Computer massive infection

View previous topic View next topic Go down

Re: Computer massive infection

Post by Itachi21 on Mon Dec 21, 2009 12:58 am

No luck. I got it to download but I cant open it up.

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31879
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer massive infection

Post by Belahzur on Mon Dec 21, 2009 1:11 am

Did you delete those two run values in IceSword? under both HKLM and HKCU?

If so, reboot normally, then try MBAM again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer massive infection

Post by Minaalyn110908 on Mon Dec 21, 2009 1:41 am

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/20/2009 8:28:34 PM
mbam-log-2009-12-20 (20-28-34).txt

Scan type: Quick Scan
Objects scanned: 111811
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{8ab483e3-3d67-4f1f-be43-64c61f936f4a} (Trojan.Vundo.H) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geedb

(Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ab483e3-3d67-4f1f-be43-64c61f936f4a} (Trojan.Vundo.H) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted

successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{320d180

e-0708-1033-0824-050330050001} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\f02WtR (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\geedb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkll.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carl\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) ->

Quarantined and deleted successfully.

Minaalyn110908
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-12-20
OS OS : Windows XP
Points Points : 25588
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer massive infection

Post by Belahzur on Mon Dec 21, 2009 7:03 pm

That worked.
I need you to update the database first though, cause it's more than 100 def updates behind.

Press the "Check for updates" in the Update tab, then run another quick scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer massive infection

Post by Minaalyn110908 on Tue Dec 22, 2009 4:13 am

Malwarebytes' Anti-Malware 1.42
Database version: 3407
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/21/2009 11:13:13 PM
mbam-log-2009-12-21 (23-13-13).txt

Scan type: Quick Scan
Objects scanned: 114660
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Minaalyn110908
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-12-20
OS OS : Windows XP
Points Points : 25588
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer massive infection

Post by Belahzur on Tue Dec 22, 2009 6:01 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer massive infection

Post by Minaalyn110908 on Wed Dec 23, 2009 4:08 am

OTL logfile created on: 12/22/2009 10:55:02 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Carl\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 55.00 Mb Available Physical Memory | 14.00% Memory free
1,017.00 Mb Paging File | 772.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.07 Gb Total Space | 1.92 Gb Free Space | 11.25% Space Free | Partition Type: FAT32
Drive D: | 17.24 Gb Total Space | 12.20 Gb Free Space | 70.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-2E68C49B20
Current User Name: Carl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/22 22:48:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
PRC - [2009/12/18 14:12:00 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 10:09:28 | 01,187,840 | ---- | M] (bywifi.com) -- C:\Program Files\Bywifi\bywifi.exe
PRC - [2009/12/01 12:38:48 | 03,951,976 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/07/20 14:52:24 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1259973095\ee\aolsoftware.exe
PRC - [2007/01/23 12:33:32 | 00,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2007/01/04 16:38:10 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2004/08/16 15:17:20 | 01,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2004/08/04 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/12/22 22:48:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
MOD - [2004/08/04 05:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - [2007/01/04 16:38:10 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 07:50:36 | 00,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2004/08/16 15:17:20 | 01,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2001/04/06 13:57:46 | 00,238,080 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)


========== Driver Services (SafeList) ==========

DRV - [2009/11/13 19:49:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/23 12:56:00 | 00,016,896 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/01/23 12:35:00 | 00,317,952 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/03/06 23:15:50 | 00,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/03/06 23:12:06 | 00,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/01/14 20:16:50 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/12/20 04:22:32 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/06/28 11:32:14 | 00,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/02/24 14:20:22 | 02,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/13 14:46:16 | 00,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/21 10:32:12 | 00,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/17 17:14:44 | 00,013,952 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 00,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/11/05 01:43:58 | 00,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 23:33:46 | 00,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/07 19:51:08 | 01,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/11 01:30:00 | 00,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 05:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 05:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 05:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/12/05 18:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/05/07 09:44:04 | 00,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.1.20080205
FF - prefs.js..extensions.enabledItems: {38ef78a0-1f01-11de-8c30-0800200c9a66}:1.03
FF - prefs.js..extensions.enabledItems: {333b42b0-9c75-11db-b606-0800200c9a66}:2.090208
FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.5.2.06.09.09b1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:9000/proxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - user.js..network.proxy.type: 2
FF - user.js..network.proxy.autoconfig_url: "http://localhost:9000/proxy.pac"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2005/12/24 16:09:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2005/12/24 16:09:48 | 00,000,000 | ---D | M]

