Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

malware problem... I think [Closed]

Started by benh1984 , Mar 06 2009 12:38 AM

  • This topic is locked This topic is locked

#1
benh1984
Posted 06 March 2009 - 12:38 AM

benh1984

    Member

  • Member
  • PipPip
  • 31 posts
Hi, I downloaded limewire ( which I now regret) and believe I may have infected my laptop in the process .
I will soon be removing limewire, but didnt want to do it until I got some help from you guys
heres my hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:31, on 02/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Ben\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ben.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {6DEC5D53-09EE-4724-9D13-705F47470D03} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [7rUTChICt8] C:\ProgramData\jmhwvavm\hstgxifc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8957 bytes
  • 0

Advertisements

#2
SpySentinel
Posted 11 March 2009 - 02:14 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi benh1984,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.

Looks like you got infected with SmitFraud



Step #1

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm



Step #2

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, fouble-click smitfraudfix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
  • 0

#3
benh1984
Posted 14 March 2009 - 11:25 AM

benh1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
im sorry my response has taken so long, I have been trying to run smitfraudfix, but keep getting a msg about ntfs volume maintenance, and then when i try to run smitfraudfix search i get an access denied message
  • 0

#4
benh1984
Posted 14 March 2009 - 11:38 AM

benh1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
OK i tried reinstalling smitfraudfix again and it worked this time heres the log, im going to run it in safe mode now
SmitFraudFix v2.400

Scan done at 11:30:45.84, 14/03/2009
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Ben\Desktop\SmitfraudFix\Policies.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Ben\Desktop\SmitfraudFix\Policies.exe
C:\Users\Ben\Desktop\SmitfraudFix\Policies.exe
C:\Users\Ben\Desktop\SmitfraudFix\Policies.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SmitfraudFix\Policies.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Ben


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Ben\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Ben\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Ben\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"

[HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\yelosuso.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\yelosuso.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\ProgramData\\huhugafe\\huhugafe.dll c:\\windows\\system32\\yefugeba.dll c:\\windows\\system32\\yelosuso.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter
DNS Server Search Order: 172.16.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1F1FAE4B-4238-4E5F-84FA-4054A8357950}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F1FAE4B-4238-4E5F-84FA-4054A8357950}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1F1FAE4B-4238-4E5F-84FA-4054A8357950}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#5
benh1984
Posted 14 March 2009 - 01:49 PM

benh1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
heres the clean mode rapport

SmitFraudFix v2.400

Scan done at 13:14:54.83, 14/03/2009
Run from C:\Users\Ben\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"

[HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\yapafeju.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\yapafeju.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1F1FAE4B-4238-4E5F-84FA-4054A8357950}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F1FAE4B-4238-4E5F-84FA-4054A8357950}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1F1FAE4B-4238-4E5F-84FA-4054A8357950}: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=172.16.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"="STS"

[HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\yapafeju.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@="c:\windows\system32\yapafeju.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#6
SpySentinel
Posted 14 March 2009 - 03:32 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi benh1984,



  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#7
benh1984
Posted 16 March 2009 - 09:36 AM

benh1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Only this report opened/saved when I was finished running otlistit....

OTListIt logfile created on: 14/03/2009 16:10:49 - Run 2
OTListIt2 by OldTimer - Version 2.0.3.7 Folder = C:\Users\Ben\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 49.11% Memory free
4.00 Gb Paging File | 3.14 Gb Available in Paging File | 78.54% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.41 Gb Total Space | 116.49 Gb Free Space | 40.67% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 2.19 Gb Free Space | 18.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 952.19 Mb Total Space | 3.13 Mb Free Space | 0.33% Space Free | Partition Type: FAT
Drive G: | 3.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEN-PC
Current User Name: Ben
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: Off

========== Processes (SafeList) ==========

PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Users\Ben\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Disabled | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Apple Mobile Device [Disabled | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Com4Qlb [Disabled | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [Disabled | Stopped]) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (HP Health Check Service [Disabled | Stopped]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (hpqwmiex [Disabled | Stopped]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Disabled | Stopped]) -- C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
SRV - (QPCapSvc [Disabled | Stopped]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
SRV - (QPSched [Disabled | Stopped]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe ()
SRV - (RichVideo [Disabled | Stopped]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (Roxio UPnP Renderer 10 [Disabled | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 10 [Disabled | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (RoxLiveShare10 [Disabled | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [Disabled | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Disabled | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (SessionLauncher [Auto | Stopped]) -- File not found
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Disabled | Stopped]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (Avc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corp.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corp.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HpqKbFiltr [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqRemHid [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MSDV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvsmu [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RxFilter [Disabled | Stopped]) -- C:\Windows\system32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS ()
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ()
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - URLSearchHook: - Reg Error: Key error. File not found
IE - URLSearchHook: {b800be35-8e12-422f-9967-8176bbb4e828} - C:\Program Files\MouseHunt Toolbar\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {792fea7c-bd22-41b0-99fd-36ccd4df9dce} - C:\ProgramData\layuvedi\layuvedi.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FCTBPos00Pos Class) - {91B53B55-36CE-4ABE-A248-F97D6D9F0CFF} - C:\Program Files\MouseHunt Toolbar\Toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {e2676052-007b-44df-96f6-94d5acb5ac5a} - C:\Windows\system32\ntgldg.dll ()
O3 - HKLM\..\Toolbar: (no name) - {6DEC5D53-09EE-4724-9D13-705F47470D03} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (MouseHunt Toolbar) - {89F74AE6-CC04-4740-9A19-EEE1DCD2861B} - C:\Program Files\MouseHunt Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {89F74AE6-CC04-4740-9A19-EEE1DCD2861B} - C:\Program Files\MouseHunt Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [44a92943] rundll32.exe "C:\Windows\system32\mamapome.dll",b ()
O4 - HKLM..\Run: [bovohijami] Rundll32.exe "C:\ProgramData\hozekopo\hozekopo.dll",s ()
O4 - HKLM..\Run: [CPM479a1adf] Rundll32.exe "c:\windows\system32\yapafeju.dll",a ()
O4 - HKCU..\Run: [CPM479a1adf] Rundll32.exe "c:\windows\system32\yapafeju.dll",a ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\ProgramData\huhugafe\huhugafe.dll) - C:\ProgramData\huhugafe\huhugafe.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\yefugeba.dll) - c:\windows\system32\yefugeba.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\yapafeju.dll) - c:\windows\system32\yapafeju.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yapafeju.dll ()
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\yapafeju.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O32 - Autorun File - D:\AUTOMODE () - [ NTFS ]
O33 - MountPoints2\{b6b98cc0-e42f-11dd-9bf7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b6b98cc0-e42f-11dd-9bf7-806e6f6e6963}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/14 15:42:06 | 00,497,152 | ---- | C] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTListIt2.exe
[2009/03/14 14:35:39 | 00,026,624 | ---- | C] () -- C:\Users\Ben\Desktop\BH-RESUME.doc
[2009/03/14 13:18:08 | 20,792,15616 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/14 12:59:59 | 00,124,928 | -HS- | C] () -- C:\Windows\System32\ntgldg.dll
[2009/03/14 01:00:05 | 00,124,928 | -HS- | C] () -- C:\Windows\System32\dtaqmw.dll
[2009/03/13 12:55:51 | 00,124,928 | -HS- | C] () -- C:\Windows\System32\feditt.dll
[2009/03/13 09:29:24 | 00,012,167 | ---- | C] () -- C:\Users\Ben\Desktop\[isoHunt]_One_Republic_-_Dreaming_Out_Loud_[2008]_(VBR)_[SvC].4694367.TPB.torrent
[2009/03/13 02:10:49 | 00,020,651 | ---- | C] () -- C:\Users\Ben\Desktop\littlewomen.torrent
[2009/03/13 02:09:07 | 00,014,789 | ---- | C] () -- C:\Users\Ben\Desktop\[isoHunt]_download.torrent
[2009/03/13 01:23:02 | 11,438,5221 | ---- | C] () -- C:\Users\Ben\Desktop\MMExposed_8.wmv
[2009/03/12 23:19:13 | 00,117,484 | ---- | C] () -- C:\Users\Ben\Desktop\CD.JPG
[2009/03/12 00:55:21 | 00,122,880 | -HS- | C] () -- C:\Windows\System32\lgejol.dll
[2009/03/12 00:51:31 | 00,013,044 | ---- | C] () -- C:\Users\Ben\Desktop\[isoHunt]_Jersey_Boys__Original_Broadway_Cast_Recording_.rar.torrent
[2009/03/12 00:47:53 | 00,034,191 | ---- | C] () -- C:\Users\Ben\Desktop\[isoHunt]_Brooklyn__The_Musical_Original_Broadway_Cast.torrent
[2009/03/12 00:36:29 | 00,011,776 | ---- | C] () -- C:\Users\Ben\Desktop\verses.wps
[2009/03/11 21:42:29 | 00,015,292 | ---- | C] () -- C:\Users\Ben\Desktop\[isoHunt]_Carly_Rae_Jepsen_-_Tug_Of_War_(2008)_-_Pop_.4426497.TPB.torrent
[2009/03/11 21:15:10 | 00,002,275 | ---- | C] () -- C:\Users\Ben\Desktop\[isoHunt]_Pussycat_Dolls_-_Jai_Ho_(2009)_(ksbnet).4714620.TPB.torrent
[2009/03/11 21:12:48 | 00,002,245 | ---- | C] () -- C:\Users\Ben\Desktop\[isoHunt]_Flo-Rida_feat._Kesha_-_Right_Round_(Single).4673148.TPB.torrent
[2009/03/11 15:05:02 | 00,000,000 | ---D | C] -- C:\Users\Ben\Desktop\SmitfraudFix
[2009/03/11 14:42:02 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/03/11 12:55:29 | 00,122,880 | -HS- | C] () -- C:\Windows\System32\wmhulz.dll
[2009/03/11 00:54:57 | 00,122,880 | -HS- | C] () -- C:\Windows\System32\tpmvcv.dll
[2009/03/10 20:22:59 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/10 20:22:57 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/10 20:22:56 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/10 20:22:56 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/10 20:22:55 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/10 20:21:29 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/10 20:21:02 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/03/10 15:03:53 | 08,788,252 | ---- | C] () -- C:\Users\Ben\Desktop\Youth-Worker-brian pengelly .mp3
[2009/03/10 15:01:37 | 06,926,659 | ---- | C] () -- C:\Users\Ben\Desktop\Brian Pengelly I dont hate you session.mp3
[2009/03/10 12:22:50 | 00,122,880 | -HS- | C] () -- C:\Windows\System32\ucwviy.dll
[2009/03/09 23:22:33 | 00,122,880 | -HS- | C] () -- C:\Windows\System32\acisgi.dll
[2009/03/09 00:31:24 | 00,012,800 | ---- | C] () -- C:\Users\Ben\Desktop\biblestudy.wps
[2009/03/08 23:36:47 | 00,000,000 | ---D | C] -- C:\Users\Ben\Desktop\ym mod
[2009/03/08 21:36:50 | 00,122,880 | -HS- | C] () -- C:\Windows\System32\ggocss.dll
[2009/03/07 19:31:19 | 00,122,880 | -HS- | C] () -- C:\Windows\System32\mvxjnm.dll
[2009/03/07 10:52:22 | 00,020,480 | ---- | C] () -- C:\tmp.hiv
[2009/03/07 10:28:25 | 00,361,832 | ---- | C] () -- C:\Pass2.cmd
[2009/03/07 10:25:36 | 00,001,584 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2009/03/07 10:22:40 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2009/03/07 10:22:40 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2009/03/07 10:22:40 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[2009/03/07 10:22:40 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe
[2009/03/07 10:22:40 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe
[2009/03/07 10:22:40 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe
[2009/03/07 10:22:40 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2009/03/07 10:22:40 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe
[2009/03/07 10:22:40 | 00,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2009/03/07 10:22:40 | 00,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2009/03/07 10:22:40 | 00,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2009/03/07 10:22:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\SmitfraudFix
[2009/03/07 10:21:33 | 01,663,873 | ---- | C] () -- C:\Users\Ben\Desktop\SmitfraudFix.exe
[2009/03/07 10:21:00 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/03/07 10:20:45 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/07 10:20:43 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/07 10:20:42 | 00,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com
[2009/03/07 10:18:43 | 05,797,152 | ---- | C] () -- C:\Users\Ben\Desktop\SUPERAntiSpyware.exe
[2009/03/07 03:27:10 | 00,122,880 | -HS- | C] () -- C:\Windows\System32\rwexbn.dll
[2009/03/07 02:55:32 | 00,021,504 | ---- | C] () -- C:\Users\Ben\Desktop\youthmin reading.wps
[2009/03/07 02:02:14 | 00,122,880 | -HS- | C] () -- C:\Windows\System32\ajsphr.dll
[2009/03/06 15:26:41 | 00,122,880 | -HS- | C] () -- C:\Windows\System32\jnxlps.dll
[2009/03/06 11:38:05 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/06 11:36:12 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Users\Ben\Desktop\VundoFix.exe
[2009/03/06 01:24:44 | 00,009,216 | ---- | C] () -- C:\Users\Ben\Desktop\scholarship.wps
[2009/03/05 23:47:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\VT2
[2009/03/05 23:47:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\aNI02
[2009/03/05 23:47:34 | 00,000,000 | ---D | C] -- C:\Temp
[2009/03/05 23:47:33 | 00,000,000 | ---D | C] -- C:\ProgramData\layuvedi
[2009/03/05 23:47:33 | 00,000,000 | ---D | C] -- C:\ProgramData\huhugafe
[2009/03/05 23:47:33 | 00,000,000 | ---D | C] -- C:\ProgramData\hozekopo
[2009/03/05 09:17:33 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/03/04 17:22:28 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/03/04 02:33:06 | 50,745,092 | ---- | C] () -- C:\Users\Ben\Desktop\hotncold.wmv
[2009/03/04 02:21:54 | 00,400,896 | ---- | C] () -- C:\Users\Ben\Desktop\Untitled.MSWMM
[2009/03/04 01:11:00 | 00,000,000 | ---D | C] -- C:\Users\Ben\Desktop\h&c
[2009/03/02 06:08:54 | 00,120,454 | ---- | C] () -- C:\Users\Ben\Desktop\RU.JPG
[2009/02/28 11:57:44 | 00,000,000 | ---D | C] -- C:\Program Files\iWin
[2009/02/27 22:49:01 | 00,365,001 | ---- | C] () -- C:\Users\Ben\Desktop\S2_[mininova].torrent
[2009/02/25 12:33:37 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/02/25 12:33:36 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/02/25 12:33:36 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/02/25 12:33:36 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/02/25 06:29:20 | 00,020,992 | ---- | C] () -- C:\Users\Ben\Desktop\interpersonaldynamicsbook review.wps
[2009/02/25 03:38:55 | 00,000,071 | ---- | C] () -- C:\Windows\AndreaMosaic.INI
[2009/02/25 03:32:51 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009/02/25 03:32:49 | 00,000,000 | ---D | C] -- C:\Program Files\AndreaMosaic
[2009/02/24 01:37:06 | 00,208,177 | ---- | C] () -- C:\Users\Ben\Desktop\Ghostwriter_[mininova].torrent
[2009/02/21 12:24:00 | 00,000,000 | ---D | C] -- C:\Users\Ben\Desktop\yqskit
[2009/02/20 01:01:34 | 00,100,690 | ---- | C] () -- C:\Users\Ben\Desktop\n501302467_2175464_784.jpg
[2009/02/19 16:51:57 | 00,027,648 | ---- | C] () -- C:\Users\Ben\Desktop\acting resume.doc
[2009/02/18 15:39:45 | 00,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\HP
[2009/02/18 02:15:49 | 00,084,698 | ---- | C] () -- C:\Users\Ben\Desktop\Broadway_[mininova].torrent
[2009/02/17 13:55:12 | 01,320,547 | ---- | C] () -- C:\Users\Ben\Documents\why god.wma
[2009/02/16 23:25:16 | 00,024,064 | ---- | C] () -- C:\Users\Ben\Desktop\hdadoles.wps
[2009/02/15 10:27:10 | 00,027,649 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/15 10:27:09 | 00,027,649 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/14 21:34:49 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/02/14 21:34:48 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/02/14 21:34:46 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/02/14 21:34:46 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/02/14 21:34:46 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/02/12 21:48:07 | 00,393,090 | ---- | C] () -- C:\Users\Ben\Desktop\Road.To.Avonlea.Season01_[mininova].torrent

========== Files - Modified Within 30 Days ==========

[2009/03/14 16:09:17 | 00,011,168 | -H-- | M] () -- C:\ProgramData\tamipele
[2009/03/14 16:09:06 | 00,027,649 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/03/14 15:42:11 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTListIt2.exe
[2009/03/14 15:42:07 | 00,026,112 | ---- | M] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/14 15:18:17 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/14 15:18:17 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/14 14:36:11 | 00,020,480 | ---- | M] () -- C:\Users\Ben\Desktop\resume.doc.wps
[2009/03/14 14:36:11 | 00,013,368 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\wklnhst.dat
[2009/03/14 14:35:43 | 00,026,624 | ---- | M] () -- C:\Users\Ben\Desktop\BH-RESUME.doc
[2009/03/14 13:21:22 | 00,000,513 | ---- | M] () -- C:\Users\Ben\Documents\My Sharing Folders.lnk
[2009/03/14 13:18:18 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/14 13:18:13 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/14 13:18:08 | 20,792,15616 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/14 13:15:06 | 00,000,691 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\GetValue.vbs
[2009/03/14 13:15:06 | 00,000,035 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\SetValue.bat
[2009/03/14 13:15:05 | 00,001,584 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2009/03/14 12:59:59 | 00,124,928 | -HS- | M] () -- C:\Windows\System32\ntgldg.dll
[2009/03/14 12:59:59 | 00,124,928 | -HS- | M] () -- C:\Windows\System32\duwibudo.dll
[2009/03/14 12:59:57 | 00,079,872 | -HS- | M] () -- C:\Windows\System32\mamapome.dll
[2009/03/14 12:59:56 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\yapafeju.dll
[2009/03/14 11:30:21 | 01,663,873 | ---- | M] () -- C:\Users\Ben\Desktop\SmitfraudFix.exe
[2009/03/14 01:00:21 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\yelosuso.dll
[2009/03/14 01:00:05 | 00,124,928 | -HS- | M] () -- C:\Windows\System32\kihugali.dll
[2009/03/14 01:00:05 | 00,124,928 | -HS- | M] () -- C:\Windows\System32\dtaqmw.dll
[2009/03/14 01:00:01 | 00,079,872 | ---- | M] () -- C:\Windows\System32\yukojuni.dll
[2009/03/13 12:55:58 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\voganojo.dll
[2009/03/13 12:55:51 | 00,124,928 | -HS- | M] () -- C:\Windows\System32\kiyivaro.dll
[2009/03/13 12:55:51 | 00,124,928 | -HS- | M] () -- C:\Windows\System32\feditt.dll
[2009/03/13 12:55:49 | 00,079,872 | -HS- | M] () -- C:\Windows\System32\nahiyuku.dll
[2009/03/13 11:57:18 | 01,499,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/13 11:57:18 | 00,682,232 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/03/13 11:57:18 | 00,609,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/13 11:57:18 | 00,132,440 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/03/13 11:57:18 | 00,109,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/13 09:29:28 | 00,012,167 | ---- | M] () -- C:\Users\Ben\Desktop\[isoHunt]_One_Republic_-_Dreaming_Out_Loud_[2008]_(VBR)_[SvC].4694367.TPB.torrent
[2009/03/13 02:10:53 | 00,020,651 | ---- | M] () -- C:\Users\Ben\Desktop\littlewomen.torrent
[2009/03/13 02:09:13 | 00,014,789 | ---- | M] () -- C:\Users\Ben\Desktop\[isoHunt]_download.torrent
[2009/03/13 01:23:07 | 11,438,5221 | ---- | M] () -- C:\Users\Ben\Desktop\MMExposed_8.wmv
[2009/03/13 00:55:18 | 00,079,872 | -HS- | M] () -- C:\Windows\System32\visujowo.dll
[2009/03/13 00:55:17 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\beziseno.dll
[2009/03/12 23:19:14 | 00,117,484 | ---- | M] () -- C:\Users\Ben\Desktop\CD.JPG
[2009/03/12 17:29:57 | 20,752,6080 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/03/12 15:03:33 | 00,026,112 | ---- | M] () -- C:\Users\Ben\Desktop\Untitled Document.wps
[2009/03/12 12:55:39 | 00,079,872 | -HS- | M] () -- C:\Windows\System32\fusigagi.dll
[2009/03/12 12:55:25 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\pujorila.dll
[2009/03/12 00:55:39 | 00,034,191 | ---- | M] () -- C:\Users\Ben\Desktop\[isoHunt]_Brooklyn__The_Musical_Original_Broadway_Cast.torrent
[2009/03/12 00:55:21 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\lgejol.dll
[2009/03/12 00:55:21 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\fatehuza.dll
[2009/03/12 00:55:20 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\zukepive.dll
[2009/03/12 00:51:34 | 00,013,044 | ---- | M] () -- C:\Users\Ben\Desktop\[isoHunt]_Jersey_Boys__Original_Broadway_Cast_Recording_.rar.torrent
[2009/03/12 00:36:30 | 00,011,776 | ---- | M] () -- C:\Users\Ben\Desktop\verses.wps
[2009/03/11 21:42:38 | 00,015,292 | ---- | M] () -- C:\Users\Ben\Desktop\[isoHunt]_Carly_Rae_Jepsen_-_Tug_Of_War_(2008)_-_Pop_.4426497.TPB.torrent
[2009/03/11 21:15:12 | 00,002,275 | ---- | M] () -- C:\Users\Ben\Desktop\[isoHunt]_Pussycat_Dolls_-_Jai_Ho_(2009)_(ksbnet).4714620.TPB.torrent
[2009/03/11 21:12:50 | 00,002,245 | ---- | M] () -- C:\Users\Ben\Desktop\[isoHunt]_Flo-Rida_feat._Kesha_-_Right_Round_(Single).4673148.TPB.torrent
[2009/03/11 14:28:23 | 00,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/03/11 12:55:29 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\wmhulz.dll
[2009/03/11 12:55:29 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\huwakalu.dll
[2009/03/11 12:55:25 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\jamamafo.dll
[2009/03/11 03:23:28 | 00,422,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/11 00:59:26 | 00,027,649 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/03/11 00:54:57 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\tpmvcv.dll
[2009/03/11 00:54:57 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\jagepeyu.dll
[2009/03/11 00:54:57 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\lufuyuko.dll
[2009/03/10 15:03:55 | 08,788,252 | ---- | M] () -- C:\Users\Ben\Desktop\Youth-Worker-brian pengelly .mp3
[2009/03/10 15:01:38 | 06,926,659 | ---- | M] () -- C:\Users\Ben\Desktop\Brian Pengelly I dont hate you session.mp3
[2009/03/10 12:22:50 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\ucwviy.dll
[2009/03/10 12:22:50 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\pehuraba.dll
[2009/03/10 12:22:48 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\fagometo.dll
[2009/03/09 23:22:33 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\janufini.dll
[2009/03/09 23:22:33 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\acisgi.dll
[2009/03/09 23:22:32 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\monigula.dll
[2009/03/09 00:31:24 | 00,012,800 | ---- | M] () -- C:\Users\Ben\Desktop\biblestudy.wps
[2009/03/08 21:36:50 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\ggocss.dll
[2009/03/08 21:36:50 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\darususi.dll
[2009/03/08 21:36:49 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\henebevi.dll
[2009/03/07 19:34:19 | 00,000,680 | ---- | M] () -- C:\Users\Ben\AppData\Local\d3d9caps.dat
[2009/03/07 19:31:19 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\mvxjnm.dll
[2009/03/07 19:31:19 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\hohebalo.dll
[2009/03/07 19:31:19 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\divimuvo.dll
[2009/03/07 10:52:22 | 00,020,480 | ---- | M] () -- C:\tmp.hiv
[2009/03/07 10:29:12 | 00,361,832 | ---- | M] () -- C:\Pass2.cmd
[2009/03/07 10:20:45 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/07 10:18:44 | 05,797,152 | ---- | M] () -- C:\Users\Ben\Desktop\SUPERAntiSpyware.exe
[2009/03/07 03:27:10 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\vedihome.dll
[2009/03/07 03:27:10 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\rwexbn.dll
[2009/03/07 03:25:33 | 00,021,504 | ---- | M] () -- C:\Users\Ben\Desktop\youthmin reading.wps
[2009/03/07 02:02:14 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\sejezeni.dll
[2009/03/07 02:02:14 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\ajsphr.dll
[2009/03/07 02:02:08 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\rodusano.dll
[2009/03/06 15:26:42 | 00,084,992 | -HS- | M] () -- C:\Windows\System32\buraboto.dll
[2009/03/06 15:26:41 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\rijilutu.dll
[2009/03/06 15:26:41 | 00,122,880 | -HS- | M] () -- C:\Windows\System32\jnxlps.dll
[2009/03/06 11:40:02 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Users\Ben\Desktop\VundoFix.exe
[2009/03/06 01:24:45 | 00,009,216 | ---- | M] () -- C:\Users\Ben\Desktop\scholarship.wps
[2009/03/04 02:59:20 | 00,400,896 | ---- | M] () -- C:\Users\Ben\Desktop\Untitled.MSWMM
[2009/03/04 02:51:40 | 50,745,092 | ---- | M] () -- C:\Users\Ben\Desktop\hotncold.wmv
[2009/03/02 06:08:54 | 00,120,454 | ---- | M] () -- C:\Users\Ben\Desktop\RU.JPG
[2009/02/28 13:03:35 | 00,009,728 | ---- | M] () -- C:\Users\Ben\Documents\song.wps
[2009/02/27 22:49:03 | 00,365,001 | ---- | M] () -- C:\Users\Ben\Desktop\S2_[mininova].torrent
[2009/02/25 12:32:27 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/02/25 12:32:27 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/02/25 12:32:26 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/02/25 12:32:26 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/02/25 06:29:20 | 00,020,992 | ---- | M] () -- C:\Users\Ben\Desktop\interpersonaldynamicsbook review.wps
[2009/02/25 03:38:55 | 00,000,071 | ---- | M] () -- C:\Windows\AndreaMosaic.INI
[2009/02/25 03:32:25 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009/02/24 01:37:09 | 00,208,177 | ---- | M] () -- C:\Users\Ben\Desktop\Ghostwriter_[mininova].torrent
[2009/02/20 01:01:18 | 00,100,690 | ---- | M] () -- C:\Users\Ben\Desktop\n501302467_2175464_784.jpg
[2009/02/19 16:52:01 | 00,027,648 | ---- | M] () -- C:\Users\Ben\Desktop\acting resume.doc
[2009/02/18 02:15:54 | 00,084,698 | ---- | M] () -- C:\Users\Ben\Desktop\Broadway_[mininova].torrent
[2009/02/18 01:27:57 | 00,024,064 | ---- | M] () -- C:\Users\Ben\Desktop\hdadoles.wps
[2009/02/17 13:55:13 | 01,320,547 | ---- | M] () -- C:\Users\Ben\Documents\why god.wma
[2009/02/14 08:58:35 | 00,103,467 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\nvModes.dat
[2009/02/14 08:58:35 | 00,103,467 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\nvModes.001
[2009/02/12 21:48:12 | 00,393,090 | ---- | M] () -- C:\Users\Ben\Desktop\Road.To.Avonlea.Season01_[mininova].torrent

========== LOP Check ==========

[2009/03/14 13:18:18 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/03/14 13:10:38 | 00,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Ben\Documents\why god.wma:Roxio EMC Stream
@Alternate Data Stream - 64 bytes -> C:\Users\Ben\Desktop\MVI_4990.AVI:TOC.WMV
< End of report >
  • 0

#8
SpySentinel
Posted 18 March 2009 - 05:08 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Sorry for the delay


You are using peer-to-peer programs, specifically Torrents.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.


Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
O2 - BHO: (no name) - {792fea7c-bd22-41b0-99fd-36ccd4df9dce} - C:\ProgramData\layuvedi\layuvedi.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (FCTBPos00Pos Class) - {91B53B55-36CE-4ABE-A248-F97D6D9F0CFF} - C:\Program Files\MouseHunt Toolbar\Toolbar.dll ()
O2 - BHO: (no name) - {e2676052-007b-44df-96f6-94d5acb5ac5a} - C:\Windows\system32\ntgldg.dll ()
O3 - HKLM\..\Toolbar: (no name) - {6DEC5D53-09EE-4724-9D13-705F47470D03} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (MouseHunt Toolbar) - {89F74AE6-CC04-4740-9A19-EEE1DCD2861B} - C:\Program Files\MouseHunt Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {89F74AE6-CC04-4740-9A19-EEE1DCD2861B} - C:\Program Files\MouseHunt Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [44a92943] rundll32.exe "C:\Windows\system32\mamapome.dll",b ()
O4 - HKLM..\Run: [bovohijami] Rundll32.exe "C:\ProgramData\hozekopo\hozekopo.dll",s ()
O4 - HKLM..\Run: [CPM479a1adf] Rundll32.exe "c:\windows\system32\yapafeju.dll",a ()
O4 - HKCU..\Run: [CPM479a1adf] Rundll32.exe "c:\windows\system32\yapafeju.dll",a ()
O20 - AppInit_DLLs: (C:\ProgramData\huhugafe\huhugafe.dll) - C:\ProgramData\huhugafe\huhugafe.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\yefugeba.dll) - c:\windows\system32\yefugeba.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\yapafeju.dll) - c:\windows\system32\yapafeju.dll ()

:Files
C:\Windows\System32\ntgldg.dll
C:\Windows\System32\dtaqmw.dll
C:\Windows\System32\feditt.dll
C:\Windows\System32\visujowo.dll
C:\Windows\System32\fusigagi.dll
C:\Users\Ben\Desktop\[isoHunt]_One_Republic_-_Dreaming_Out_Loud_[2008]_(VBR)_[SvC].4694367.TPB.torrent
C:\Users\Ben\Desktop\littlewomen.torrent
C:\Users\Ben\Desktop\[isoHunt]_download.torrent
C:\Windows\System32\lgejol.dll
C:\Users\Ben\Desktop\[isoHunt]_Jersey_Boys__Original_Broadway_Cast_Recording_.rar.torrent
C:\Users\Ben\Desktop\[isoHunt]_Carly_Rae_Jepsen_-_Tug_Of_War_(2008)_-_Pop_.4426497.TPB.torrent
C:\Users\Ben\Desktop\[isoHunt]_Pussycat_Dolls_-_Jai_Ho_(2009)_(ksbnet).4714620.TPB.torrent
C:\Users\Ben\Desktop\[isoHunt]_Flo-Rida_feat._Kesha_-_Right_Round_(Single).4673148.TPB.torrent
C:\Windows\System32\ucwviy.dll
C:\Windows\System32\acisgi.dll
C:\Windows\System32\ggocss.dll
C:\Windows\System32\mvxjnm.dll
C:\Windows\System32\rwexbn.dll
C:\Windows\System32\ajsphr.dll
C:\Windows\System32\jnxlps.dll
C:\ProgramData\layuvedi
C:\ProgramData\huhugafe
C:\ProgramData\hozekopo
C:\Users\Ben\Desktop\ym mod
C:\found.000
C:\Users\Ben\Desktop\S2_[mininova].torrent
C:\Users\Ben\Desktop\Ghostwriter_[mininova].torrent
C:\Users\Ben\Desktop\yqskit
C:\Users\Ben\Desktop\Broadway_[mininova].torrent
C:\Users\Ben\Desktop\Road.To.Avonlea.Season01_[mininova].torrent
C:\Windows\System32\ntgldg.dll
C:\Windows\System32\duwibudo.dll
C:\Windows\System32\mamapome.dll
C:\Windows\System32\yapafeju.dll
C:\Windows\System32\yelosuso.dll
C:\Users\Ben\Desktop\S2_[mininova].torrent
C:\Users\Ben\Desktop\Ghostwriter_[mininova].torrent
C:\Users\Ben\Desktop\Broadway_[mininova].torrent
C:\Users\Ben\Desktop\Road.To.Avonlea.Season01_[mininova].torrent
C:\Windows\System32\sejezeni.dll
C:\Windows\System32\ajsphr.dll
C:\Windows\System32\rodusano.dll
C:\Windows\System32\buraboto.dll
C:\Windows\System32\rijilutu.dll
C:\Windows\System32\jnxlps.dll
C:\Windows\System32\vedihome.dll
C:\Windows\System32\mvxjnm.dll
C:\Windows\System32\ucwviy.dll
C:\Windows\System32\tpmvcv.dll
C:\Windows\System32\wmhulz.dll
C:\Users\Ben\Desktop\[isoHunt]_Carly_Rae_Jepsen_-_Tug_Of_War_(2008)_-_Pop_.4426497.TPB.torrent
C:\Users\Ben\Desktop\[isoHunt]_One_Republic_-_Dreaming_Out_Loud_[2008]_(VBR)_[SvC].4694367.TPB.torrent
C:\Users\Ben\Desktop\littlewomen.torrent
C:\Users\Ben\Desktop\[isoHunt]_download.torrent
C:\Windows\System32\kihugali.dll
C:\Windows\System32\dtaqmw.dll
C:\Windows\System32\yukojuni.dll
C:\Windows\System32\voganojo.dll
C:\Windows\System32\kiyivaro.dll
C:\Windows\System32\feditt.dll
C:\Windows\System32\nahiyuku.dll
C:\Windows\System32\beziseno.dll
C:\Windows\System32\pujorila.dll
C:\Users\Ben\Desktop\[isoHunt]_Brooklyn__The_Musical_Original_Broadway_Cast.torrent
C:\Windows\System32\lgejol.dll
C:\Windows\System32\fatehuza.dll
C:\Windows\System32\zukepive.dll
C:\Users\Ben\Desktop\[isoHunt]_Jersey_Boys__Original_Broadway_Cast_Recording_.rar.torrent
C:\Users\Ben\Desktop\[isoHunt]_Pussycat_Dolls_-_Jai_Ho_(2009)_(ksbnet).4714620.TPB.torrent
C:\Users\Ben\Desktop\[isoHunt]_Flo-Rida_feat._Kesha_-_Right_Round_(Single).4673148.TPB.torrent
C:\Windows\System32\huwakalu.dll
C:\Windows\System32\jamamafo.dll
C:\Windows\System32\jagepeyu.dll
C:\Windows\System32\lufuyuko.dll
C:\Windows\System32\pehuraba.dll
C:\Windows\System32\fagometo.dll
C:\Windows\System32\janufini.dll
C:\Windows\System32\acisgi.dll
C:\Windows\System32\monigula.dll
C:\Users\Ben\Desktop\biblestudy.wps
C:\Windows\System32\ggocss.dll
C:\Windows\System32\darususi.dll
C:\Windows\System32\henebevi.dll
C:\Windows\System32\hohebalo.dll
C:\Windows\System32\divimuvo.dll
C:\Windows\System32\rwexbn.dll
C:\Users\Ben\Desktop\youthmin reading.wps

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

  • 0

#9
benh1984
Posted 18 March 2009 - 09:45 PM

benh1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I'm not sue if youneed this but it opened after I used OTlist2

========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{792fea7c-bd22-41b0-99fd-36ccd4df9dce}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{792fea7c-bd22-41b0-99fd-36ccd4df9dce}\ deleted successfully.
DllUnregisterServer procedure not found in C:\ProgramData\layuvedi\layuvedi.dll
C:\ProgramData\layuvedi\layuvedi.dll NOT unregistered.
C:\ProgramData\layuvedi\layuvedi.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91B53B55-36CE-4ABE-A248-F97D6D9F0CFF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91B53B55-36CE-4ABE-A248-F97D6D9F0CFF}\ deleted successfully.
C:\Program Files\MouseHunt Toolbar\Toolbar.dll unregistered successfully.
C:\Program Files\MouseHunt Toolbar\Toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2676052-007b-44df-96f6-94d5acb5ac5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2676052-007b-44df-96f6-94d5acb5ac5a}\ not found.
File C:\Windows\system32\ntgldg.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6DEC5D53-09EE-4724-9D13-705F47470D03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DEC5D53-09EE-4724-9D13-705F47470D03}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{89F74AE6-CC04-4740-9A19-EEE1DCD2861B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89F74AE6-CC04-4740-9A19-EEE1DCD2861B}\ not found.
File C:\Program Files\MouseHunt Toolbar\Toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{89F74AE6-CC04-4740-9A19-EEE1DCD2861B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89F74AE6-CC04-4740-9A19-EEE1DCD2861B}\ not found.
File C:\Program Files\MouseHunt Toolbar\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\44a92943 deleted successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\mamapome.DLL
C:\Windows\system32\mamapome.DLL NOT unregistered.
C:\Windows\system32\mamapome.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bovohijami deleted successfully.
DllUnregisterServer procedure not found in C:\ProgramData\hozekopo\hozekopo.DLL
C:\ProgramData\hozekopo\hozekopo.DLL NOT unregistered.
C:\ProgramData\hozekopo\hozekopo.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPM479a1adf deleted successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yapafeju.DLL
c:\windows\system32\yapafeju.DLL NOT unregistered.
c:\windows\system32\yapafeju.DLL moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CPM479a1adf deleted successfully.
File Rundll32.exe "c:\windows\system32\yapafeju.dll",a not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ProgramData\huhugafe\huhugafe.dll deleted successfully.
DllUnregisterServer procedure not found in C:\ProgramData\huhugafe\huhugafe.dll
C:\ProgramData\huhugafe\huhugafe.dll NOT unregistered.
C:\ProgramData\huhugafe\huhugafe.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yefugeba.dll deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yapafeju.dll scheduled to be deleted on reboot.
File c:\windows\system32\yapafeju.dll not found.
========== FILES ==========
File/Folder C:\Windows\System32\ntgldg.dll not found.
File/Folder C:\Windows\System32\dtaqmw.dll not found.
File/Folder C:\Windows\System32\feditt.dll not found.
DllUnregisterServer procedure not found in C:\Windows\System32\visujowo.dll
C:\Windows\System32\visujowo.dll NOT unregistered.
C:\Windows\System32\visujowo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\fusigagi.dll
C:\Windows\System32\fusigagi.dll NOT unregistered.
C:\Windows\System32\fusigagi.dll moved successfully.
C:\Users\Ben\Desktop\[isoHunt]_One_Republic_-_Dreaming_Out_Loud_[2008]_(VBR)_[SvC].4694367.TPB.torrent moved successfully.
File/Folder C:\Users\Ben\Desktop\littlewomen.torrent not found.
C:\Users\Ben\Desktop\[isoHunt]_download.torrent moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\lgejol.dll
C:\Windows\System32\lgejol.dll NOT unregistered.
C:\Windows\System32\lgejol.dll moved successfully.
C:\Users\Ben\Desktop\[isoHunt]_Jersey_Boys__Original_Broadway_Cast_Recording_.rar.torrent moved successfully.
C:\Users\Ben\Desktop\[isoHunt]_Carly_Rae_Jepsen_-_Tug_Of_War_(2008)_-_Pop_.4426497.TPB.torrent moved successfully.
C:\Users\Ben\Desktop\[isoHunt]_Pussycat_Dolls_-_Jai_Ho_(2009)_(ksbnet).4714620.TPB.torrent moved successfully.
C:\Users\Ben\Desktop\[isoHunt]_Flo-Rida_feat._Kesha_-_Right_Round_(Single).4673148.TPB.torrent moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\ucwviy.dll
C:\Windows\System32\ucwviy.dll NOT unregistered.
C:\Windows\System32\ucwviy.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\acisgi.dll
C:\Windows\System32\acisgi.dll NOT unregistered.
C:\Windows\System32\acisgi.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\ggocss.dll
C:\Windows\System32\ggocss.dll NOT unregistered.
C:\Windows\System32\ggocss.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\mvxjnm.dll
C:\Windows\System32\mvxjnm.dll NOT unregistered.
C:\Windows\System32\mvxjnm.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\rwexbn.dll
C:\Windows\System32\rwexbn.dll NOT unregistered.
C:\Windows\System32\rwexbn.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\ajsphr.dll
C:\Windows\System32\ajsphr.dll NOT unregistered.
C:\Windows\System32\ajsphr.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\jnxlps.dll
C:\Windows\System32\jnxlps.dll NOT unregistered.
C:\Windows\System32\jnxlps.dll moved successfully.
C:\ProgramData\layuvedi moved successfully.
C:\ProgramData\huhugafe moved successfully.
C:\ProgramData\hozekopo moved successfully.
C:\Users\Ben\Desktop\ym mod moved successfully.
C:\found.000\dir0000.chk moved successfully.
C:\found.000 moved successfully.
C:\Users\Ben\Desktop\S2_[mininova].torrent moved successfully.
C:\Users\Ben\Desktop\Ghostwriter_[mininova].torrent moved successfully.
C:\Users\Ben\Desktop\yqskit moved successfully.
C:\Users\Ben\Desktop\Broadway_[mininova].torrent moved successfully.
C:\Users\Ben\Desktop\Road.To.Avonlea.Season01_[mininova].torrent moved successfully.
File/Folder C:\Windows\System32\ntgldg.dll not found.
File/Folder C:\Windows\System32\duwibudo.dll not found.
File/Folder C:\Windows\System32\mamapome.dll not found.
File/Folder C:\Windows\System32\yapafeju.dll not found.
DllUnregisterServer procedure not found in C:\Windows\System32\yelosuso.dll
C:\Windows\System32\yelosuso.dll NOT unregistered.
C:\Windows\System32\yelosuso.dll moved successfully.
File/Folder C:\Users\Ben\Desktop\S2_[mininova].torrent not found.
File/Folder C:\Users\Ben\Desktop\Ghostwriter_[mininova].torrent not found.
File/Folder C:\Users\Ben\Desktop\Broadway_[mininova].torrent not found.
File/Folder C:\Users\Ben\Desktop\Road.To.Avonlea.Season01_[mininova].torrent not found.
DllUnregisterServer procedure not found in C:\Windows\System32\sejezeni.dll
C:\Windows\System32\sejezeni.dll NOT unregistered.
C:\Windows\System32\sejezeni.dll moved successfully.
File/Folder C:\Windows\System32\ajsphr.dll not found.
DllUnregisterServer procedure not found in C:\Windows\System32\rodusano.dll
C:\Windows\System32\rodusano.dll NOT unregistered.
C:\Windows\System32\rodusano.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\buraboto.dll
C:\Windows\System32\buraboto.dll NOT unregistered.
C:\Windows\System32\buraboto.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\rijilutu.dll
C:\Windows\System32\rijilutu.dll NOT unregistered.
C:\Windows\System32\rijilutu.dll moved successfully.
File/Folder C:\Windows\System32\jnxlps.dll not found.
DllUnregisterServer procedure not found in C:\Windows\System32\vedihome.dll
C:\Windows\System32\vedihome.dll NOT unregistered.
C:\Windows\System32\vedihome.dll moved successfully.
File/Folder C:\Windows\System32\mvxjnm.dll not found.
File/Folder C:\Windows\System32\ucwviy.dll not found.
DllUnregisterServer procedure not found in C:\Windows\System32\tpmvcv.dll
C:\Windows\System32\tpmvcv.dll NOT unregistered.
C:\Windows\System32\tpmvcv.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\wmhulz.dll
C:\Windows\System32\wmhulz.dll NOT unregistered.
C:\Windows\System32\wmhulz.dll moved successfully.
File/Folder C:\Users\Ben\Desktop\[isoHunt]_Carly_Rae_Jepsen_-_Tug_Of_War_(2008)_-_Pop_.4426497.TPB.torrent not found.
File/Folder C:\Users\Ben\Desktop\[isoHunt]_One_Republic_-_Dreaming_Out_Loud_[2008]_(VBR)_[SvC].4694367.TPB.torrent not found.
File/Folder C:\Users\Ben\Desktop\littlewomen.torrent not found.
File/Folder C:\Users\Ben\Desktop\[isoHunt]_download.torrent not found.
File/Folder C:\Windows\System32\kihugali.dll not found.
File/Folder C:\Windows\System32\dtaqmw.dll not found.
DllUnregisterServer procedure not found in C:\Windows\System32\yukojuni.dll
C:\Windows\System32\yukojuni.dll NOT unregistered.
C:\Windows\System32\yukojuni.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\voganojo.dll
C:\Windows\System32\voganojo.dll NOT unregistered.
C:\Windows\System32\voganojo.dll moved successfully.
File/Folder C:\Windows\System32\kiyivaro.dll not found.
File/Folder C:\Windows\System32\feditt.dll not found.
DllUnregisterServer procedure not found in C:\Windows\System32\nahiyuku.dll
C:\Windows\System32\nahiyuku.dll NOT unregistered.
C:\Windows\System32\nahiyuku.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\beziseno.dll
C:\Windows\System32\beziseno.dll NOT unregistered.
C:\Windows\System32\beziseno.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\pujorila.dll
C:\Windows\System32\pujorila.dll NOT unregistered.
C:\Windows\System32\pujorila.dll moved successfully.
C:\Users\Ben\Desktop\[isoHunt]_Brooklyn__The_Musical_Original_Broadway_Cast.torrent moved successfully.
File/Folder C:\Windows\System32\lgejol.dll not found.
DllUnregisterServer procedure not found in C:\Windows\System32\fatehuza.dll
C:\Windows\System32\fatehuza.dll NOT unregistered.
C:\Windows\System32\fatehuza.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\zukepive.dll
C:\Windows\System32\zukepive.dll NOT unregistered.
C:\Windows\System32\zukepive.dll moved successfully.
File/Folder C:\Users\Ben\Desktop\[isoHunt]_Jersey_Boys__Original_Broadway_Cast_Recording_.rar.torrent not found.
File/Folder C:\Users\Ben\Desktop\[isoHunt]_Pussycat_Dolls_-_Jai_Ho_(2009)_(ksbnet).4714620.TPB.torrent not found.
File/Folder C:\Users\Ben\Desktop\[isoHunt]_Flo-Rida_feat._Kesha_-_Right_Round_(Single).4673148.TPB.torrent not found.
DllUnregisterServer procedure not found in C:\Windows\System32\huwakalu.dll
C:\Windows\System32\huwakalu.dll NOT unregistered.
C:\Windows\System32\huwakalu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\jamamafo.dll
C:\Windows\System32\jamamafo.dll NOT unregistered.
C:\Windows\System32\jamamafo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\jagepeyu.dll
C:\Windows\System32\jagepeyu.dll NOT unregistered.
C:\Windows\System32\jagepeyu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\lufuyuko.dll
C:\Windows\System32\lufuyuko.dll NOT unregistered.
C:\Windows\System32\lufuyuko.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\pehuraba.dll
C:\Windows\System32\pehuraba.dll NOT unregistered.
C:\Windows\System32\pehuraba.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\fagometo.dll
C:\Windows\System32\fagometo.dll NOT unregistered.
C:\Windows\System32\fagometo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\janufini.dll
C:\Windows\System32\janufini.dll NOT unregistered.
C:\Windows\System32\janufini.dll moved successfully.
File/Folder C:\Windows\System32\acisgi.dll not found.
DllUnregisterServer procedure not found in C:\Windows\System32\monigula.dll
C:\Windows\System32\monigula.dll NOT unregistered.
C:\Windows\System32\monigula.dll moved successfully.
C:\Users\Ben\Desktop\biblestudy.wps moved successfully.
File/Folder C:\Windows\System32\ggocss.dll not found.
DllUnregisterServer procedure not found in C:\Windows\System32\darususi.dll
C:\Windows\System32\darususi.dll NOT unregistered.
C:\Windows\System32\darususi.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\henebevi.dll
C:\Windows\System32\henebevi.dll NOT unregistered.
C:\Windows\System32\henebevi.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\hohebalo.dll
C:\Windows\System32\hohebalo.dll NOT unregistered.
C:\Windows\System32\hohebalo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\divimuvo.dll
C:\Windows\System32\divimuvo.dll NOT unregistered.
C:\Windows\System32\divimuvo.dll moved successfully.
File/Folder C:\Windows\System32\rwexbn.dll not found.
C:\Users\Ben\Desktop\youthmin reading.wps moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Ben\AppData\Local\Temp\Low\~DFA631.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Ben\AppData\Local\Temp\~DF10CB.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.6.0 log created on 03182009_202945

Files moved on Reboot...
C:\Users\Ben\AppData\Local\Temp\Low\~DFA631.tmp moved successfully.
C:\Users\Ben\AppData\Local\Temp\~DF10CB.tmp moved successfully.

Registry entries deleted on Reboot...
Registry value :HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yapafeju.dll deleted successfully.
  • 0

#10
SpySentinel
Posted 19 March 2009 - 02:54 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Yes, thank you.


Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
  • 0

Advertisements

#11
benh1984
Posted 19 March 2009 - 05:35 PM

benh1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual-Core Processor TK-57 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Ben ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:286 Go (Free:114 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 19/03/2009|17:20 )

[ UAC => 1 ]

--------------------\\ Listing folders in Local

[08/09/2008|12:15] C:\Users\Ben\AppData\Local\Adobe
[03/09/2008|12:48] C:\Users\Ben\AppData\Local\Apple
[19/09/2008|08:49] C:\Users\Ben\AppData\Local\Apple Computer
[20/05/2008|06:34] C:\Users\Ben\AppData\Local\Application Data
[06/03/2009|03:40] C:\Users\Ben\AppData\Local\ApplicationHistory
[18/01/2009|05:12] C:\Users\Ben\AppData\Local\Apps
[20/05/2008|07:16] C:\Users\Ben\AppData\Local\AtStart.txt
[01/09/2008|08:29] C:\Users\Ben\AppData\Local\com.zipeg
[07/03/2009|07:34] C:\Users\Ben\AppData\Local\d3d9caps.dat
[18/03/2009|10:06] C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/11/2008|10:34] C:\Users\Ben\AppData\Local\desktop.ini
[15/03/2009|09:33] C:\Users\Ben\AppData\Local\DNA
[16/12/2008|02:03] C:\Users\Ben\AppData\Local\Downloaded Installations
[20/05/2008|07:16] C:\Users\Ben\AppData\Local\DSwitch.txt
[19/12/2008|01:37] C:\Users\Ben\AppData\Local\fusioncache.dat
[13/01/2009|04:30] C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
[27/05/2008|04:23] C:\Users\Ben\AppData\Local\Hewlett-Packard
[20/05/2008|06:34] C:\Users\Ben\AppData\Local\History
[18/02/2009|03:39] C:\Users\Ben\AppData\Local\HP
[18/03/2009|09:25] C:\Users\Ben\AppData\Local\IconCache.db
[25/09/2008|10:14] C:\Users\Ben\AppData\Local\Microsoft
[06/10/2008|07:27] C:\Users\Ben\AppData\Local\Microsoft Games
[20/05/2008|07:06] C:\Users\Ben\AppData\Local\Microsoft Help
[15/03/2009|06:46] C:\Users\Ben\AppData\Local\PSU
[20/05/2008|07:16] C:\Users\Ben\AppData\Local\QSwitch.txt
[23/10/2008|08:10] C:\Users\Ben\AppData\Local\QuickPlay
[03/01/2009|12:18] C:\Users\Ben\AppData\Local\rx_audio.Cache
[03/01/2009|12:18] C:\Users\Ben\AppData\Local\rx_image.Cache
[20/05/2008|07:09] C:\Users\Ben\AppData\Local\Seven Zip
[19/03/2009|05:17] C:\Users\Ben\AppData\Local\Temp
[20/05/2008|06:34] C:\Users\Ben\AppData\Local\Temporary Internet Files
[26/05/2008|09:42] C:\Users\Ben\AppData\Local\VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[18/03/2009 09:27][--ah-----] C:\Windows\tasks\SA.DAT
[18/03/2009 09:26][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[14/03/2009|06:21] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[06/09/2008|10:46] C:\ProgramData\Adobe
[02/09/2008|01:37] C:\ProgramData\AOL
[20/05/2008|09:22] C:\ProgramData\AOL OCP
[03/09/2008|12:47] C:\ProgramData\Apple
[03/09/2008|12:52] C:\ProgramData\Apple Computer
[02/11/2006|07:02] C:\ProgramData\Application Data
[15/09/2008|04:14] C:\ProgramData\CyberLink
[02/11/2006|07:02] C:\ProgramData\Desktop
[02/11/2006|07:02] C:\ProgramData\Documents
[20/05/2008|06:44] C:\ProgramData\Electronic Arts
[09/11/2008|11:03] C:\ProgramData\eSellerate
[02/11/2006|07:02] C:\ProgramData\Favorites
[18/02/2009|12:31] C:\ProgramData\Hewlett-Packard
[20/05/2008|06:38] C:\ProgramData\HP
[20/05/2008|06:39] C:\ProgramData\hpzinstall.log
[09/11/2008|10:34] C:\ProgramData\InstallShield
[01/09/2008|09:30] C:\ProgramData\Lavasoft
[24/10/2008|03:13] C:\ProgramData\LightScribe
[02/09/2008|07:37] C:\ProgramData\Malwarebytes
[17/03/2009|11:50] C:\ProgramData\Microsoft
[09/08/2008|02:36] C:\ProgramData\Microsoft Help
[21/09/2008|02:16] C:\ProgramData\muvee Technologies
[04/09/2008|12:49] C:\ProgramData\NOS
[15/02/2009|03:04] C:\ProgramData\NVIDIA
[14/03/2009|04:09] C:\ProgramData\nvModes.001
[11/03/2009|12:59] C:\ProgramData\nvModes.dat
[16/12/2008|02:03] C:\ProgramData\Pinnacle
[16/12/2008|02:27] C:\ProgramData\Pinnacle VideoSpin
[02/03/2009|07:52] C:\ProgramData\Roxio
[10/11/2008|12:31] C:\ProgramData\SmartSound Software Inc
[25/09/2008|10:16] C:\ProgramData\Softouch
[10/11/2008|12:25] C:\ProgramData\Sonic
[02/11/2006|07:02] C:\ProgramData\Start Menu
[07/03/2009|10:21] C:\ProgramData\SUPERAntiSpyware.com
[30/10/2008|11:01] C:\ProgramData\Symantec
[18/03/2009|09:26] C:\ProgramData\tamipele
[28/07/2008|08:43] C:\ProgramData\TEMP
[02/11/2006|07:02] C:\ProgramData\Templates
[16/12/2008|02:07] C:\ProgramData\VideoSpin
[17/12/2008|12:22] C:\ProgramData\VistaCodecs
[31/12/2008|09:22] C:\ProgramData\WildTangent
[13/06/2008|03:03] C:\ProgramData\WLInstaller
[21/05/2008|09:49] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[06/09/2008|10:45] C:\Program Files\Adobe
[25/02/2009|03:33] C:\Program Files\AndreaMosaic
[17/09/2008|03:19] C:\Program Files\Apple Software Update
[10/03/2008|12:02] C:\Program Files\AWS
[14/03/2009|06:17] C:\Program Files\Bonjour
[20/05/2008|06:35] C:\Program Files\Broadcom
[27/05/2008|08:06] C:\Program Files\CleanUp!
[18/03/2009|10:04] C:\Program Files\Common Files
[07/04/2008|04:14] C:\Program Files\CONEXANT
[03/12/2008|01:51] C:\Program Files\coolpro2
[07/04/2008|04:25] C:\Program Files\CyberLink
[11/07/2008|09:25] C:\Program Files\DivX
[06/11/2008|08:44] C:\Program Files\DNA
[27/08/2008|06:47] C:\Program Files\DVDx
[17/03/2009|05:19] C:\Program Files\EA GAMES
[09/08/2008|02:59] C:\Program Files\Electronic Arts
[01/08/2008|05:40] C:\Program Files\GIMP-2.0
[07/11/2008|02:03] C:\Program Files\Hewlett-Packard
[09/11/2008|10:12] C:\Program Files\hkSFV
[13/09/2008|03:15] C:\Program Files\HP
[07/04/2008|04:28] C:\Program Files\HP Games
[20/05/2008|06:36] C:\Program Files\HPQ
[11/08/2008|05:08] C:\Program Files\Infogrames Interactive
[10/11/2008|12:32] C:\Program Files\InstallShield Installation Information
[10/11/2008|12:37] C:\Program Files\InterActual
[10/11/2008|03:32] C:\Program Files\Internet Explorer
[14/03/2009|06:20] C:\Program Files\iPod
[14/03/2009|06:21] C:\Program Files\iTunes
[17/03/2009|01:49] C:\Program Files\iWin
[25/02/2009|12:32] C:\Program Files\Java
[01/09/2008|09:28] C:\Program Files\Lavasoft
[07/03/2009|10:00] C:\Program Files\LimeWire
[29/09/2008|11:02] C:\Program Files\MagicDisc
[28/09/2008|09:48] C:\Program Files\MagicISO
[02/09/2008|07:37] C:\Program Files\Malwarebytes' Anti-Malware
[17/03/2009|11:59] C:\Program Files\Microsoft
[02/11/2006|06:37] C:\Program Files\Microsoft Games
[09/08/2008|02:36] C:\Program Files\Microsoft Office
[18/03/2009|12:01] C:\Program Files\Microsoft Silverlight
[20/05/2008|07:04] C:\Program Files\Microsoft Works
[18/03/2009|08:31] C:\Program Files\MouseHunt Toolbar
[10/03/2008|09:44] C:\Program Files\Movie Maker
[02/11/2006|06:37] C:\Program Files\MSBuild
[26/05/2008|04:48] C:\Program Files\MSXML 4.0
[10/03/2008|11:31] C:\Program Files\muvee Technologies
[07/04/2008|04:13] C:\Program Files\NetWaiting
[04/09/2008|12:49] C:\Program Files\NOS
[20/05/2008|07:12] C:\Program Files\Online Services
[16/12/2008|02:07] C:\Program Files\Pinnacle
[16/10/2008|03:48] C:\Program Files\PopCap Games
[14/03/2009|06:16] C:\Program Files\QuickTime
[02/11/2006|06:37] C:\Program Files\Reference Assemblies
[10/11/2008|12:28] C:\Program Files\Roxio
[17/09/2008|12:05] C:\Program Files\Safari
[17/03/2009|05:23] C:\Program Files\Samsung
[09/11/2008|11:03] C:\Program Files\SmartSound Software
[25/09/2008|10:31] C:\Program Files\Softouch
[16/03/2009|08:51] C:\Program Files\SUPERAntiSpyware
[07/04/2008|04:11] C:\Program Files\Synaptics
[02/09/2008|01:51] C:\Program Files\Trend Micro
[09/11/2008|12:11] C:\Program Files\Ulead Systems
[02/11/2006|07:01] C:\Program Files\Uninstall Information
[07/12/2008|11:35] C:\Program Files\uTorrent
[17/12/2008|12:23] C:\Program Files\VistaCodecPack
[10/03/2008|09:44] C:\Program Files\Windows Calendar
[10/03/2008|09:44] C:\Program Files\Windows Collaboration
[10/03/2008|09:44] C:\Program Files\Windows Defender
[10/03/2008|09:44] C:\Program Files\Windows Journal
[18/03/2009|12:04] C:\Program Files\Windows Live
[17/03/2009|11:59] C:\Program Files\Windows Live SkyDrive
[11/03/2009|03:10] C:\Program Files\Windows Mail
[11/03/2009|03:10] C:\Program Files\Windows Media Player
[02/11/2006|06:37] C:\Program Files\Windows NT
[10/03/2008|09:44] C:\Program Files\Windows Photo Gallery
[10/03/2008|09:44] C:\Program Files\Windows Sidebar
[03/09/2008|08:54] C:\Program Files\WinRar
[07/04/2008|04:15] C:\Program Files\WinTV
[20/05/2008|07:11] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[23/10/2008|05:40] C:\Program Files\Common Files\Adobe
[04/09/2008|10:49] C:\Program Files\Common Files\Adobe AIR
[14/03/2009|06:20] C:\Program Files\Common Files\Apple
[25/09/2008|10:18] C:\Program Files\Common Files\Borland Shared
[20/05/2008|06:38] C:\Program Files\Common Files\HP
[02/11/2008|01:31] C:\Program Files\Common Files\InstallShield
[10/03/2008|12:10] C:\Program Files\Common Files\Java
[18/03/2009|10:04] C:\Program Files\Common Files\LightScribe
[05/03/2009|09:17] C:\Program Files\Common Files\microsoft shared
[10/03/2008|11:31] C:\Program Files\Common Files\muvee Technologies
[10/11/2008|12:29] C:\Program Files\Common Files\PX Storage Engine
[10/11/2008|12:26] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|05:18] C:\Program Files\Common Files\Services
[10/11/2008|12:27] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|05:18] C:\Program Files\Common Files\SpeechEngines
[08/11/2008|10:02] C:\Program Files\Common Files\Symantec Shared
[10/03/2008|09:44] C:\Program Files\Common Files\System
[09/11/2008|12:11] C:\Program Files\Common Files\Ulead Systems
[17/03/2009|11:50] C:\Program Files\Common Files\Windows Live
[13/06/2008|03:05] C:\Program Files\Common Files\WindowsLiveInstaller
[07/03/2009|10:19] C:\Program Files\Common Files\Wise Installation Wizard
[16/12/2008|02:07] C:\Program Files\Common Files\Yahoo!

--------------------\\ Process

( 53 Processes )

iexplore.exe ~ [PID:3968]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 17:21:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\Ben\'\ALL Xilisoft Products Keygen v 1.00.zip
C:\Users\Ben\'\Bioshock DVD iSO Working Crack-Darkcoder.zip
C:\Users\Ben\'\Crackheads Gone Wild 2006 DVDRip XViD-BELiEVERS.zip
C:\Users\Ben\'\Crackheads Gone Wild DVDRip Xvid.zip
C:\Users\Ben\'\Jethro Back Of Beyond 2007 DVDRip XviD-Crackpots.zip
C:\Users\Ben\'\Jim Davidson Live In Your Face Dvdrip XviD-CrackPots.zip
C:\Users\Ben\'\Newlive Products Universal Keygen v1.0.zip
C:\Users\Ben\'\Slysoft Products Crack 1.24.zip
C:\Users\Ben\'\Slysoft Products Crack 1.30.zip
C:\Users\Ben\'\Slysoft Products Crack 1.31.zip
C:\Users\Ben\'\Witcobber Products 5 in 1 Multi Keygen.zip
C:\Users\Ben\Documents\LimeWire\Saved\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3


[F:29][D:7]-> C:\Users\Ben\AppData\Local\Temp
[F:3593][D:1]-> C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\Cookies
[F:674][D:15]-> C:\Users\Ben\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:24][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 19/03/2009|17:27 - Option : [1]

--------------------\\ Scan completed at 17:27:30
[ UAC => 1 ]
  • 0

#12
SpySentinel
Posted 21 March 2009 - 04:31 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Select the entire area below, then right-click and choose Copy

C:\Program Files\uTorrent
C:\Users\Ben\'\ALL Xilisoft Products Keygen v 1.00.zip
C:\Users\Ben\'\Bioshock DVD iSO Working Crack-Darkcoder.zip
C:\Users\Ben\'\Crackheads Gone Wild 2006 DVDRip XViD-BELiEVERS.zip
C:\Users\Ben\'\Crackheads Gone Wild DVDRip Xvid.zip
C:\Users\Ben\'\Jethro Back Of Beyond 2007 DVDRip XviD-Crackpots.zip
C:\Users\Ben\'\Jim Davidson Live In Your Face Dvdrip XviD-CrackPots.zip
C:\Users\Ben\'\Newlive Products Universal Keygen v1.0.zip
C:\Users\Ben\'\Slysoft Products Crack 1.24.zip
C:\Users\Ben\'\Slysoft Products Crack 1.30.zip
C:\Users\Ben\'\Slysoft Products Crack 1.31.zip
C:\Users\Ben\'\Witcobber Products 5 in 1 Multi Keygen.zip
C:\Users\Ben\Documents\LimeWire\Saved\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3

Restart Lop S&D
Choose Option 4 (LopScript)
A blank page will be opened, right-click it and choose Paste
Close the page, you'll be asked to save it, click [Save]
Don't close the windows during suppression!
Post the log which is created: (%SystemDrive%\lopR.txt)
  • 0

#13
benh1984
Posted 22 March 2009 - 09:21 PM

benh1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thanks again , and I am going to give up my p2p activity completly, this is far to much hassle, thank you so much for your help so far though!!
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual-Core Processor TK-57 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Ben ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:286 Go (Free:115 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [4] ( 22/03/2009|21:10 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

C:\Program Files\uTorrent
C:\Users\Ben\'\ALL Xilisoft Products Keygen v 1.00.zip
C:\Users\Ben\'\Bioshock DVD iSO Working Crack-Darkcoder.zip
C:\Users\Ben\'\Crackheads Gone Wild 2006 DVDRip XViD-BELiEVERS.zip
C:\Users\Ben\'\Crackheads Gone Wild DVDRip Xvid.zip
C:\Users\Ben\'\Jethro Back Of Beyond 2007 DVDRip XviD-Crackpots.zip
C:\Users\Ben\'\Jim Davidson Live In Your Face Dvdrip XviD-CrackPots.zip
C:\Users\Ben\'\Newlive Products Universal Keygen v1.0.zip
C:\Users\Ben\'\Slysoft Products Crack 1.24.zip
C:\Users\Ben\'\Slysoft Products Crack 1.30.zip
C:\Users\Ben\'\Slysoft Products Crack 1.31.zip
C:\Users\Ben\'\Witcobber Products 5 in 1 Multi Keygen.zip
C:\Users\Ben\Documents\LimeWire\Saved\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\Users\Ben\'\ALL Xilisoft Products Keygen v 1.00.zip
Deleted! - C:\Users\Ben\'\Bioshock DVD iSO Working Crack-Darkcoder.zip
Deleted! - C:\Users\Ben\'\Crackheads Gone Wild 2006 DVDRip XViD-BELiEVERS.zip
Deleted! - C:\Users\Ben\'\Crackheads Gone Wild DVDRip Xvid.zip
Deleted! - C:\Users\Ben\'\Jethro Back Of Beyond 2007 DVDRip XviD-Crackpots.zip
Deleted! - C:\Users\Ben\'\Jim Davidson Live In Your Face Dvdrip XviD-CrackPots.zip
Deleted! - C:\Users\Ben\'\Newlive Products Universal Keygen v1.0.zip
Deleted! - C:\Users\Ben\'\Slysoft Products Crack 1.24.zip
Deleted! - C:\Users\Ben\'\Slysoft Products Crack 1.30.zip
Deleted! - C:\Users\Ben\'\Slysoft Products Crack 1.31.zip
Deleted! - C:\Users\Ben\'\Witcobber Products 5 in 1 Multi Keygen.zip
Deleted! - C:\Users\Ben\Documents\LimeWire\Saved\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
Deleted! - C:\Program Files\uTorrent
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in Local

[08/09/2008|12:15] C:\Users\Ben\AppData\Local\Adobe
[03/09/2008|12:48] C:\Users\Ben\AppData\Local\Apple
[19/09/2008|08:49] C:\Users\Ben\AppData\Local\Apple Computer
[20/05/2008|06:34] C:\Users\Ben\AppData\Local\Application Data
[06/03/2009|03:40] C:\Users\Ben\AppData\Local\ApplicationHistory
[18/01/2009|05:12] C:\Users\Ben\AppData\Local\Apps
[20/05/2008|07:16] C:\Users\Ben\AppData\Local\AtStart.txt
[01/09/2008|08:29] C:\Users\Ben\AppData\Local\com.zipeg
[07/03/2009|07:34] C:\Users\Ben\AppData\Local\d3d9caps.dat
[18/03/2009|10:06] C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/11/2008|10:34] C:\Users\Ben\AppData\Local\desktop.ini
[15/03/2009|09:33] C:\Users\Ben\AppData\Local\DNA
[16/12/2008|02:03] C:\Users\Ben\AppData\Local\Downloaded Installations
[20/05/2008|07:16] C:\Users\Ben\AppData\Local\DSwitch.txt
[19/12/2008|01:37] C:\Users\Ben\AppData\Local\fusioncache.dat
[13/01/2009|04:30] C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
[27/05/2008|04:23] C:\Users\Ben\AppData\Local\Hewlett-Packard
[20/05/2008|06:34] C:\Users\Ben\AppData\Local\History
[18/02/2009|03:39] C:\Users\Ben\AppData\Local\HP
[20/03/2009|03:22] C:\Users\Ben\AppData\Local\IconCache.db
[25/09/2008|10:14] C:\Users\Ben\AppData\Local\Microsoft
[06/10/2008|07:27] C:\Users\Ben\AppData\Local\Microsoft Games
[20/05/2008|07:06] C:\Users\Ben\AppData\Local\Microsoft Help
[15/03/2009|06:46] C:\Users\Ben\AppData\Local\PSU
[20/05/2008|07:16] C:\Users\Ben\AppData\Local\QSwitch.txt
[23/10/2008|08:10] C:\Users\Ben\AppData\Local\QuickPlay
[03/01/2009|12:18] C:\Users\Ben\AppData\Local\rx_audio.Cache
[03/01/2009|12:18] C:\Users\Ben\AppData\Local\rx_image.Cache
[20/05/2008|07:09] C:\Users\Ben\AppData\Local\Seven Zip
[22/03/2009|09:10] C:\Users\Ben\AppData\Local\Temp
[20/05/2008|06:34] C:\Users\Ben\AppData\Local\Temporary Internet Files
[26/05/2008|09:42] C:\Users\Ben\AppData\Local\VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[20/03/2009 03:24][--ah-----] C:\Windows\tasks\SA.DAT
[20/03/2009 03:22][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[14/03/2009|06:21] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[06/09/2008|10:46] C:\ProgramData\Adobe
[02/09/2008|01:37] C:\ProgramData\AOL
[20/05/2008|09:22] C:\ProgramData\AOL OCP
[03/09/2008|12:47] C:\ProgramData\Apple
[03/09/2008|12:52] C:\ProgramData\Apple Computer
[02/11/2006|07:02] C:\ProgramData\Application Data
[15/09/2008|04:14] C:\ProgramData\CyberLink
[02/11/2006|07:02] C:\ProgramData\Desktop
[02/11/2006|07:02] C:\ProgramData\Documents
[20/05/2008|06:44] C:\ProgramData\Electronic Arts
[09/11/2008|11:03] C:\ProgramData\eSellerate
[02/11/2006|07:02] C:\ProgramData\Favorites
[18/02/2009|12:31] C:\ProgramData\Hewlett-Packard
[20/05/2008|06:38] C:\ProgramData\HP
[20/05/2008|06:39] C:\ProgramData\hpzinstall.log
[09/11/2008|10:34] C:\ProgramData\InstallShield
[01/09/2008|09:30] C:\ProgramData\Lavasoft
[22/03/2009|09:11] C:\ProgramData\LightScribe
[02/09/2008|07:37] C:\ProgramData\Malwarebytes
[17/03/2009|11:50] C:\ProgramData\Microsoft
[09/08/2008|02:36] C:\ProgramData\Microsoft Help
[21/09/2008|02:16] C:\ProgramData\muvee Technologies
[04/09/2008|12:49] C:\ProgramData\NOS
[15/02/2009|03:04] C:\ProgramData\NVIDIA
[14/03/2009|04:09] C:\ProgramData\nvModes.001
[11/03/2009|12:59] C:\ProgramData\nvModes.dat
[16/12/2008|02:03] C:\ProgramData\Pinnacle
[16/12/2008|02:27] C:\ProgramData\Pinnacle VideoSpin
[02/03/2009|07:52] C:\ProgramData\Roxio
[10/11/2008|12:31] C:\ProgramData\SmartSound Software Inc
[25/09/2008|10:16] C:\ProgramData\Softouch
[10/11/2008|12:25] C:\ProgramData\Sonic
[02/11/2006|07:02] C:\ProgramData\Start Menu
[07/03/2009|10:21] C:\ProgramData\SUPERAntiSpyware.com
[30/10/2008|11:01] C:\ProgramData\Symantec
[18/03/2009|09:26] C:\ProgramData\tamipele
[28/07/2008|08:43] C:\ProgramData\TEMP
[02/11/2006|07:02] C:\ProgramData\Templates
[16/12/2008|02:07] C:\ProgramData\VideoSpin
[17/12/2008|12:22] C:\ProgramData\VistaCodecs
[31/12/2008|09:22] C:\ProgramData\WildTangent
[13/06/2008|03:03] C:\ProgramData\WLInstaller
[21/05/2008|09:49] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[06/09/2008|10:45] C:\Program Files\Adobe
[25/02/2009|03:33] C:\Program Files\AndreaMosaic
[17/09/2008|03:19] C:\Program Files\Apple Software Update
[10/03/2008|12:02] C:\Program Files\AWS
[14/03/2009|06:17] C:\Program Files\Bonjour
[20/05/2008|06:35] C:\Program Files\Broadcom
[27/05/2008|08:06] C:\Program Files\CleanUp!
[18/03/2009|10:04] C:\Program Files\Common Files
[07/04/2008|04:14] C:\Program Files\CONEXANT
[03/12/2008|01:51] C:\Program Files\coolpro2
[07/04/2008|04:25] C:\Program Files\CyberLink
[11/07/2008|09:25] C:\Program Files\DivX
[06/11/2008|08:44] C:\Program Files\DNA
[27/08/2008|06:47] C:\Program Files\DVDx
[17/03/2009|05:19] C:\Program Files\EA GAMES
[09/08/2008|02:59] C:\Program Files\Electronic Arts
[01/08/2008|05:40] C:\Program Files\GIMP-2.0
[07/11/2008|02:03] C:\Program Files\Hewlett-Packard
[09/11/2008|10:12] C:\Program Files\hkSFV
[13/09/2008|03:15] C:\Program Files\HP
[07/04/2008|04:28] C:\Program Files\HP Games
[20/05/2008|06:36] C:\Program Files\HPQ
[11/08/2008|05:08] C:\Program Files\Infogrames Interactive
[10/11/2008|12:32] C:\Program Files\InstallShield Installation Information
[10/11/2008|12:37] C:\Program Files\InterActual
[10/11/2008|03:32] C:\Program Files\Internet Explorer
[14/03/2009|06:20] C:\Program Files\iPod
[14/03/2009|06:21] C:\Program Files\iTunes
[17/03/2009|01:49] C:\Program Files\iWin
[25/02/2009|12:32] C:\Program Files\Java
[01/09/2008|09:28] C:\Program Files\Lavasoft
[07/03/2009|10:00] C:\Program Files\LimeWire
[29/09/2008|11:02] C:\Program Files\MagicDisc
[28/09/2008|09:48] C:\Program Files\MagicISO
[02/09/2008|07:37] C:\Program Files\Malwarebytes' Anti-Malware
[17/03/2009|11:59] C:\Program Files\Microsoft
[02/11/2006|06:37] C:\Program Files\Microsoft Games
[09/08/2008|02:36] C:\Program Files\Microsoft Office
[20/03/2009|03:24] C:\Program Files\Microsoft Silverlight
[20/05/2008|07:04] C:\Program Files\Microsoft Works
[18/03/2009|08:31] C:\Program Files\MouseHunt Toolbar
[10/03/2008|09:44] C:\Program Files\Movie Maker
[02/11/2006|06:37] C:\Program Files\MSBuild
[26/05/2008|04:48] C:\Program Files\MSXML 4.0
[10/03/2008|11:31] C:\Program Files\muvee Technologies
[07/04/2008|04:13] C:\Program Files\NetWaiting
[04/09/2008|12:49] C:\Program Files\NOS
[20/05/2008|07:12] C:\Program Files\Online Services
[16/12/2008|02:07] C:\Program Files\Pinnacle
[16/10/2008|03:48] C:\Program Files\PopCap Games
[14/03/2009|06:16] C:\Program Files\QuickTime
[02/11/2006|06:37] C:\Program Files\Reference Assemblies
[10/11/2008|12:28] C:\Program Files\Roxio
[17/09/2008|12:05] C:\Program Files\Safari
[17/03/2009|05:23] C:\Program Files\Samsung
[09/11/2008|11:03] C:\Program Files\SmartSound Software
[25/09/2008|10:31] C:\Program Files\Softouch
[16/03/2009|08:51] C:\Program Files\SUPERAntiSpyware
[07/04/2008|04:11] C:\Program Files\Synaptics
[02/09/2008|01:51] C:\Program Files\Trend Micro
[09/11/2008|12:11] C:\Program Files\Ulead Systems
[02/11/2006|07:01] C:\Program Files\Uninstall Information
[17/12/2008|12:23] C:\Program Files\VistaCodecPack
[10/03/2008|09:44] C:\Program Files\Windows Calendar
[10/03/2008|09:44] C:\Program Files\Windows Collaboration
[10/03/2008|09:44] C:\Program Files\Windows Defender
[10/03/2008|09:44] C:\Program Files\Windows Journal
[18/03/2009|12:04] C:\Program Files\Windows Live
[17/03/2009|11:59] C:\Program Files\Windows Live SkyDrive
[11/03/2009|03:10] C:\Program Files\Windows Mail
[11/03/2009|03:10] C:\Program Files\Windows Media Player
[02/11/2006|06:37] C:\Program Files\Windows NT
[10/03/2008|09:44] C:\Program Files\Windows Photo Gallery
[10/03/2008|09:44] C:\Program Files\Windows Sidebar
[03/09/2008|08:54] C:\Program Files\WinRar
[07/04/2008|04:15] C:\Program Files\WinTV
[20/05/2008|07:11] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[23/10/2008|05:40] C:\Program Files\Common Files\Adobe
[04/09/2008|10:49] C:\Program Files\Common Files\Adobe AIR
[14/03/2009|06:20] C:\Program Files\Common Files\Apple
[25/09/2008|10:18] C:\Program Files\Common Files\Borland Shared
[20/05/2008|06:38] C:\Program Files\Common Files\HP
[02/11/2008|01:31] C:\Program Files\Common Files\InstallShield
[10/03/2008|12:10] C:\Program Files\Common Files\Java
[18/03/2009|10:04] C:\Program Files\Common Files\LightScribe
[05/03/2009|09:17] C:\Program Files\Common Files\microsoft shared
[10/03/2008|11:31] C:\Program Files\Common Files\muvee Technologies
[10/11/2008|12:29] C:\Program Files\Common Files\PX Storage Engine
[10/11/2008|12:26] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|05:18] C:\Program Files\Common Files\Services
[10/11/2008|12:27] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|05:18] C:\Program Files\Common Files\SpeechEngines
[08/11/2008|10:02] C:\Program Files\Common Files\Symantec Shared
[10/03/2008|09:44] C:\Program Files\Common Files\System
[09/11/2008|12:11] C:\Program Files\Common Files\Ulead Systems
[17/03/2009|11:50] C:\Program Files\Common Files\Windows Live
[13/06/2008|03:05] C:\Program Files\Common Files\WindowsLiveInstaller
[07/03/2009|10:19] C:\Program Files\Common Files\Wise Installation Wizard
[16/12/2008|02:07] C:\Program Files\Common Files\Yahoo!

--------------------\\ Process

( 49 Processes )

iexplore.exe ~ [PID:2492]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 21:14:09
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CYQU5KW0\ca_yahoo_com[1].htm 126414 bytes
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections


No other infections found !

[F:37][D:7]-> C:\Users\Ben\AppData\Local\Temp
[F:3596][D:1]-> C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\Cookies
[F:750][D:15]-> C:\Users\Ben\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:24][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 19/03/2009|17:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 22/03/2009|21:18 - Option : [4]

--------------------\\ Scan completed at 21:18:15
[ UAC => 1 ]
  • 0

#14
SpySentinel
Posted 23 March 2009 - 06:46 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
You're welcome. :)


Step #1

Select the entire area below, then right-click and choose Copy

C:\Program Files\LimeWire

Restart Lop S&D
Choose Option 4 (LopScript)
A blank page will be opened, right-click it and choose Paste
Close the page, you'll be asked to save it, click [Save]
Don't close the windows during suppression!
Post the log which is created: (%SystemDrive%\lopR.txt)


Step #2

Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • 0

#15
benh1984
Posted 24 March 2009 - 08:32 AM

benh1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual-Core Processor TK-57 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Ben ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:286 Go (Free:115 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (USB)
G:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [4] ( 24/03/2009| 8:16 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

C:\Program Files\LimeWire


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

... C:\Program Files\LimeWire -> does not exist !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in Local

[08/09/2008|12:15] C:\Users\Ben\AppData\Local\Adobe
[03/09/2008|12:48] C:\Users\Ben\AppData\Local\Apple
[19/09/2008|08:49] C:\Users\Ben\AppData\Local\Apple Computer
[20/05/2008|06:34] C:\Users\Ben\AppData\Local\Application Data
[06/03/2009|03:40] C:\Users\Ben\AppData\Local\ApplicationHistory
[18/01/2009|05:12] C:\Users\Ben\AppData\Local\Apps
[20/05/2008|07:16] C:\Users\Ben\AppData\Local\AtStart.txt
[01/09/2008|08:29] C:\Users\Ben\AppData\Local\com.zipeg
[07/03/2009|07:34] C:\Users\Ben\AppData\Local\d3d9caps.dat
[18/03/2009|10:06] C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/11/2008|10:34] C:\Users\Ben\AppData\Local\desktop.ini
[15/03/2009|09:33] C:\Users\Ben\AppData\Local\DNA
[16/12/2008|02:03] C:\Users\Ben\AppData\Local\Downloaded Installations
[20/05/2008|07:16] C:\Users\Ben\AppData\Local\DSwitch.txt
[19/12/2008|01:37] C:\Users\Ben\AppData\Local\fusioncache.dat
[13/01/2009|04:30] C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
[27/05/2008|04:23] C:\Users\Ben\AppData\Local\Hewlett-Packard
[20/05/2008|06:34] C:\Users\Ben\AppData\Local\History
[18/02/2009|03:39] C:\Users\Ben\AppData\Local\HP
[20/03/2009|03:22] C:\Users\Ben\AppData\Local\IconCache.db
[25/09/2008|10:14] C:\Users\Ben\AppData\Local\Microsoft
[06/10/2008|07:27] C:\Users\Ben\AppData\Local\Microsoft Games
[20/05/2008|07:06] C:\Users\Ben\AppData\Local\Microsoft Help
[15/03/2009|06:46] C:\Users\Ben\AppData\Local\PSU
[20/05/2008|07:16] C:\Users\Ben\AppData\Local\QSwitch.txt
[23/10/2008|08:10] C:\Users\Ben\AppData\Local\QuickPlay
[03/01/2009|12:18] C:\Users\Ben\AppData\Local\rx_audio.Cache
[03/01/2009|12:18] C:\Users\Ben\AppData\Local\rx_image.Cache
[20/05/2008|07:09] C:\Users\Ben\AppData\Local\Seven Zip
[24/03/2009|08:16] C:\Users\Ben\AppData\Local\Temp
[20/05/2008|06:34] C:\Users\Ben\AppData\Local\Temporary Internet Files
[26/05/2008|09:42] C:\Users\Ben\AppData\Local\VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[20/03/2009 03:24][--ah-----] C:\Windows\tasks\SA.DAT
[20/03/2009 03:22][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[14/03/2009|06:21] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[06/09/2008|10:46] C:\ProgramData\Adobe
[02/09/2008|01:37] C:\ProgramData\AOL
[20/05/2008|09:22] C:\ProgramData\AOL OCP
[03/09/2008|12:47] C:\ProgramData\Apple
[03/09/2008|12:52] C:\ProgramData\Apple Computer
[02/11/2006|07:02] C:\ProgramData\Application Data
[15/09/2008|04:14] C:\ProgramData\CyberLink
[02/11/2006|07:02] C:\ProgramData\Desktop
[02/11/2006|07:02] C:\ProgramData\Documents
[20/05/2008|06:44] C:\ProgramData\Electronic Arts
[09/11/2008|11:03] C:\ProgramData\eSellerate
[02/11/2006|07:02] C:\ProgramData\Favorites
[18/02/2009|12:31] C:\ProgramData\Hewlett-Packard
[20/05/2008|06:38] C:\ProgramData\HP
[20/05/2008|06:39] C:\ProgramData\hpzinstall.log
[09/11/2008|10:34] C:\ProgramData\InstallShield
[01/09/2008|09:30] C:\ProgramData\Lavasoft
[22/03/2009|09:11] C:\ProgramData\LightScribe
[02/09/2008|07:37] C:\ProgramData\Malwarebytes
[17/03/2009|11:50] C:\ProgramData\Microsoft
[09/08/2008|02:36] C:\ProgramData\Microsoft Help
[21/09/2008|02:16] C:\ProgramData\muvee Technologies
[04/09/2008|12:49] C:\ProgramData\NOS
[15/02/2009|03:04] C:\ProgramData\NVIDIA
[23/03/2009|01:10] C:\ProgramData\nvModes.001
[11/03/2009|12:59] C:\ProgramData\nvModes.dat
[16/12/2008|02:03] C:\ProgramData\Pinnacle
[16/12/2008|02:27] C:\ProgramData\Pinnacle VideoSpin
[02/03/2009|07:52] C:\ProgramData\Roxio
[10/11/2008|12:31] C:\ProgramData\SmartSound Software Inc
[25/09/2008|10:16] C:\ProgramData\Softouch
[10/11/2008|12:25] C:\ProgramData\Sonic
[02/11/2006|07:02] C:\ProgramData\Start Menu
[07/03/2009|10:21] C:\ProgramData\SUPERAntiSpyware.com
[30/10/2008|11:01] C:\ProgramData\Symantec
[18/03/2009|09:26] C:\ProgramData\tamipele
[28/07/2008|08:43] C:\ProgramData\TEMP
[02/11/2006|07:02] C:\ProgramData\Templates
[16/12/2008|02:07] C:\ProgramData\VideoSpin
[17/12/2008|12:22] C:\ProgramData\VistaCodecs
[31/12/2008|09:22] C:\ProgramData\WildTangent
[13/06/2008|03:03] C:\ProgramData\WLInstaller
[21/05/2008|09:49] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[06/09/2008|10:45] C:\Program Files\Adobe
[25/02/2009|03:33] C:\Program Files\AndreaMosaic
[17/09/2008|03:19] C:\Program Files\Apple Software Update
[10/03/2008|12:02] C:\Program Files\AWS
[14/03/2009|06:17] C:\Program Files\Bonjour
[20/05/2008|06:35] C:\Program Files\Broadcom
[27/05/2008|08:06] C:\Program Files\CleanUp!
[18/03/2009|10:04] C:\Program Files\Common Files
[07/04/2008|04:14] C:\Program Files\CONEXANT
[03/12/2008|01:51] C:\Program Files\coolpro2
[07/04/2008|04:25] C:\Program Files\CyberLink
[11/07/2008|09:25] C:\Program Files\DivX
[06/11/2008|08:44] C:\Program Files\DNA
[27/08/2008|06:47] C:\Program Files\DVDx
[17/03/2009|05:19] C:\Program Files\EA GAMES
[09/08/2008|02:59] C:\Program Files\Electronic Arts
[01/08/2008|05:40] C:\Program Files\GIMP-2.0
[07/11/2008|02:03] C:\Program Files\Hewlett-Packard
[09/11/2008|10:12] C:\Program Files\hkSFV
[13/09/2008|03:15] C:\Program Files\HP
[07/04/2008|04:28] C:\Program Files\HP Games
[20/05/2008|06:36] C:\Program Files\HPQ
[11/08/2008|05:08] C:\Program Files\Infogrames Interactive
[10/11/2008|12:32] C:\Program Files\InstallShield Installation Information
[10/11/2008|12:37] C:\Program Files\InterActual
[10/11/2008|03:32] C:\Program Files\Internet Explorer
[14/03/2009|06:20] C:\Program Files\iPod
[14/03/2009|06:21] C:\Program Files\iTunes
[17/03/2009|01:49] C:\Program Files\iWin
[25/02/2009|12:32] C:\Program Files\Java
[01/09/2008|09:28] C:\Program Files\Lavasoft
[29/09/2008|11:02] C:\Program Files\MagicDisc
[28/09/2008|09:48] C:\Program Files\MagicISO
[02/09/2008|07:37] C:\Program Files\Malwarebytes' Anti-Malware
[17/03/2009|11:59] C:\Program Files\Microsoft
[02/11/2006|06:37] C:\Program Files\Microsoft Games
[09/08/2008|02:36] C:\Program Files\Microsoft Office
[20/03/2009|03:24] C:\Program Files\Microsoft Silverlight
[20/05/2008|07:04] C:\Program Files\Microsoft Works
[18/03/2009|08:31] C:\Program Files\MouseHunt Toolbar
[10/03/2008|09:44] C:\Program Files\Movie Maker
[02/11/2006|06:37] C:\Program Files\MSBuild
[26/05/2008|04:48] C:\Program Files\MSXML 4.0
[10/03/2008|11:31] C:\Program Files\muvee Technologies
[07/04/2008|04:13] C:\Program Files\NetWaiting
[04/09/2008|12:49] C:\Program Files\NOS
[20/05/2008|07:12] C:\Program Files\Online Services
[16/12/2008|02:07] C:\Program Files\Pinnacle
[16/10/2008|03:48] C:\Program Files\PopCap Games
[14/03/2009|06:16] C:\Program Files\QuickTime
[02/11/2006|06:37] C:\Program Files\Reference Assemblies
[10/11/2008|12:28] C:\Program Files\Roxio
[17/09/2008|12:05] C:\Program Files\Safari
[17/03/2009|05:23] C:\Program Files\Samsung
[09/11/2008|11:03] C:\Program Files\SmartSound Software
[25/09/2008|10:31] C:\Program Files\Softouch
[16/03/2009|08:51] C:\Program Files\SUPERAntiSpyware
[07/04/2008|04:11] C:\Program Files\Synaptics
[02/09/2008|01:51] C:\Program Files\Trend Micro
[09/11/2008|12:11] C:\Program Files\Ulead Systems
[02/11/2006|07:01] C:\Program Files\Uninstall Information
[17/12/2008|12:23] C:\Program Files\VistaCodecPack
[10/03/2008|09:44] C:\Program Files\Windows Calendar
[10/03/2008|09:44] C:\Program Files\Windows Collaboration
[10/03/2008|09:44] C:\Program Files\Windows Defender
[10/03/2008|09:44] C:\Program Files\Windows Journal
[18/03/2009|12:04] C:\Program Files\Windows Live
[17/03/2009|11:59] C:\Program Files\Windows Live SkyDrive
[11/03/2009|03:10] C:\Program Files\Windows Mail
[11/03/2009|03:10] C:\Program Files\Windows Media Player
[02/11/2006|06:37] C:\Program Files\Windows NT
[10/03/2008|09:44] C:\Program Files\Windows Photo Gallery
[10/03/2008|09:44] C:\Program Files\Windows Sidebar
[03/09/2008|08:54] C:\Program Files\WinRar
[07/04/2008|04:15] C:\Program Files\WinTV
[20/05/2008|07:11] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[23/10/2008|05:40] C:\Program Files\Common Files\Adobe
[04/09/2008|10:49] C:\Program Files\Common Files\Adobe AIR
[14/03/2009|06:20] C:\Program Files\Common Files\Apple
[25/09/2008|10:18] C:\Program Files\Common Files\Borland Shared
[20/05/2008|06:38] C:\Program Files\Common Files\HP
[02/11/2008|01:31] C:\Program Files\Common Files\InstallShield
[10/03/2008|12:10] C:\Program Files\Common Files\Java
[18/03/2009|10:04] C:\Program Files\Common Files\LightScribe
[05/03/2009|09:17] C:\Program Files\Common Files\microsoft shared
[10/03/2008|11:31] C:\Program Files\Common Files\muvee Technologies
[10/11/2008|12:29] C:\Program Files\Common Files\PX Storage Engine
[10/11/2008|12:26] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|05:18] C:\Program Files\Common Files\Services
[10/11/2008|12:27] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|05:18] C:\Program Files\Common Files\SpeechEngines
[08/11/2008|10:02] C:\Program Files\Common Files\Symantec Shared
[10/03/2008|09:44] C:\Program Files\Common Files\System
[09/11/2008|12:11] C:\Program Files\Common Files\Ulead Systems
[17/03/2009|11:50] C:\Program Files\Common Files\Windows Live
[13/06/2008|03:05] C:\Program Files\Common Files\WindowsLiveInstaller
[07/03/2009|10:19] C:\Program Files\Common Files\Wise Installation Wizard
[16/12/2008|02:07] C:\Program Files\Common Files\Yahoo!

--------------------\\ Process

( 53 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 08:16:46
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F3X5QO7F\st[1]
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections


No other infections found !

[F:1217][D:20]-> C:\Users\Ben\AppData\Local\Temp
[F:3645][D:1]-> C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\Cookies
[F:904][D:15]-> C:\Users\Ben\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:26][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 19/03/2009|17:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 22/03/2009|21:18 - Option : [4]
3 - "C:\Lop SD\LopR_3.txt" - 23/03/2009|19:01 - Option : [4]
4 - "C:\Lop SD\LopR_4.txt" - 24/03/2009| 8:22 - Option : [4]

--------------------\\ Scan completed at 8:22:30
[ UAC => 1 ]

Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 6.0.6001 Service Pack 1

23/03/2009 9:55:09 PM
mbam-log-2009-03-23 (21-54-49).txt

Scan type: Quick Scan
Objects scanned: 41675
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\gksraemq.bxqt (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bovohijami (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.

Files Infected:
C:\Users\Ben\Setup.exe (Trojan.Agent) -> No action taken.
C:\Pass2.cmd (Trojan.Agent) -> No action taken.
C:\Windows\System32\hxiwlgpm.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\taack.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> No action taken.
C:\Windows\System32\pac.txt (Malware.Trace) -> No action taken.
C:\Windows\System32\phcrvlj0eja3.bmp (Trojan.FakeAlert) -> No action taken.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP