.
C:\WINDOWS\system32\vyadd.ini2 moved successfully.
C:\WINDOWS\system32\vyadd.ini moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Program Files\Common Files\aѕsembly\ASEMBL~1 folder moved successfully.
C:\Program Files\Common Files\aѕsembly folder moved successfully.
C:\Program Files\Common Files\ѕуstem32 folder moved successfully.
C:\Documents and Settings\Dan\My Documents\ѕecurity folder moved successfully.
C:\Documents and Settings\Dan\My Documents\sуstem32 folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dan
->Temp folder emptied: 109348715 bytes
->Temporary Internet Files folder emptied: 48851684 bytes
->Java cache emptied: 4332585 bytes
->FireFox cache emptied: 29792417 bytes
->Google Chrome cache emptied: 361346434 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 120095 bytes
RecycleBin emptied: 24528155 bytes

Total Files Cleaned = 551.59 mb

OTL by OldTimer - Version 3.1.4.0 log created on 11072009_153621

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.41
Database version: 3120
Windows 5.1.2600 Service Pack 2

11/7/2009 11:18:53 PM
mbam-log-2009-11-07 (23-18-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201274
Time elapsed: 43 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\_OTL\MovedFiles\11072009_153621\C_WINDOWS\system32\fopijunu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_153621\C_WINDOWS\system32\hugimizu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_153621\C_WINDOWS\system32\jayoriji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_153621\C_WINDOWS\system32\jonefede.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_153621\C_WINDOWS\system32\kunologa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_153621\C_WINDOWS\system32\nebososu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_153621\C_WINDOWS\system32\nijopido.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_153621\C_WINDOWS\system32\vepineto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_153621\C_WINDOWS\system32\zezurula.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_153621\C_WINDOWS\system32\zibuweti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11072009_220940\C_\h06I2q.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

OTL Log:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\h06I2q.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dan
->Temp folder emptied: 437772 bytes
->Temporary Internet Files folder emptied: 1825873 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19681234 bytes
->Google Chrome cache emptied: 197427055 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 887296 bytes
RecycleBin emptied: 21749601 bytes

Total Files Cleaned = 230.83 mb

OTL by OldTimer - Version 3.1.4.0 log created on 11072009_220940

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\36fb4a50.$$$ not found!

Registry entries deleted on Reboot...

#8 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 08 November 2009 - 01:43 AM

Hi,

We'll carry out a thorough scan to check you're clean. This may take a few hours.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Options:
Click OK
Now under select a target to scan:
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on View Report and then Save Report
Save the file to your desktop as a text file.
Copy and paste that information in your next post.

#9 bossfan91

Group: Member
Posts: 8
Joined: 05-November 09

Posted 08 November 2009 - 05:14 PM

Hi,
Here is the report from the scan. It appears there are three infected files

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 8, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 08, 2009 19:41:38
Records in database: 3178230
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 101823
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 03:17:17

File name / Threat / Threats count
C:\Program Files\Messenger\zysoraq.html Infected: Trojan-Clicker.HTML.IFrame.dn 1
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

Selected area has been scanned.

#10 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 08 November 2009 - 05:21 PM

Hi,

Please follow these steps.

-- Step 1 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Services

:Reg

:Files
C:\Program Files\Messenger\zysoraq.html
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

-- Step 2 --

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

#11 bossfan91

Group: Member
Posts: 8
Joined: 05-November 09

Posted 08 November 2009 - 08:02 PM

Hi,
Here are the two logs:

OTL Scan:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Messenger\zysoraq.html moved successfully.
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz moved successfully.
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dan
->Temp folder emptied: 94197663 bytes
->Temporary Internet Files folder emptied: 21557510 bytes
->Java cache emptied: 13817535 bytes
->FireFox cache emptied: 49506482 bytes
->Google Chrome cache emptied: 122227705 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 887296 bytes
RecycleBin emptied: 2624160 bytes

Total Files Cleaned = 290.73 mb

OTL by OldTimer - Version 3.1.4.0 log created on 11082009_205115

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\7620a217.$$$ not found!

Registry entries deleted on Reboot...

OTL Quick Scan:

OTL logfile created on: 11/8/2009 8:58:11 PM - Run 3
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 463.52 Mb Available Physical Memory | 45.71% Memory free
2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.77% Paging File free
Paging file location(s): C:\pagefile.sys 1524 1524 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 35.43 Gb Free Space | 50.75% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNYBOY
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Dan\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
PRC - C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcccoms.exe ()
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dan\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://netservices.v.../main/vzcentral
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/04 11:03:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/08 00:43:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 13:58:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/08 00:43:58 | 00,000,000 | ---D | M]

[2009/05/29 23:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2009/05/29 23:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/08 10:04:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\extensions
[2009/09/27 22:42:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/04 17:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/11/23 20:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009/04/05 21:28:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\c8i8zr40.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/11/08 10:04:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 08:09:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/26 21:12:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/11/08 00:44:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/10/29 08:08:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 08:08:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/30 16:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/11/08 00:43:20 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/09/26 11:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/10/29 08:08:57 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/07/24 00:45:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/07/24 00:45:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/07/24 00:45:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/07/24 00:45:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/07/24 00:45:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/07/24 00:45:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/07/24 00:45:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/03/07 18:18:00 | 00,002,038 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml
[2009/05/29 23:56:49 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/05/29 23:56:49 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/05/29 23:56:49 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/05/29 23:56:49 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/05/29 23:56:49 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/05/29 23:56:49 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/05/29 23:56:50 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/01 11:23:41 | 00,000,148 | R--- | M] () - D:\AUTORUN.inf -- [ UDF ]
O32 - AutoRun File - [2007/07/03 21:32:31 | 00,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007/07/03 21:32:31 | 00,634,880 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/07/03 21:23:42 | 00,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O34 - HKLM BootExecute: (?????) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/08 00:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\New Folder
[2009/11/07 22:33:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/07 22:33:10 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/07 16:15:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/07 15:59:14 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/07 15:58:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/07 15:58:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/07 15:58:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/07 15:58:04 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/07 15:57:35 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/07 15:36:21 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/06 21:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Tracing
[2009/11/06 21:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/11/06 21:30:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/11/06 21:29:48 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/11/06 15:31:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/06 15:30:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/06 15:23:38 | 01,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Dan\My Documents\8qIIDaX7c.exe
[2009/11/06 00:05:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/02 22:48:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Simply Super Software
[2009/11/02 22:48:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/02 22:48:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009/11/02 22:48:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Simply Super Software
[2009/11/02 22:48:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/11/01 15:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/11/01 15:07:12 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/11/01 15:03:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 14 Days ==========

[2009/11/08 20:55:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/08 20:55:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/08 20:55:26 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/08 20:54:45 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\Dan\NTUSER.DAT
[2009/11/08 20:54:28 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan\ntuser.ini
[2009/11/08 20:40:00 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3082972669-420718603-2511425773-1005UA.job
[2009/11/08 00:56:12 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Office Word 2003.lnk
[2009/11/07 22:43:19 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/07 22:33:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 21:40:00 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3082972669-420718603-2511425773-1005Core.job
[2009/11/07 16:09:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/07 16:09:22 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/07 15:59:23 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/11/07 15:59:01 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\It is important you rename Combofix during the download.doc
[2009/11/06 21:31:46 | 00,000,891 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\My Sharing Folders.lnk
[2009/11/06 15:30:47 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2009/11/06 15:30:47 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2009/11/06 15:23:07 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Dan\My Documents\8qIIDaX7c.exe
[2009/11/06 15:12:25 | 00,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/06 01:45:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/06 00:39:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\HijackThis.lnk
[2009/11/06 00:30:35 | 00,055,904 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/02 22:48:39 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2009/11/01 01:49:28 | 00,522,782 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 01:49:28 | 00,105,886 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 01:49:28 | 00,004,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/29 20:26:56 | 00,106,496 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Mandatos.ppt
[2009/10/25 23:24:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/10/25 23:24:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

========== Files Created - No Company Name ==========

[2009/11/07 22:33:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 15:59:23 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/11/07 15:59:18 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/07 15:59:00 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\It is important you rename Combofix during the download.doc
[2009/11/07 15:58:04 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/07 15:58:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/07 15:58:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/07 15:58:04 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/07 15:58:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/06 15:30:47 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2009/11/06 15:30:47 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2009/11/06 15:16:08 | 10,634,07616 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/06 00:39:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\HijackThis.lnk
[2009/11/02 22:48:39 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2009/11/02 22:48:34 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/11/02 22:48:34 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/11/02 22:48:33 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/11/02 22:48:33 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/29 20:26:56 | 00,106,496 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Mandatos.ppt
[2009/10/25 23:24:32 | 00,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2009/10/25 23:24:32 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2009/09/18 12:42:10 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/01/03 23:47:56 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/05/24 20:44:35 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/13 06:18:32 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/25 21:49:32 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2006/12/11 19:21:04 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/11 19:21:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/08/25 14:03:59 | 00,002,189 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/01/22 15:44:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/25 22:53:31 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/25 18:19:38 | 00,055,904 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/12/25 14:31:52 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\EnumDevLib.dll
[2005/12/25 10:09:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dan\Application Data\desktop.ini
[2005/12/25 10:09:01 | 02,111,998 | -H-- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\IconCache.db
[2005/12/25 10:09:01 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2005/12/15 15:17:09 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 15:08:47 | 00,000,195 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/15 15:02:50 | 00,005,872 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2005/12/15 14:29:52 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2005/12/15 14:29:52 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2005/12/15 14:29:52 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2005/12/15 14:29:52 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2005/12/15 14:29:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2005/12/15 14:29:52 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2005/12/15 14:29:52 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2005/12/15 14:29:52 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2005/12/15 14:29:52 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/12/15 14:29:52 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2005/12/15 14:29:50 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2005/12/15 14:29:50 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2005/12/15 14:29:50 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2005/12/15 14:29:50 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2005/12/15 14:29:50 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2005/12/15 14:29:50 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2005/12/15 14:29:48 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2005/12/15 14:29:48 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2005/12/15 14:29:46 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/12/15 14:29:36 | 00,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2005/12/15 14:29:36 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/12/15 14:28:34 | 01,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2005/12/15 14:27:32 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 05:18:43 | 00,000,789 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 05:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 15:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 18:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/03/07 18:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2005/08/16 21:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2006/12/11 16:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2009/11/02 22:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/01 10:50:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2009/11/04 21:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/07 18:17:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/16 16:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0B2B6CE1-83F3-4BD2-9CF7-F8688A75BA47}
[2009/07/24 00:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/01 10:48:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9ECEFAAC-75E3-4CC9-864C-D1071F1F0CDF}
[2009/09/01 10:51:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A6F22B7B-0306-4618-9CE3-02EC7A1F223D}
[2007/01/21 18:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\acccore
[2005/12/25 23:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Aim
[2008/12/01 18:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Amazon
[2006/04/26 16:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\COREL
[2006/06/03 14:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Corel Photo Album
[2006/05/28 11:43:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2007/11/23 20:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Megaupload
[2009/04/26 21:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\OpenOffice.org
[2007/12/25 09:53:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dan\Application Data\SecuROM
[2009/11/02 22:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Simply Super Software
[2007/08/25 08:48:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Smith Micro
[2009/09/01 10:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Stardock
[2009/07/17 23:20:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Viewpoint
[2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/06 01:45:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/11/08 20:55:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

#12 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 09 November 2009 - 12:48 AM

Congratulations, your computer appears clean

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combo-Fix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

-- Step 2 --

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

Adobe Updates

Your Adobe reader needs to be updated. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.

#13 bossfan91

Group: Member
Posts: 8
Joined: 05-November 09

Posted 09 November 2009 - 02:37 PM

It won't let me perform step 1. I double checked that I put in the space, and that it was spelled correctly. Any suggestions?

#14 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 09 November 2009 - 02:43 PM

Hi,

Try Combofix /Uninstall

#15 bossfan91

Group: Member
Posts: 8
Joined: 05-November 09

Posted 09 November 2009 - 03:32 PM

It appears everything is back to normal!! Thank you so much!!

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

Troj/Virtum-Gen on my Computer~ [Solved] - Geeks to Go Forums