[2009/01/19 22:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Mozilla\Extensions
[2005/12/24 16:10:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions
[2009/12/20 21:52:32 | 00,000,000 | ---D | M] (PinkHope) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}
[2009/12/20 21:45:28 | 00,000,000 | ---D | M] (IDS-DDI-PINKY) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{38ef78a0-1f01-11de-8c30-0800200c9a66}
[2009/12/20 21:39:18 | 00,000,000 | ---D | M] (Purple Fox) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
[2006/08/26 20:45:26 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/04 19:32:50 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/12/06 21:25:08 | 00,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/05/01 00:02:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\moveplayer@movenetworks.com
[2009/12/04 20:51:50 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\searchplugins\aol-search.xml
[2009/12/06 21:24:44 | 00,001,490 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\searchplugins\AIM Search.xml
[2005/12/24 16:09:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/02/27 10:32:22 | 00,039,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
[2007/04/16 13:07:14 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (303126 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10449 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (BywifiBHO Class) - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files\Bywifi\bywifiie.dll (bywifi.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4 - HKLM..\Run: [bywifi] C:\Program Files\Bywifi\bywifi.exe (bywifi.com)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1259973095\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [bywifi] C:\Program Files\Bywifi\bywifi.exe (bywifi.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/03/18 22:23:22 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/03/18 22:23:22 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/03/18 22:23:22 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2006/03/18 22:23:22 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (TODO: )
O9 - Extra 'Tools' menuitem : Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (TODO: )
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} [You must be registered and logged in to see this link.] (DiameterTransfer Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\CSCSettings: DllName - C:\WINDOWS\system32\hpj0231mg.dll - C:\WINDOWS\System32\hpj0231mg.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 09:51:26 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{8c90e63c-cd8b-11dd-81fc-00c09fca4ca7}\Shell - "" = AutoRun
O33 - MountPoints2\{8c90e63c-cd8b-11dd-81fc-00c09fca4ca7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8c90e63c-cd8b-11dd-81fc-00c09fca4ca7}\Shell\AutoRun\command - "" = G:\DPFMate.exe -- File not found
O33 - MountPoints2\{8d2cfd64-d246-11dd-81ff-00c09fca4ca7}\Shell - "" = AutoRun
O33 - MountPoints2\{8d2cfd64-d246-11dd-81ff-00c09fca4ca7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8d2cfd64-d246-11dd-81ff-00c09fca4ca7}\Shell\AutoRun\command - "" = H:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

Minaalyn110908
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-12-20
OS OS : Windows XP
Points Points : 25588
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer massive infection

Post by Minaalyn110908 on Wed Dec 23, 2009 4:09 am

========== Files/Folders - Created Within 30 Days ==========

[2009/12/22 22:49:28 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
[2009/12/20 19:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Application Data\Malwarebytes
[2009/12/20 19:55:19 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/20 19:55:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/20 19:55:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/20 19:55:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/20 19:55:00 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Carl\Desktop\mbam-setup.exe
[2009/12/20 18:59:36 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/19 15:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\gvqjwv
[2009/12/16 13:42:42 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009/12/13 15:16:29 | 01,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Carl\Desktop\install_flash_player(2).exe
[2009/12/13 14:20:31 | 00,980,768 | ---- | C] (Inbox.com, Inc. ) -- C:\Documents and Settings\Carl\Desktop\VideosSetup.exe
[2009/12/09 13:44:55 | 01,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/12/09 13:44:55 | 00,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2009/12/09 13:44:55 | 00,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2009/12/09 13:44:55 | 00,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2009/12/09 13:44:55 | 00,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2009/12/09 13:44:55 | 00,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/12/09 13:44:55 | 00,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/12/09 13:44:55 | 00,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/12/09 13:44:55 | 00,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2009/12/09 13:44:55 | 00,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/12/09 13:44:55 | 00,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/12/09 13:44:55 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/12/09 13:44:55 | 00,043,528 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys
[2009/12/09 13:44:55 | 00,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/12/09 13:44:55 | 00,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/12/09 13:44:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/12/09 13:44:21 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/12/09 13:20:12 | 00,000,000 | ---D | C] -- C:\Program Files\Bywifi
[2009/12/08 11:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\AIM Toolbar
[2009/12/08 11:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\AOL Toolbar
[2009/12/06 21:25:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Application Data\acccore
[2009/12/06 21:25:01 | 00,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
[2009/12/06 21:25:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/12/06 21:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/12/06 21:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\AIM
[2009/12/06 21:24:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/12/06 21:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/12/06 16:15:08 | 00,000,000 | -HSD | C] -- C:\FOUND.003
[2009/12/04 19:33:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/12/04 19:32:43 | 00,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2009/12/04 19:32:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Toolbar
[2009/12/04 19:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\AOL
[2009/12/04 19:31:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2009/12/04 19:31:14 | 00,000,000 | ---D | C] -- C:\Program Files\AOL 9.5
[2009/12/04 19:22:06 | 00,209,784 | ---- | C] (AOL LLC.) -- C:\Documents and Settings\Carl\Desktop\AOLDNLD.exe
[2008/08/07 10:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2007/12/13 12:45:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/13 11:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2005/12/20 05:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2005/03/07 11:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/03/07 11:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/03/07 11:41:08 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/03/07 11:41:08 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/22 22:56:20 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\Carl\NTUSER.DAT
[2009/12/22 22:48:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
[2009/12/22 22:26:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/22 22:26:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/22 01:04:14 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Carl\ntuser.ini
[2009/12/21 22:54:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/20 19:55:24 | 00,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 19:51:18 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Carl\Desktop\mbam-setup.exe
[2009/12/20 17:36:38 | 03,858,925 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\utorrent.exe
[2009/12/20 17:36:38 | 03,858,925 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Combo-Fix.exe
[2009/12/20 13:03:18 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\exeHelper.com
[2009/12/20 10:02:00 | 00,045,360 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/18 16:55:18 | 00,000,600 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/13 15:16:32 | 01,924,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Carl\Desktop\install_flash_player(2).exe
[2009/12/13 14:20:02 | 00,980,768 | ---- | M] (Inbox.com, Inc. ) -- C:\Documents and Settings\Carl\Desktop\VideosSetup.exe
[2009/12/11 18:05:22 | 00,140,473 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0321091704.jpg
[2009/12/11 18:04:10 | 00,106,914 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0917091841.jpg
[2009/12/11 17:24:34 | 00,077,647 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\1119092043.jpg
[2009/12/10 14:56:00 | 00,109,610 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\1031092022.jpg
[2009/12/10 14:54:48 | 00,290,811 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0725091420.jpg
[2009/12/10 14:53:52 | 00,113,348 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0811091730.jpg
[2009/12/10 14:53:00 | 00,180,308 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0501091255.jpg
[2009/12/10 14:52:24 | 00,097,195 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0808091411.jpg
[2009/12/10 14:51:40 | 00,107,800 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0928092115b.jpg
[2009/12/10 14:50:24 | 00,083,100 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0521091455.jpg
[2009/12/10 14:48:54 | 00,093,372 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\1204091959.jpg
[2009/12/09 20:57:34 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2009/12/09 20:51:58 | 06,389,398 | -H-- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\IconCache.db
[2009/12/09 20:06:14 | 00,001,594 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Install_NSS.lnk
[2009/12/09 20:06:12 | 00,001,427 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\DivX Movies.lnk
[2009/12/09 13:45:02 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/12/09 13:44:54 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/12/09 13:20:16 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Bywifi Media Transcoder.lnk
[2009/12/09 13:20:16 | 00,000,562 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Bywifi Video Accelerator.lnk
[2009/12/08 14:35:28 | 00,036,143 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\Mittens.jpg
[2009/12/06 21:24:42 | 00,001,482 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/12/04 19:33:30 | 00,000,623 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2009/12/04 19:33:30 | 00,000,520 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.5.lnk
[2009/12/04 19:22:02 | 00,209,784 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\Carl\Desktop\AOLDNLD.exe
[2009/12/04 18:31:50 | 00,000,128 | R--- | M] () -- C:\Documents and Settings\Carl\Valid.Ext
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 00:42:06 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/20 19:55:22 | 00,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 18:59:13 | 03,858,925 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Combo-Fix.exe
[2009/12/20 18:59:10 | 03,858,925 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\utorrent.exe
[2009/12/20 18:59:05 | 00,744,960 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\IceSword.exe
[2009/12/20 13:03:17 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\exeHelper.com
[2009/12/11 18:05:18 | 00,140,473 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0321091704.jpg
[2009/12/11 18:04:07 | 00,106,914 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0917091841.jpg
[2009/12/11 17:24:31 | 00,077,647 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\1119092043.jpg
[2009/12/10 14:55:58 | 00,109,610 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\1031092022.jpg
[2009/12/10 14:54:44 | 00,290,811 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0725091420.jpg
[2009/12/10 14:53:49 | 00,113,348 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0811091730.jpg
[2009/12/10 14:52:57 | 00,180,308 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0501091255.jpg
[2009/12/10 14:52:21 | 00,097,195 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0808091411.jpg
[2009/12/10 14:51:37 | 00,107,800 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0928092115b.jpg
[2009/12/10 14:50:19 | 00,083,100 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0521091455.jpg
[2009/12/10 14:48:50 | 00,093,372 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\1204091959.jpg
[2009/12/09 20:06:14 | 00,000,362 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2009/12/09 20:06:12 | 00,001,594 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Install_NSS.lnk
[2009/12/09 13:45:00 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/12/09 13:44:52 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/12/09 13:44:21 | 00,001,427 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\DivX Movies.lnk
[2009/12/09 13:20:14 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Bywifi Media Transcoder.lnk
[2009/12/09 13:20:14 | 00,000,562 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Bywifi Video Accelerator.lnk
[2009/12/08 14:35:24 | 00,036,143 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\Mittens.jpg
[2009/12/06 21:24:41 | 00,001,482 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/12/04 19:33:28 | 00,000,520 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.5.lnk
[2009/12/04 18:31:49 | 00,000,128 | R--- | C] () -- C:\Documents and Settings\Carl\Valid.Ext
[2008/11/14 22:02:06 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/28 20:55:54 | 00,000,340 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/01/29 19:17:21 | 00,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/12/02 15:56:19 | 00,000,168 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/05 20:04:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/18 18:13:24 | 00,732,462 | -HS- | C] () -- C:\WINDOWS\System32\bdeeg.ini
[2006/11/18 18:13:23 | 00,000,354 | -HS- | C] () -- C:\WINDOWS\System32\accdd.ini
[2006/08/04 22:18:16 | 00,001,167 | ---- | C] () -- C:\WINDOWS\System32\rid97e17.sys
[2006/08/04 22:17:18 | 00,000,211 | ---- | C] () -- C:\WINDOWS\mm06y.ini
[2006/03/06 23:15:48 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/03/06 23:12:05 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/03/06 23:12:05 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0285.sys
[2006/03/06 00:12:42 | 00,092,031 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2006/03/06 00:12:27 | 00,178,291 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006/01/15 18:18:09 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/24 16:35:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2005/12/24 16:35:42 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2005/12/21 00:10:19 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/20 18:27:43 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/12/20 04:29:50 | 00,114,729 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2005/12/20 04:26:21 | 00,000,692 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/03/09 09:50:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/07 12:32:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/07 12:22:45 | 00,000,313 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/07 12:22:45 | 00,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/07 12:15:13 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/07 12:14:29 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/07 12:14:29 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/07 12:14:29 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 12:01:50 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/03/07 12:01:47 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/03/07 11:54:46 | 00,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/07 11:46:14 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/17 17:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1980/01/01 00:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[1980/01/01 00:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1980/01/01 00:00:00 | 00,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 00,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== Files - Unicode (All) ==========
[2007/02/09 20:58:40 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\My Documents\W?nSxS) -- C:\Documents and Settings\Carl\My Documents\WіnSxS
[2007/02/09 20:58:39 | 00,000,000 | ---D | C](C:\Documents and Settings\Carl\My Documents\W?nSxS) -- C:\Documents and Settings\Carl\My Documents\WіnSxS
[2007/02/03 21:45:24 | 00,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2007/02/03 21:45:24 | 00,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2007/02/02 20:55:52 | 00,000,000 | ---D | M](C:\Program Files\s?stem) -- C:\Program Files\sуstem
[2007/02/02 20:55:52 | 00,000,000 | ---D | M](C:\Program Files\s?stem) -- C:\Program Files\sуstem
[2007/01/27 21:13:58 | 00,000,000 | ---D | M](C:\WINDOWS\System32\??mbols) -- C:\WINDOWS\System32\ѕуmbols
[2007/01/27 21:13:57 | 00,000,000 | ---D | C](C:\WINDOWS\System32\??mbols) -- C:\WINDOWS\System32\ѕуmbols
[2007/01/26 20:53:12 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\My Documents\?ymbols) -- C:\Documents and Settings\Carl\My Documents\ѕymbols
[2007/01/26 20:53:11 | 00,000,000 | ---D | C](C:\Documents and Settings\Carl\My Documents\?ymbols) -- C:\Documents and Settings\Carl\My Documents\ѕymbols
[2007/01/20 22:29:20 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2007/01/20 22:29:20 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2007/01/19 23:08:10 | 00,000,000 | ---D | M](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2007/01/19 23:08:08 | 00,000,000 | ---D | C](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2007/01/18 23:07:22 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2007/01/18 23:07:22 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2007/01/16 23:57:04 | 00,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Тasks
[2007/01/16 23:57:04 | 00,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Тasks
[2007/01/15 23:08:50 | 00,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2007/01/15 23:08:50 | 00,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2007/01/14 22:36:22 | 00,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2007/01/14 22:36:22 | 00,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2007/01/13 22:10:14 | 00,000,000 | ---D | M](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Οracle
[2007/01/13 22:10:12 | 00,000,000 | ---D | C](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Οracle
[2007/01/12 22:38:40 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\My Documents\?ppPatch) -- C:\Documents and Settings\Carl\My Documents\АppPatch
[2007/01/12 22:38:38 | 00,000,000 | ---D | C](C:\Documents and Settings\Carl\My Documents\?ppPatch) -- C:\Documents and Settings\Carl\My Documents\АppPatch
[2007/01/07 21:20:36 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\My Documents\??sembly) -- C:\Documents and Settings\Carl\My Documents\аѕsembly
[2007/01/07 21:20:35 | 00,000,000 | ---D | C](C:\Documents and Settings\Carl\My Documents\??sembly) -- C:\Documents and Settings\Carl\My Documents\аѕsembly
[2007/01/06 21:35:00 | 00,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2007/01/06 21:35:00 | 00,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2006/12/31 23:11:46 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\s?curity) -- C:\Documents and Settings\Carl\Application Data\sеcurity
[2006/12/31 23:11:46 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\s?curity) -- C:\Documents and Settings\Carl\Application Data\sеcurity
[2006/12/30 23:06:08 | 00,000,000 | ---D | M](C:\WINDOWS\??sks) -- C:\WINDOWS\Таsks
[2006/12/30 23:06:06 | 00,000,000 | ---D | C](C:\WINDOWS\??sks) -- C:\WINDOWS\Таsks
[2006/12/29 22:56:52 | 00,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2006/12/29 22:56:52 | 00,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2006/12/23 20:48:08 | 00,000,000 | ---D | M](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2006/12/23 20:48:07 | 00,000,000 | ---D | C](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2006/12/22 21:37:06 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\My Documents\?ymantec) -- C:\Documents and Settings\Carl\My Documents\Ѕymantec
[2006/12/22 21:37:04 | 00,000,000 | ---D | C](C:\Documents and Settings\Carl\My Documents\?ymantec) -- C:\Documents and Settings\Carl\My Documents\Ѕymantec
[2006/12/16 12:38:04 | 00,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2006/12/16 12:38:04 | 00,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2006/12/15 23:18:36 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\??crosoft.NET) -- C:\Documents and Settings\Carl\Application Data\Μіcrosoft.NET
[2006/12/15 23:18:36 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\??crosoft.NET) -- C:\Documents and Settings\Carl\Application Data\Μіcrosoft.NET
[2006/12/08 21:54:12 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\?icrosoft) -- C:\Documents and Settings\Carl\Application Data\Мicrosoft
[2006/12/08 21:54:12 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\?icrosoft) -- C:\Documents and Settings\Carl\Application Data\Мicrosoft
[2006/12/04 00:38:48 | 00,000,000 | ---D | M](C:\WINDOWS\System32\S?mantec) -- C:\WINDOWS\System32\Sуmantec
[2006/12/04 00:38:46 | 00,000,000 | ---D | C](C:\WINDOWS\System32\S?mantec) -- C:\WINDOWS\System32\Sуmantec
[2006/12/03 00:09:26 | 00,000,000 | ---D | M](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2006/12/03 00:09:24 | 00,000,000 | ---D | C](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2006/12/02 00:07:46 | 00,000,000 | ---D | M](C:\Program Files\T?sks) -- C:\Program Files\Tаsks
[2006/12/02 00:07:46 | 00,000,000 | ---D | M](C:\Program Files\T?sks) -- C:\Program Files\Tаsks
[2006/11/25 22:31:56 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2006/11/25 22:31:56 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2006/11/24 22:28:18 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2006/11/24 22:28:18 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2006/11/23 08:40:26 | 00,000,000 | ---D | M](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fоnts
[2006/11/23 08:40:25 | 00,000,000 | ---D | C](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fоnts
[2006/11/18 18:13:00 | 00,000,000 | ---D | M](C:\WINDOWS\System32\?ssembly) -- C:\WINDOWS\System32\аssembly
[2006/11/18 18:12:58 | 00,000,000 | ---D | C](C:\WINDOWS\System32\?ssembly) -- C:\WINDOWS\System32\аssembly
[2006/11/18 18:08:28 | 00,000,000 | ---D | M](C:\WINDOWS\??sks) -- C:\WINDOWS\Τаsks
[2006/11/18 18:08:26 | 00,000,000 | ---D | C](C:\WINDOWS\??sks) -- C:\WINDOWS\Τаsks
[2006/11/18 18:08:06 | 00,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Μicrosoft
[2006/11/18 18:08:05 | 00,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Μicrosoft
(C:\Program Files\T?sks) -- C:\Program Files\Tаsks
(C:\Program Files\s?stem) -- C:\Program Files\sуstem
(C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
(C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
(C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
(C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
(C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
(C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
(C:\Program Files\?racle) -- C:\Program Files\Оracle
(C:\Program Files\?asks) -- C:\Program Files\Тasks
(C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
(C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
(C:\Documents and Settings\Carl\Application Data\s?curity) -- C:\Documents and Settings\Carl\Application Data\sеcurity
(C:\Documents and Settings\Carl\Application Data\?icrosoft) -- C:\Documents and Settings\Carl\Application Data\Мicrosoft
(C:\Documents and Settings\Carl\Application Data\??crosoft.NET) -- C:\Documents and Settings\Carl\Application Data\Μіcrosoft.NET
< End of report >

Minaalyn110908
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-12-20
OS OS : Windows XP
Points Points : 25588
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer massive infection

Post by Minaalyn110908 on Wed Dec 23, 2009 4:10 am

OTL Extras logfile created on: 12/22/2009 10:55:02 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Carl\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 55.00 Mb Available Physical Memory | 14.00% Memory free
1,017.00 Mb Paging File | 772.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.07 Gb Total Space | 1.92 Gb Free Space | 11.25% Space Free | Partition Type: FAT32
Drive D: | 17.24 Gb Total Space | 12.20 Gb Free Space | 70.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-2E68C49B20
Current User Name: Carl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"D:\America Online 9.0\waol.exe" = D:\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1135141983\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1135141983\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1135141983\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1135141983\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"D:\America Online 9.0\waol.exe" = D:\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\ABC\abc.exe" = C:\Program Files\ABC\abc.exe:*:Enabled:abc -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"D:\turbo tax\TurboTax Home & Business 2007\32bit\ttax.exe" = D:\turbo tax\TurboTax Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"D:\turbo tax\TurboTax Home & Business 2007\32bit\updatemgr.exe" = D:\turbo tax\TurboTax Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Program Files\Common Files\aol\1259973095\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1259973095\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Photo Viewer
"{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E86E5246-AA7E-11D4-88C9-00105ADBE398}" = O&O Defrag 2000 Freeware Edition
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.42
"ABC" = ABC (remove only)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Bywifi" = Bywifi 1.10.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker Gold
"InstallShield_{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"LimeWire" = LimeWire PRO 4.12.11
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"mr7910_32bb2befe1e5d1d6012329af0300b36139b7b84a" = Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MySpaceIM" = MySpaceIM
"RealPlayer 6.0" = RealPlayer Basic
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB Driver Vers. 3.2" = USB Driver Vers. 3.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Extras" = Yahoo! Browser Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2009 11:25:51 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/5/2009 11:26:55 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/5/2009 11:27:54 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/5/2009 11:30:47 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/5/2009 11:43:41 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/5/2009 11:43:41 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/12/2009 9:57:16 AM | Computer Name = ACER-2E68C49B20 | Source = Application Hang | ID = 1002
Description = Hanging application CDBak32.exe, version 4.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/23/2009 9:34:21 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2180, fault address 0x000b5afa.

Error - 11/26/2009 8:03:06 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x027ae9e0.

Error - 12/15/2009 7:19:27 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application bywifi.exe, version 1.0.0.1, faulting module
bywifips.dll, version 0.0.0.0, fault address 0x0000b29e.

[ System Events ]
Error - 12/20/2009 4:23:50 PM | Computer Name = ACER-2E68C49B20 | Source = DCOM | ID = 10010
Description = The server {0EF242C6-6ECD-476E-9859-076503985F8E} did not register
with DCOM within the required timeout.

Error - 12/20/2009 5:02:40 PM | Computer Name = ACER-2E68C49B20 | Source = DCOM | ID = 10010
Description = The server {0EF242C6-6ECD-476E-9859-076503985F8E} did not register
with DCOM within the required timeout.

Error - 12/20/2009 9:22:38 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 12/20/2009 9:22:40 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi Lbd redbook

Error - 12/20/2009 9:33:05 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 12/20/2009 9:33:07 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom gagp30kx Imapi Lbd redbook

Error - 12/21/2009 11:54:18 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 12/21/2009 11:54:20 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi Lbd redbook

Error - 12/22/2009 11:26:44 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 12/22/2009 11:26:46 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi Lbd redbook


< End of report >

Minaalyn110908
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-12-20
OS OS : Windows XP
Points Points : 25588
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer massive infection

Post by Belahzur on Wed Dec 23, 2009 7:22 pm

Wow, OTL shows you have a VERY old infection suprising no other scanner picked it up.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 6
    LimeWire PRO 4.12.11
    Viewpoint Media Player

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O20 - Winlogon\Notify\CSCSettings: DllName - C:\WINDOWS\system32\hpj0231mg.dll - C:\WINDOWS\System32\hpj0231mg.dll File not found

    :files
    C:\FOUND.***
    C:\Documents and Settings\Carl\Local Settings\Application Data\gvqjwv

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer massive infection

Post by Minaalyn110908 on Wed Dec 23, 2009 10:34 pm

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings\ deleted successfully.
========== FILES ==========
C:\FOUND.000 folder moved successfully.
C:\FOUND.003 folder moved successfully.
C:\FOUND.002 folder moved successfully.
C:\FOUND.004 folder moved successfully.
C:\FOUND.001 folder moved successfully.
C:\Documents and Settings\Carl\Local Settings\Application Data\gvqjwv folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\Fоnts folder moved successfully.
C:\WINDOWS\ѕеcurity folder moved successfully.
C:\WINDOWS\Τаsks folder moved successfully.
C:\WINDOWS\Таsks folder moved successfully.
C:\WINDOWS\WіnSxS folder moved successfully.
C:\WINDOWS\System32\аѕsembly folder moved successfully.
C:\WINDOWS\System32\Μicrosoft\bak folder moved successfully.
C:\WINDOWS\System32\Μicrosoft\Μicrosoft folder moved successfully.
C:\WINDOWS\System32\Μicrosoft folder moved successfully.
C:\WINDOWS\System32\Οracle folder moved successfully.
C:\WINDOWS\System32\Sуmantec folder moved successfully.
C:\WINDOWS\System32\ѕуmbols folder moved successfully.
C:\Program Files\Оracle folder moved successfully.
C:\Program Files\ѕеcurity folder moved successfully.
C:\Program Files\Ѕуmantec folder moved successfully.
C:\Program Files\sуstem folder moved successfully.
C:\Program Files\Tаsks folder moved successfully.
C:\Program Files\Тasks folder moved successfully.
C:\Program Files\Common Files\Αdobe folder moved successfully.
C:\Program Files\Common Files\Mіcrosoft.NET folder moved successfully.
C:\Program Files\Common Files\sуmbols folder moved successfully.
C:\Program Files\Common Files\ѕуstem folder moved successfully.
C:\Program Files\Common Files\ѕуstem32 folder moved successfully.
C:\Program Files\Common Files\Τаsks folder moved successfully.
C:\Program Files\Common Files\WіnSxS folder moved successfully.
C:\Documents and Settings\Carl\My Documents\АppPatch folder moved successfully.
C:\Documents and Settings\Carl\My Documents\аѕsembly folder moved successfully.
C:\Documents and Settings\Carl\My Documents\Ѕymantec folder moved successfully.
C:\Documents and Settings\Carl\My Documents\ѕymbols folder moved successfully.
C:\Documents and Settings\Carl\My Documents\WіnSxS folder moved successfully.
C:\Documents and Settings\Carl\Application Data\Μіcrosoft.NET folder moved successfully.
C:\Documents and Settings\Carl\Application Data\Мicrosoft folder moved successfully.
C:\Documents and Settings\Carl\Application Data\sеcurity folder moved successfully.

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1147863 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297895 bytes

User: Carl
->Temp folder emptied: 2226732087 bytes
->Temporary Internet Files folder emptied: 8760768 bytes
->Java cache emptied: 130251005 bytes
->FireFox cache emptied: 44874134 bytes
->Apple Safari cache emptied: 209832 bytes

User: Administrator
->Temp folder emptied: 1511 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 864785 bytes
Windows Temp folder emptied: 115751261 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 43389700 bytes

Total Files Cleaned = 2,453.00 mb


OTL by OldTimer - Version 3.1.19.0 log created on 12232009_173043

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\NU4H0GW0\MDk4LjguOS5maC5uei44NS40OTNAQHh6eW92QEBvYm1tQEAtNF85QEB4bG54emhnIHh6eW92IHhsbm5mbXJ4emdybG1oIHNsb3dybXRoICBybXhAQG12Z0BAbWxpZ3N2emhnOzEyMTg1MTI5MjI4NDU7MTs7OzE7NDszNDc3MzQ4OzM0N&r=0 not found!
C:\WINDOWS\temp\Perflib_Perfdata_d4.dat moved successfully.

Registry entries deleted on Reboot...

Minaalyn110908
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-12-20
OS OS : Windows XP
Points Points : 25588
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer massive infection

Post by Minaalyn110908 on Wed Dec 23, 2009 10:47 pm

there was a file that on the desktop called thumbs.db

whats that?

Minaalyn110908
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-12-20
OS OS : Windows XP
Points Points : 25588
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer massive infection

Post by Belahzur on Wed Dec 23, 2009 11:36 pm

Delete that file, not sure where it came from.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer massive infection

Post by Minaalyn110908 on Thu Dec 24, 2009 4:26 am

Done whats next?

Minaalyn110908
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-12-20
OS OS : Windows XP
Points Points : 25588
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer massive infection

Post by Belahzur on Thu Dec 24, 2009 5:09 pm

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer massive infection

Post by Itachi21 on Thu Dec 24, 2009 6:01 pm

It's running fine. Thanks once again for the help Belahzur!

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31879
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum