Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lost all programs


  • This topic is locked This topic is locked

#1
babyhuey2165

babyhuey2165

    Member

  • Member
  • PipPip
  • 13 posts
Not sure if this is the right forum..? I lost all my music, docs, photos, etc. My desktop is empty. When I click on "all programs" it says "empty" but I think programs like Yahoo messenger are still there because I can get to it in a round-about way..? Just no icons..
I ran stringer and found Fakealert-rep trojan. I have down loaded OTL and here is the results. Please help






OTL logfile created on: 5/9/2011 12:09:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Albert Kirchmann\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 495.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 119.04 Gb Free Space | 85.49% Space Free | Partition Type: NTFS
Drive D: | 963.72 Mb Total Space | 245.67 Mb Free Space | 25.49% Space Free | Partition Type: FAT

Computer Name: DD3PQQM1 | User Name: Albert Kirchmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 12:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Albert Kirchmann\Desktop\OTL.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2010/01/19 13:48:52 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2009/10/19 15:51:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe
PRC - [2009/09/16 20:36:10 | 000,632,176 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2009/06/09 17:13:52 | 000,320,880 | ---- | M] (Compal Electronics, Inc) -- C:\Program Files\CapsLKNotify\CapsLKNotify.exe
PRC - [2009/06/03 14:46:42 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/27 15:24:54 | 000,247,080 | ---- | M] (Dell) -- C:\Program Files\WSED\WSED.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 12:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Albert Kirchmann\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService)
SRV - File not found [Auto | Stopped] -- -- (MyOwnSuperheroIEService)
SRV - File not found [Auto | Stopped] -- -- (MyFunCardsIE_3wService)
SRV - File not found [Auto | Stopped] -- -- (MSK80Service)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/17 11:41:00 | 005,954,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/17 11:40:48 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OAO17Afx.sys -- (OAO17Afx)
DRV - [2009/11/17 11:40:46 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 11:40:42 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/27 02:28:48 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWVsp.sys -- (PTUMWVsp)
DRV - [2009/10/27 02:28:36 | 000,115,216 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWNET.sys -- (PTUMWNET)
DRV - [2009/10/27 02:28:30 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWMdm.sys -- (PTUMWMdm)
DRV - [2009/10/27 02:28:24 | 000,012,048 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWFLT.sys -- (PTUMWFLT)
DRV - [2009/10/27 02:28:12 | 000,022,032 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWCDF.sys -- (PTUMWCDF)
DRV - [2009/10/27 02:28:02 | 000,054,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWBus.sys -- (PTUMWBus)
DRV - [2009/09/22 11:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/28 11:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/12 11:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/01/06 18:53:14 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/04 20:24:58 | 000,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell....c=us&l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\URLSearchHook: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...64855&mkt=en-us
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - File not found
IE - HKCU\..\URLSearchHook: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - File not found
IE - HKCU\..\URLSearchHook: {56d1ace8-c2b6-4a67-9261-fed5c12e4a90} - File not found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - File not found
IE - HKCU\..\URLSearchHook: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin


O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
O2 - BHO: (Search Assistant BHO) - {39867cd6-50c8-4d64-b671-56c1222eaa72} - File not found
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - File not found
O2 - BHO: (Toolbar BHO) - {53113956-d617-4de6-b841-f099eeaff962} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - File not found
O2 - BHO: (Games.com Toolbar Loader) - {b07040d6-4cb3-4af4-8a5c-038b7cd8a5d8} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
O2 - BHO: (Search Assistant BHO) - {be5bab39-39b5-45c1-83f2-10ee5ae55587} - File not found
O2 - BHO: (Toolbar BHO) - {c335fe0b-1418-42fb-942f-2c1e13259052} - File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - File not found
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
O3 - HKLM\..\Toolbar: (MyOwnSuperhero) - {3bcf580a-adca-4b91-86e0-3898010003e6} - File not found
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - File not found
O3 - HKLM\..\Toolbar: (Games.com Toolbar) - {9da1bcf1-77f5-41c5-b7c3-c597dc20752c} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (MyFunCards) - {b63fb0a0-7ccc-4a83-a066-4a3363dad80c} - File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Games.com Toolbar) - {9DA1BCF1-77F5-41C5-B7C3-C597DC20752C} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyFunCards) - {B63FB0A0-7CCC-4A83-A066-4A3363DAD80C} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] C:\Program Files\Cricket Broadband Connect\AvqAutoRun.exe ()
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] File not found
O4 - HKLM..\Run: [MyFunCardsIE_3w Browser Plugin Loader] File not found
O4 - HKLM..\Run: [MyOwnSuperheroIE Browser Plugin Loader] File not found
O4 - HKLM..\Run: [MyWebSearch Email Plugin] File not found
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [Syncables] File not found
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] File not found
O4 - HKCU..\Run: [NetZero_uoltray] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: hotmail.com ([]https in Trusted sites)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} http://aolsvc.aol.co...eball/abxgh.cab (Abx(gh) Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Albert Kirchmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Albert Kirchmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 20:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\Shell - "" = AutoRun
O33 - MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\Shell\menu1\command - "" = D:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 12:09:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Albert Kirchmann\Desktop\OTL.exe
[2011/05/09 11:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\Desktop\RK_Quarantine
[2011/05/09 08:14:59 | 008,134,663 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Albert Kirchmann\Desktop\stinger10101546.exe
[2011/04/30 09:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/30 09:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/30 03:11:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/04/29 17:17:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Albert Kirchmann\Recent
[2011/04/29 17:03:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/04/29 07:14:04 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/29 06:57:11 | 000,520,704 | ---- | C] (WinTrust) -- C:\Documents and Settings\All Users\Application Data\CbvYHAgAAxMvT.exe
[2011/04/28 21:35:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Albert Kirchmann\Desktop\Albert Kirchmann
[2011/04/28 21:35:42 | 000,000,000 | ---D | C] -- C:\report
[2011/04/27 03:35:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Albert Kirchmann\Desktop\Application Data
[2011/04/23 22:22:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Albert Kirchmann\Documents and Settings
[2011/04/23 22:22:19 | 000,000,000 | ---D | C] -- C:\Albert Kirchmann
[2011/04/23 09:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\Desktop\Documents and Settings
[2011/04/23 09:16:12 | 000,000,000 | ---D | C] -- C:\ShoppingReport2
[2011/04/22 03:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\Desktop\cs
[2011/04/21 17:39:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Albert Kirchmann\cs
[2011/04/16 10:55:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/08/04 09:08:04 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe114.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 12:11:04 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/09 12:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Albert Kirchmann\Desktop\OTL.exe
[2011/05/09 11:50:13 | 000,495,980 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/09 11:50:13 | 000,092,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/09 11:46:26 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 11:45:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 11:45:50 | 1062,580,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 11:45:50 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/09 11:07:20 | 000,551,424 | ---- | M] () -- C:\Documents and Settings\Albert Kirchmann\Desktop\RogueKiller.exe
[2011/05/09 10:58:36 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Albert Kirchmann\Desktop\stinger10101546.opt
[2011/05/09 08:15:06 | 008,134,663 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Albert Kirchmann\Desktop\stinger10101546.exe
[2011/05/09 06:52:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/07 10:27:14 | 000,000,180 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2011/05/04 05:39:19 | 000,009,216 | -H-- | M] () -- C:\Documents and Settings\Albert Kirchmann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/30 09:05:33 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/30 04:09:00 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/29 17:20:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/29 06:57:08 | 000,520,704 | ---- | M] (WinTrust) -- C:\Documents and Settings\All Users\Application Data\CbvYHAgAAxMvT.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 11:07:14 | 000,551,424 | ---- | C] () -- C:\Documents and Settings\Albert Kirchmann\Desktop\RogueKiller.exe
[2011/05/09 10:58:36 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Albert Kirchmann\Desktop\stinger10101546.opt
[2011/04/30 09:05:33 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/30 09:04:49 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/04/30 04:08:45 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2011/04/30 04:08:45 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2011/04/30 04:08:45 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2011/04/30 04:08:45 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2011/04/30 04:08:45 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2011/04/30 04:08:45 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2011/04/30 04:08:45 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2011/04/30 04:08:45 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2011/04/30 04:08:45 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2011/04/30 04:08:45 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2011/04/30 04:08:45 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2011/04/30 04:08:45 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2011/04/30 04:08:45 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2011/04/30 04:08:45 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2011/04/30 04:08:45 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2011/04/30 04:08:44 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2011/04/30 04:08:44 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/11/28 18:37:17 | 000,000,180 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2010/11/24 03:55:21 | 000,009,216 | -H-- | C] () -- C:\Documents and Settings\Albert Kirchmann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/13 06:26:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/06 20:40:20 | 000,002,340 | -H-- | C] () -- C:\Documents and Settings\Albert Kirchmann\Application Data\wklnhst.dat
[2010/08/04 09:08:56 | 000,010,440 | ---- | C] () -- C:\WINDOWS\System32\ptumwcit.dll
[2010/07/25 11:02:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/07/25 11:01:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2010/07/25 09:07:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/25 08:46:21 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2010/07/25 08:37:12 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2010/07/25 08:36:03 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/07/25 08:36:03 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/07/25 08:36:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/06/23 14:29:40 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 20:47:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 20:44:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 20:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 15:33:30 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/25 15:33:30 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/25 15:33:30 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/25 15:33:30 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/25 15:33:30 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/25 15:33:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 15:33:18 | 000,495,980 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 15:33:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 15:33:18 | 000,092,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 15:33:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 15:33:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 15:33:17 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 15:33:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 15:33:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 15:33:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 15:33:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 15:33:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 08:39:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 08:38:33 | 000,182,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2010/12/23 17:31:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\PCDr
[2011/04/28 13:58:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\ShoppingReport2
[2010/08/06 20:49:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\Template
[2010/09/09 08:59:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\Trillian
[2010/07/25 08:34:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\Windows Desktop Search
[2010/08/02 22:47:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\Windows Search
[2010/08/05 15:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/29 03:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GAMEON
[2011/02/14 09:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/07/25 08:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/07/25 08:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/16 07:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/05/04 03:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 08:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2010/07/25 08:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2010/07/25 08:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Win732
[2010/07/25 08:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Win764
[2010/07/25 08:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP32
[2010/10/03 16:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1409277B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE65571A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5

< End of report >

Edited by babyhuey2165, 09 May 2011 - 10:36 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello babyhuey2165 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - File not found
    O3 - HKLM\..\Toolbar: (MyFunCards) - {b63fb0a0-7ccc-4a83-a066-4a3363dad80c} - File not found
    O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (MyFunCards) - {B63FB0A0-7CCC-4A83-A066-4A3363DAD80C} - File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] File not found
    O4 - HKLM..\Run: [MyFunCardsIE_3w Browser Plugin Loader] File not found
    O4 - HKLM..\Run: [MyOwnSuperheroIE Browser Plugin Loader] File not found
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] File not found
    O4 - HKLM..\Run: [Syncables] File not found
    O33 - MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\Shell - "" = AutoRun
    O33 - MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\Shell\AutoRun\command - "" = D:\Start.exe
    O33 - MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\Shell\menu1\command - "" = D:\Start.exe
    [2011/04/29 06:57:11 | 000,520,704 | ---- | C] (WinTrust) -- C:\Documents and Settings\All Users\Application Data\CbvYHAgAAxMvT.exe
    [2010/08/04 09:08:04 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe114.dll
    [2010/08/06 20:40:20 | 000,002,340 | -H-- | C] () -- C:\Documents and Settings\Albert Kirchmann\Application Data\wklnhst.dat

    :Files
    ipconfig /flushdns /c
    attrib -h /s /d c:\*.* /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
  • New OTL scan log
It would be helpful if you could post each log in separate post
  • 0

#3
babyhuey2165

babyhuey2165

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL report after fixes seems to have helped. most of my desktop items are back.




All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b63fb0a0-7ccc-4a83-a066-4a3363dad80c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b63fb0a0-7ccc-4a83-a066-4a3363dad80c}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9565115D-C7D6-46D3-BD63-B67B481A4368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B63FB0A0-7CCC-4A83-A066-4A3363DAD80C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B63FB0A0-7CCC-4A83-A066-4A3363DAD80C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyFunCardsIE_3w Browser Plugin Loader deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyOwnSuperheroIE Browser Plugin Loader deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Syncables deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\ not found.
File D:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{446d5f85-9f8f-11df-acd0-70f1a1ea3fb8}\ not found.
File D:\Start.exe not found.
C:\Documents and Settings\All Users\Application Data\CbvYHAgAAxMvT.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\hpe114.dll moved successfully.
C:\Documents and Settings\Albert Kirchmann\Application Data\wklnhst.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Albert Kirchmann\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Albert Kirchmann\Desktop\cmd.txt deleted successfully.
< attrib -h /s /d c:\*.* /c >
Error opening cmd.txt file...
C:\Documents and Settings\Albert Kirchmann\Desktop\cmd.bat deleted successfully.
File delete failed. C:\Documents and Settings\Albert Kirchmann\Desktop\cmd.txt scheduled to be deleted on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Albert Kirchmann
->Temp folder emptied: 220862283 bytes
->Temporary Internet Files folder emptied: 117329890 bytes
->Java cache emptied: 10720637 bytes
->Flash cache emptied: 167059 bytes

User: All Users

User: Danny Phelps
->Temp folder emptied: 669906 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 321 bytes

User: Danny Phelps.DD3PQQM1
->Temp folder emptied: 817646 bytes
->Temporary Internet Files folder emptied: 65225 bytes
->Flash cache emptied: 321 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 321 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: report

User: ShoppingReport2

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9565638 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 55145304 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 396.00 mb


[EMPTYFLASH]

User: Albert Kirchmann
->Flash cache emptied: 0 bytes

User: All Users

User: Danny Phelps
->Flash cache emptied: 0 bytes

User: Danny Phelps.DD3PQQM1
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: report

User: ShoppingReport2

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05102011_021434

Files\Folders moved on Reboot...
C:\Documents and Settings\Albert Kirchmann\Desktop\cmd.txt moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_75c.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
babyhuey2165

babyhuey2165

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
MBAM report



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6543

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/10/2011 2:46:19 AM
mbam-log-2011-05-10 (02-46-19).txt

Scan type: Quick scan
Objects scanned: 168804
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 136
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 27
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00572D69-36F3-4459-A76E-B681ABC2C799} (Adware.MyFunCards) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{00572D69-36F3-4459-A76E-B681ABC2C799} (Adware.MyFunCards) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\albert kirchmann\application data\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\application data (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\myfuncards_3vei (Adware.MyFunCards) -> Quarantined and deleted successfully.
c:\program files\myfuncards_3vei\Installr (Adware.MyFunCards) -> Quarantined and deleted successfully.
c:\program files\myfuncards_3vei\Installr\1.bin (Adware.MyFunCards) -> Quarantined and deleted successfully.
c:\program files\myfuncards_3vei\Installr\1.bin\chrome (Adware.MyFunCards) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\funwebproducts\Installr\3.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\favorites\free porn, porn tube, free porn videos, sex movie, porn - freeporn.com.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\albert kirchmann\application data\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\3.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\3.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_FeatCk.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin\2.7.34\shoppingreport.dll (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
  • 0

#5
babyhuey2165

babyhuey2165

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Final OTL report. It only gave me one not two. Still do not have access to all programs or my e-mail and other web pages.



OTL logfile created on: 5/10/2011 2:54:00 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Albert Kirchmann\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 619.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 119.42 Gb Free Space | 85.76% Space Free | Partition Type: NTFS

Computer Name: DD3PQQM1 | User Name: Albert Kirchmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 12:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Albert Kirchmann\Desktop\OTL.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2010/01/19 13:48:52 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2009/10/19 15:51:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe
PRC - [2009/09/16 20:36:10 | 000,632,176 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2009/06/09 17:13:52 | 000,320,880 | ---- | M] (Compal Electronics, Inc) -- C:\Program Files\CapsLKNotify\CapsLKNotify.exe
PRC - [2009/06/03 14:46:42 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/27 15:24:54 | 000,247,080 | ---- | M] (Dell) -- C:\Program Files\WSED\WSED.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 12:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Albert Kirchmann\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MyOwnSuperheroIEService)
SRV - File not found [Auto | Stopped] -- -- (MyFunCardsIE_3wService)
SRV - File not found [Auto | Stopped] -- -- (MSK80Service)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/17 11:41:00 | 005,954,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/17 11:40:48 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OAO17Afx.sys -- (OAO17Afx)
DRV - [2009/11/17 11:40:46 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 11:40:42 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/27 02:28:48 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWVsp.sys -- (PTUMWVsp)
DRV - [2009/10/27 02:28:36 | 000,115,216 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWNET.sys -- (PTUMWNET)
DRV - [2009/10/27 02:28:30 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWMdm.sys -- (PTUMWMdm)
DRV - [2009/10/27 02:28:24 | 000,012,048 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWFLT.sys -- (PTUMWFLT)
DRV - [2009/10/27 02:28:12 | 000,022,032 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWCDF.sys -- (PTUMWCDF)
DRV - [2009/10/27 02:28:02 | 000,054,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTUMWBus.sys -- (PTUMWBus)
DRV - [2009/09/22 11:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/28 11:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/12 11:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/01/06 18:53:14 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/04 20:24:58 | 000,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell....c=us&l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\URLSearchHook: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...64855&mkt=en-us
IE - HKCU\..\URLSearchHook: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - File not found
IE - HKCU\..\URLSearchHook: {56d1ace8-c2b6-4a67-9261-fed5c12e4a90} - File not found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin


O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {39867cd6-50c8-4d64-b671-56c1222eaa72} - File not found
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - File not found
O2 - BHO: (Toolbar BHO) - {53113956-d617-4de6-b841-f099eeaff962} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2 - BHO: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found.
O2 - BHO: (Games.com Toolbar Loader) - {b07040d6-4cb3-4af4-8a5c-038b7cd8a5d8} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
O2 - BHO: (Search Assistant BHO) - {be5bab39-39b5-45c1-83f2-10ee5ae55587} - File not found
O2 - BHO: (Toolbar BHO) - {c335fe0b-1418-42fb-942f-2c1e13259052} - File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - File not found
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MyOwnSuperhero) - {3bcf580a-adca-4b91-86e0-3898010003e6} - File not found
O3 - HKLM\..\Toolbar: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Games.com Toolbar) - {9da1bcf1-77f5-41c5-b7c3-c597dc20752c} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Games.com Toolbar) - {9DA1BCF1-77F5-41C5-B7C3-C597DC20752C} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKLM..\Run: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] C:\Program Files\Cricket Broadband Connect\AvqAutoRun.exe ()
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NetZero_uoltray] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: hotmail.com ([]https in Trusted sites)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} http://aolsvc.aol.co...eball/abxgh.cab (Abx(gh) Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Albert Kirchmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Albert Kirchmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 20:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 02:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\My Documents\fix#2
[2011/05/10 02:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\Application Data\Malwarebytes
[2011/05/10 02:37:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/10 02:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/10 02:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/10 02:37:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/10 02:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/10 02:34:45 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Albert Kirchmann\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/10 02:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\My Documents\fix#1
[2011/05/10 02:14:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/09 12:09:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Albert Kirchmann\Desktop\OTL.exe
[2011/05/09 11:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\Desktop\RK_Quarantine
[2011/05/09 08:14:59 | 008,134,663 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Albert Kirchmann\Desktop\stinger10101546.exe
[2011/04/30 09:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/30 09:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/30 03:11:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/04/29 17:17:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Albert Kirchmann\Recent
[2011/04/29 17:03:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/04/29 07:14:04 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/28 21:35:42 | 000,000,000 | ---D | C] -- C:\report
[2011/04/28 21:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\Desktop\Albert Kirchmann
[2011/04/27 03:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\Desktop\Application Data
[2011/04/23 22:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\Documents and Settings
[2011/04/23 22:22:19 | 000,000,000 | ---D | C] -- C:\Albert Kirchmann
[2011/04/23 09:16:12 | 000,000,000 | ---D | C] -- C:\ShoppingReport2
[2011/04/21 17:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Kirchmann\cs
[2011/04/16 10:55:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

========== Files - Modified Within 30 Days ==========

[2011/05/10 02:54:55 | 000,495,980 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/10 02:54:55 | 000,092,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/10 02:50:40 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/10 02:50:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/10 02:50:20 | 1062,580,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/10 02:37:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 02:34:45 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Albert Kirchmann\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/10 02:11:03 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/09 12:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Albert Kirchmann\Desktop\OTL.exe
[2011/05/09 11:45:50 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/09 11:07:20 | 000,551,424 | ---- | M] () -- C:\Documents and Settings\Albert Kirchmann\Desktop\RogueKiller.exe
[2011/05/09 10:58:36 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Albert Kirchmann\Desktop\stinger10101546.opt
[2011/05/09 08:15:06 | 008,134,663 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Albert Kirchmann\Desktop\stinger10101546.exe
[2011/05/09 06:52:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/07 10:27:14 | 000,000,180 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2011/05/04 05:39:19 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Albert Kirchmann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/30 09:05:33 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/30 04:09:00 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/29 17:20:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/05/10 02:37:18 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/09 11:07:14 | 000,551,424 | ---- | C] () -- C:\Documents and Settings\Albert Kirchmann\Desktop\RogueKiller.exe
[2011/05/09 10:58:36 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Albert Kirchmann\Desktop\stinger10101546.opt
[2011/04/30 09:05:33 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/30 09:04:49 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/04/30 04:08:45 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2011/04/30 04:08:45 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2011/04/30 04:08:45 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2011/04/30 04:08:45 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2011/04/30 04:08:45 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2011/04/30 04:08:45 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2011/04/30 04:08:45 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2011/04/30 04:08:45 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2011/04/30 04:08:45 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2011/04/30 04:08:45 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2011/04/30 04:08:45 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2011/04/30 04:08:45 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2011/04/30 04:08:45 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2011/04/30 04:08:45 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2011/04/30 04:08:45 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2011/04/30 04:08:44 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2011/04/30 04:08:44 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/11/28 18:37:17 | 000,000,180 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2010/11/24 03:55:21 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Albert Kirchmann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/13 06:26:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/04 09:08:56 | 000,010,440 | ---- | C] () -- C:\WINDOWS\System32\ptumwcit.dll
[2010/07/25 11:02:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/07/25 11:01:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2010/07/25 09:07:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/25 08:46:21 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2010/07/25 08:37:12 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2010/07/25 08:36:03 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/07/25 08:36:03 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/07/25 08:36:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/06/23 14:29:40 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 20:47:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 20:44:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 20:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 15:33:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 15:33:18 | 000,495,980 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 15:33:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 15:33:18 | 000,092,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 15:33:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 15:33:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 15:33:17 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 15:33:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 15:33:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 15:33:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 15:33:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 15:33:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 08:39:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 08:38:33 | 000,182,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2010/12/23 17:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\PCDr
[2010/08/06 20:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\Template
[2010/09/09 08:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\Trillian
[2010/07/25 08:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\Windows Desktop Search
[2010/08/02 22:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Kirchmann\Application Data\Windows Search
[2010/08/05 15:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/29 03:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GAMEON
[2011/02/14 09:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/07/25 08:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/07/25 08:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/16 07:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/05/04 03:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 08:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2010/07/25 08:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2010/07/25 08:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Win732
[2010/07/25 08:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Win764
[2010/07/25 08:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP32
[2010/10/03 16:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1409277B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE65571A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5

< End of report >

Edited by babyhuey2165, 10 May 2011 - 02:57 AM.

  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi babyhuey2165,

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (MyFunCardsIE_3wService)
    IE - HKCU\..\URLSearchHook: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - File not found
    IE - HKCU\..\URLSearchHook: {56d1ace8-c2b6-4a67-9261-fed5c12e4a90} - File not found
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
    O2 - BHO: (Search Assistant BHO) - {39867cd6-50c8-4d64-b671-56c1222eaa72} - File not found
    O2 - BHO: (Toolbar BHO) - {53113956-d617-4de6-b841-f099eeaff962} - File not found
    O2 - BHO: (Search Assistant BHO) - {be5bab39-39b5-45c1-83f2-10ee5ae55587} - File not found
    O2 - BHO: (Toolbar BHO) - {c335fe0b-1418-42fb-942f-2c1e13259052} - File not found
    O4 - HKCU..\Run: [NetZero_uoltray] File not found

    :Commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#7
babyhuey2165

babyhuey2165

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the OTL report



User: report

User: ShoppingReport2

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05102011_053326

Files\Folders moved on Reboot...
C:\Documents and Settings\Albert Kirchmann\Local Settings\Temporary Internet Files\Content.IE5\HLWMQ5I7\page__p__2008497__fromsearch__1[1].htm moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_72c.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#8
babyhuey2165

babyhuey2165

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Report for TDSSKLLER


2011/05/10 05:45:34.0890 0600 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 05:45:36.0546 0600 ================================================================================
2011/05/10 05:45:36.0546 0600 SystemInfo:
2011/05/10 05:45:36.0546 0600
2011/05/10 05:45:36.0546 0600 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/10 05:45:36.0546 0600 Product type: Workstation
2011/05/10 05:45:36.0546 0600 ComputerName: DD3PQQM1
2011/05/10 05:45:36.0546 0600 UserName: Albert Kirchmann
2011/05/10 05:45:36.0546 0600 Windows directory: C:\WINDOWS
2011/05/10 05:45:36.0546 0600 System windows directory: C:\WINDOWS
2011/05/10 05:45:36.0546 0600 Processor architecture: Intel x86
2011/05/10 05:45:36.0546 0600 Number of processors: 2
2011/05/10 05:45:36.0546 0600 Page size: 0x1000
2011/05/10 05:45:36.0546 0600 Boot type: Normal boot
2011/05/10 05:45:36.0546 0600 ================================================================================
2011/05/10 05:45:36.0890 0600 Initialize success
2011/05/10 05:45:43.0875 3620 ================================================================================
2011/05/10 05:45:43.0875 3620 Scan started
2011/05/10 05:45:43.0875 3620 Mode: Manual;
2011/05/10 05:45:43.0875 3620 ================================================================================
2011/05/10 05:45:44.0390 3620 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/10 05:45:44.0437 3620 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/10 05:45:44.0484 3620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/10 05:45:44.0515 3620 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/10 05:45:44.0593 3620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/10 05:45:44.0671 3620 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/10 05:45:44.0796 3620 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/10 05:45:44.0828 3620 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/10 05:45:44.0875 3620 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/10 05:45:44.0921 3620 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/10 05:45:44.0968 3620 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/10 05:45:45.0015 3620 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/10 05:45:45.0062 3620 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/10 05:45:45.0218 3620 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/10 05:45:45.0359 3620 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/10 05:45:45.0390 3620 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/10 05:45:45.0453 3620 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/10 05:45:45.0500 3620 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/10 05:45:45.0546 3620 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/10 05:45:45.0640 3620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/10 05:45:45.0687 3620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/10 05:45:45.0750 3620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/10 05:45:45.0812 3620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/10 05:45:45.0953 3620 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/10 05:45:46.0046 3620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/10 05:45:46.0125 3620 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/10 05:45:46.0156 3620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/10 05:45:46.0218 3620 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/10 05:45:46.0250 3620 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/10 05:45:46.0281 3620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/10 05:45:46.0328 3620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/10 05:45:46.0375 3620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/10 05:45:46.0484 3620 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/10 05:45:46.0515 3620 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/10 05:45:46.0546 3620 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/10 05:45:46.0609 3620 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/10 05:45:46.0687 3620 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
2011/05/10 05:45:46.0734 3620 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/10 05:45:46.0765 3620 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/10 05:45:46.0812 3620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/10 05:45:46.0875 3620 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/10 05:45:46.0937 3620 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/10 05:45:46.0984 3620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/10 05:45:47.0046 3620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/10 05:45:47.0109 3620 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/10 05:45:47.0140 3620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/10 05:45:47.0203 3620 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
2011/05/10 05:45:47.0250 3620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/10 05:45:47.0296 3620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/10 05:45:47.0328 3620 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/10 05:45:47.0359 3620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/10 05:45:47.0390 3620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/10 05:45:47.0421 3620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/10 05:45:47.0453 3620 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/10 05:45:47.0500 3620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/10 05:45:47.0546 3620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/10 05:45:47.0609 3620 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/10 05:45:47.0640 3620 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/10 05:45:47.0718 3620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/10 05:45:47.0781 3620 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/10 05:45:47.0796 3620 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/10 05:45:47.0875 3620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/10 05:45:48.0187 3620 ialm (970cbce15d48ed19ca760e46a2538ec1) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/10 05:45:48.0453 3620 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/10 05:45:48.0531 3620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/10 05:45:48.0593 3620 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/10 05:45:48.0843 3620 IntcAzAudAddService (740c8ad85974193cf41e92289312a2f5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/10 05:45:48.0953 3620 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/10 05:45:48.0984 3620 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/10 05:45:49.0046 3620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/10 05:45:49.0093 3620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/10 05:45:49.0140 3620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/10 05:45:49.0187 3620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/10 05:45:49.0234 3620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/10 05:45:49.0281 3620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/10 05:45:49.0343 3620 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/10 05:45:49.0406 3620 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/10 05:45:49.0437 3620 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/10 05:45:49.0515 3620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/10 05:45:49.0562 3620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/10 05:45:49.0781 3620 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/10 05:45:49.0843 3620 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/10 05:45:49.0906 3620 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/10 05:45:50.0046 3620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/10 05:45:50.0109 3620 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/10 05:45:50.0218 3620 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/10 05:45:50.0343 3620 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/10 05:45:50.0390 3620 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/10 05:45:50.0453 3620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/10 05:45:50.0515 3620 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/10 05:45:50.0562 3620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/10 05:45:50.0625 3620 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/10 05:45:50.0718 3620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/10 05:45:50.0812 3620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/10 05:45:50.0875 3620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/10 05:45:50.0921 3620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/10 05:45:51.0000 3620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/10 05:45:51.0046 3620 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/10 05:45:51.0078 3620 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/10 05:45:51.0140 3620 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/10 05:45:51.0203 3620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/10 05:45:51.0250 3620 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/10 05:45:51.0281 3620 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/10 05:45:51.0312 3620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/10 05:45:51.0343 3620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/10 05:45:51.0406 3620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/10 05:45:51.0453 3620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/10 05:45:51.0484 3620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/10 05:45:51.0546 3620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/10 05:45:51.0609 3620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/10 05:45:51.0671 3620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/10 05:45:51.0718 3620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/10 05:45:51.0765 3620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/10 05:45:51.0843 3620 OAO17Afx (0f538df1673e5216f3baacb6911d9d0f) C:\WINDOWS\system32\DRIVERS\OAO17Afx.sys
2011/05/10 05:45:51.0906 3620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/10 05:45:51.0953 3620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/10 05:45:52.0000 3620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/10 05:45:52.0031 3620 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/10 05:45:52.0093 3620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/10 05:45:52.0125 3620 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/10 05:45:52.0296 3620 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/10 05:45:52.0328 3620 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/10 05:45:52.0437 3620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/10 05:45:52.0484 3620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/10 05:45:52.0500 3620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/10 05:45:52.0593 3620 PTUMWBus (9866479c5c894c3a064eeb6f68618822) C:\WINDOWS\system32\DRIVERS\PTUMWBus.sys
2011/05/10 05:45:52.0656 3620 PTUMWCDF (c51eac8fb88163304329279e82f1d89f) C:\WINDOWS\system32\DRIVERS\PTUMWCDF.sys
2011/05/10 05:45:52.0718 3620 PTUMWFLT (4f840761bb4d674856f6c36f9b66624c) C:\WINDOWS\system32\DRIVERS\PTUMWFLT.sys
2011/05/10 05:45:52.0765 3620 PTUMWMdm (411e332a6426c9b87f5f9b02bcdd15bf) C:\WINDOWS\system32\DRIVERS\PTUMWMdm.sys
2011/05/10 05:45:52.0812 3620 PTUMWNET (bdc1f41f77415a432ca030f30f2ab898) C:\WINDOWS\system32\DRIVERS\PTUMWNET.sys
2011/05/10 05:45:52.0843 3620 PTUMWVsp (e4812824cdc46a90dde225c0fd284098) C:\WINDOWS\system32\DRIVERS\PTUMWVsp.sys
2011/05/10 05:45:52.0906 3620 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/10 05:45:52.0968 3620 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/10 05:45:53.0015 3620 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/10 05:45:53.0062 3620 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/10 05:45:53.0109 3620 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/10 05:45:53.0140 3620 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/10 05:45:53.0203 3620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/10 05:45:53.0250 3620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/10 05:45:53.0296 3620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/10 05:45:53.0328 3620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/10 05:45:53.0375 3620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/10 05:45:53.0421 3620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/10 05:45:53.0484 3620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/10 05:45:53.0515 3620 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/10 05:45:53.0593 3620 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/10 05:45:53.0687 3620 RSUSBSTOR (83f7a29b659771e60cd71999ef57aa0c) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/05/10 05:45:53.0750 3620 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/10 05:45:53.0828 3620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/10 05:45:53.0906 3620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/10 05:45:53.0953 3620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/10 05:45:54.0031 3620 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/10 05:45:54.0109 3620 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/10 05:45:54.0156 3620 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/10 05:45:54.0234 3620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/10 05:45:54.0281 3620 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/10 05:45:54.0343 3620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/10 05:45:54.0406 3620 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/10 05:45:54.0468 3620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/10 05:45:54.0515 3620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/10 05:45:54.0578 3620 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/10 05:45:54.0609 3620 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/10 05:45:54.0703 3620 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/10 05:45:54.0734 3620 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/10 05:45:54.0812 3620 SynTP (5cdd124913e91c7f79b4d5cae1c7c4de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/10 05:45:54.0875 3620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/10 05:45:54.0968 3620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/10 05:45:55.0015 3620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/10 05:45:55.0046 3620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/10 05:45:55.0093 3620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/10 05:45:55.0156 3620 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/10 05:45:55.0187 3620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/10 05:45:55.0234 3620 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/10 05:45:55.0281 3620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/10 05:45:55.0343 3620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/10 05:45:55.0421 3620 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/10 05:45:55.0500 3620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/10 05:45:55.0562 3620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/10 05:45:55.0609 3620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/10 05:45:55.0640 3620 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/10 05:45:55.0703 3620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/10 05:45:55.0750 3620 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/10 05:45:55.0796 3620 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/10 05:45:55.0843 3620 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/10 05:45:55.0890 3620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/10 05:45:55.0984 3620 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/10 05:45:56.0046 3620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/10 05:45:56.0140 3620 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/10 05:45:56.0234 3620 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/10 05:45:56.0343 3620 ================================================================================
2011/05/10 05:45:56.0343 3620 Scan finished
2011/05/10 05:45:56.0343 3620 ================================================================================
  • 0

#9
babyhuey2165

babyhuey2165

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
assMbr report



aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-10 05:50:19
-----------------------------
05:50:19.859 OS Version: Windows 5.1.2600 Service Pack 3
05:50:19.859 Number of processors: 2 586 0x1C0A
05:50:19.859 ComputerName: DD3PQQM1 UserName:
05:50:21.437 Initialize success
05:50:33.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
05:50:33.015 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
05:50:33.031 Disk 0 MBR read successfully
05:50:33.031 Disk 0 MBR scan
05:50:33.031 Disk 0 unknown MBR code
05:50:33.031 Disk 0 scanning sectors +312576705
05:50:33.078 Disk 0 scanning C:\WINDOWS\system32\drivers
05:50:38.859 Service scanning
05:50:40.109 Disk 0 trace - called modules:
05:50:40.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
05:50:40.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86587478]
05:50:40.140 3 CLASSPNP.SYS[f7632fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85ff3028]
05:50:40.140 Scan finished successfully
05:51:11.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Albert Kirchmann\Desktop\MBR.dat"
05:51:11.921 The log file has been saved successfully to "C:\Documents and Settings\Albert Kirchmann\Desktop\aswMBR.txt"
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's continue...

Step 1

Please run Step 1 again. Something went wrong...

Step 2

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Confirm deletion to all infection AVP finds
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
  • 0

Advertisements


#11
babyhuey2165

babyhuey2165

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL report




All processes killed
Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (MyFunCardsIE_3wService)> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - File not found> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {56d1ace8-c2b6-4a67-9261-fed5c12e4a90} - File not found> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin> in the current context!
Error: Unable to interpret <O2 - BHO: (Search Assistant BHO) - {39867cd6-50c8-4d64-b671-56c1222eaa72} - File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (Toolbar BHO) - {53113956-d617-4de6-b841-f099eeaff962} - File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (Search Assistant BHO) - {be5bab39-39b5-45c1-83f2-10ee5ae55587} - File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (Toolbar BHO) - {c335fe0b-1418-42fb-942f-2c1e13259052} - File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [NetZero_uoltray] File not found> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Albert Kirchmann
->Temp folder emptied: 668441 bytes
->Temporary Internet Files folder emptied: 5504621 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Danny Phelps
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Danny Phelps.DD3PQQM1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: report

User: ShoppingReport2

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 13246 bytes

Total Files Cleaned = 6.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05102011_072458

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_724.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#12
babyhuey2165

babyhuey2165

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
On the last scan do i need to check computer also?
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes you do, including Computer.
  • 0

#14
babyhuey2165

babyhuey2165

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
AVPTool scan results




Autoscan: completed 4 minutes ago (events: 27, objects: 458754, time: 03:43:22)
5/10/2011 4:39:30 PM Task completed
5/10/2011 4:39:30 PM Deleted: Trojan-Dropper.Win32.FrauDrop.xxqi C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP184\A0031212.exe
5/10/2011 3:14:02 PM Detected: Trojan-Dropper.Win32.FrauDrop.xxqi C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP184\A0031212.exe
5/10/2011 2:20:30 PM Deleted: Trojan-Dropper.Win32.FrauDrop.xxqi C:\_OTL\MovedFiles\05102011_021434\C_Documents and Settings\All Users\Application Data\CbvYHAgAAxMvT.exe
5/10/2011 2:18:08 PM Detected: Trojan-Dropper.Win32.FrauDrop.xxqi C:\_OTL\MovedFiles\05102011_021434\C_Documents and Settings\All Users\Application Data\CbvYHAgAAxMvT.exe
5/10/2011 2:10:47 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP184\A0031211.dll
5/10/2011 2:01:02 PM Deleted: not-a-virus:AdWare.Win32.HotBar.dh C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP172\A0025391.dll
5/10/2011 2:01:01 PM Deleted: not-a-virus:AdWare.Win32.HotBar.dh C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP172\A0025392.dll
5/10/2011 2:01:01 PM Detected: not-a-virus:AdWare.Win32.HotBar.dh C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP172\A0025391.dll
5/10/2011 2:01:01 PM Detected: not-a-virus:AdWare.Win32.HotBar.dh C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP172\A0025392.dll
5/10/2011 2:01:01 PM Deleted: not-a-virus:AdWare.Win32.HotBar.dh C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP172\A0025389.dll
5/10/2011 2:01:01 PM Deleted: not-a-virus:AdWare.Win32.HotBar.dh C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP172\A0025390.exe
5/10/2011 2:00:42 PM Detected: not-a-virus:AdWare.Win32.HotBar.dh C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP172\A0025390.exe
5/10/2011 2:00:42 PM Detected: not-a-virus:AdWare.Win32.HotBar.dh C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP172\A0025389.dll
5/10/2011 1:57:56 PM Deleted: not-a-virus:AdWare.Win32.FunWeb.heur C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP146\A0021590.dll
5/10/2011 1:57:42 PM Detected: not-a-virus:AdWare.Win32.FunWeb.heur C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP146\A0021590.dll
5/10/2011 1:57:41 PM Deleted: not-a-virus:AdWare.Win32.FunWeb.heur C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP143\A0021498.dll
5/10/2011 1:57:40 PM Deleted: not-a-virus:AdWare.Win32.FunWeb.jw C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP143\A0021497.dll
5/10/2011 1:57:26 PM Detected: not-a-virus:AdWare.Win32.FunWeb.heur C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP143\A0021498.dll
5/10/2011 1:57:26 PM Detected: not-a-virus:AdWare.Win32.FunWeb.jw C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP143\A0021497.dll
5/10/2011 1:57:17 PM Deleted: not-a-virus:AdWare.Win32.FunWeb.jw C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP140\A0021362.dll
5/10/2011 1:57:09 PM Deleted: Hoax.Win32.Screensaver.b C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP140\A0021270.DLL
5/10/2011 1:56:51 PM Detected: not-a-virus:AdWare.Win32.FunWeb.jw C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP140\A0021362.dll
5/10/2011 1:56:46 PM Detected: Hoax.Win32.Screensaver.b C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP140\A0021270.DLL
5/10/2011 1:54:46 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP138\A0020330.exe
5/10/2011 1:52:57 PM Detected: HEUR:Trojan.Win32.Generic C:\Program Files\Shared\shared.dll
5/10/2011 12:56:08 PM Task started
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi babyhuey2165,

How is your system now? Any problems?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP